Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@stoplight/spectral

Package Overview
Dependencies
Maintainers
14
Versions
107
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@stoplight/spectral

A flexible object linter with out of the box support for OpenAPI v2 and v3.

  • 4.0.0-beta.6
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
27K
increased by12.61%
Maintainers
14
Weekly downloads
 
Created
Source

Spectral logo

Test Coverage Maintainability

A flexible JSON object linter with out of the box support for OpenAPI v2 and v3

Features

  • Create custom rules to lint any JSON object
  • Use JSON paths to apply rules / functions to specific parts of your JSON objects
  • Built-in set of functions to help build custom rulesets. Functions include pattern checks, parameter checks, alphabetical ordering, a specified number of characters, provided keys are present in an object, etc
  • Default ready to use rules and functions to validate and lint OpenAPI v2 and v3 documents
  • Validate JSON with Ajv

Installation

Local Installation

npm install @stoplight/spectral

Global Installation

npm install -g @stoplight/spectral

Supports Node v8.3+.

Executable binaries

For users without Node and/or NPM/Yarn, we provide standalone packages for all major platforms. We also provide a shell script to auto download the executable based on your operating system:

curl -L https://raw.githack.com/stoplightio/spectral/master/install.sh | sh

Note, the binaries are not auto-updatable, therefore you will need to download a new version on your own.

Installing binaries system-wide
Linux
sudo mv ./spectral-linux /usr/local/bin/spectral

You may need to restart your terminal. Now, spectral command will be accessible in your terminal.

Head over to releases for the latest binaries.

Docker

docker run --rm -it stoplight/spectral lint "${URL}"`

Usage

CLI

Spectral can be run via the command-line:

spectral lint petstore.yaml

Other options include:

  -c, --config=config          path to a config file
  -e, --encoding=encoding      text encoding to use
  -f, --format=json|stylish    formatter to use for outputting results
  -h, --help                   show CLI help
  -o, --output=output          output to a file instead of stdout
  -q, --quiet                  no logging - output only
  -r, --ruleset=ruleset        path to a ruleset file (supports remote files)
  -s, --skip-rule=skip-rule    ignore certain rules if they are causing trouble
  -v, --verbose                increase verbosity
  --max-results=max-results    [default: all] maximum results to show

Note: The Spectral CLI supports both YAML and JSON.

Currently, Spectral CLI supports validation of OpenAPI documents and lints them based on our default ruleset, or you can provide your own rulesets.

Concepts

There are three key concepts in Spectral: Rulesets, Rules and Functions.

  • Ruleset is a container for a collection of rules and functions.
  • Rule filters your object down to a set of target values, and specify the function that should evaluate those values.
  • Function accept a value and return issue(s) if the value is incorrect.

Think of a set of rules and functions as a flexible and customizable style guide for your JSON objects.

Config

Spectral CLI supports config files, to avoid typing out CLI options and arguments every single time.

Programmatic usage

Spectral is written in TypeScript (JavaScript) and can be used directly for when you need to use Spectral programmatically. Take a look at our "JavaScript API documentation".

FAQs

How is this different than Ajv?

Ajv is a popular JavaScript JSON Schema validator, but it is not a linter. Validators just check if something is technically correct, but a linter goes a step further than that and programmatically applies opinions, which is what style guide really is.

Spectral uses AJV to expose a schema function, which you can use in your rules to validate all or part of the target object with JSON Schema. Spectral also provides a number of other functions and utilities that you can use to build up a linting ruleset to validates things that JSON Schema is not well suited for.

I want to lint my OpenAPI documents but don't want to implement Spectral right now.

No problem! A hosted version of Spectral comes free with the Stoplight platform. Sign up for a free account here.

What is the difference between Spectral and Speccy?

With Spectral, lint rules can be applied to any JSON object. Speccy is designed to work with OpenAPI v3 only. The rule structure is different between the two. Spectral uses JSONPath path parameters instead of the object parameters (which are OpenAPI specific), so you can write rulesets for AsyncAPI, standalone JSON Schema, whatever you like.

Contributing

If you are interested in contributing to Spectral itself, check out our contributing docs to get started.

Also, most of the interesting projects are built with Spectral. Please consider using Spectral in a project or contribute to an existing one.

If you are using Spectral in your project and want to be listed in the examples section, we encourage you to open an issue.

Example Implementations

  • JSONPath Online Evaluator, a helpful tool to determine what path you want
  • stoplightio/json, a library of useful functions for when working with JSON
  • stoplightio/yaml, a library of useful functions for when working with YAML, including parsing YAML into JSON, and a few helper functions such as getJsonPathForPosition or getLocationForJsonPath

Thanks :)

Support

If you have a bug or feature request, please open an issue here.

If you need help using Spectral or have a support question, please use the Stoplight Community forum. We've created an open source category for these questions. It's also a great place to share your implementations.

If you want to discuss something in private, you can reach out to Stoplight support at support@stoplight.io.

Keywords

FAQs

Package last updated on 05 Jul 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc