Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoplight/spectral
Advanced tools
A flexible object linter with out of the box support for OpenAPI v2 and v3.
A flexible JSON/YAML linter, with out of the box support for OpenAPI v2 and v3.
npm install -g @stoplight/spectral
# OR
yarn global add @stoplight/spectral
For more installation options, see Getting Started > Installation
After installation take a look at our getting started documentation.
Ajv is a JSON Schema validator, and Spectral is a JSON/YAML linter. Instead of just validating against JSON Schema, it can be used to write rules for any sort of JSON/YAML object, which could be JSON Schema, or OpenAPI, or anything similar. Spectral does expose a schema
function that you can use in your rules to validate all or part of the target object with JSON Schema (we even use Ajv used under the hood for this), but that's just one of many functions.
No problem! A hosted version of Spectral comes free with the Stoplight platform. Sign up for a free account here.
Speccy was a great inspiration for Spectral, but was designed to work only with OpenAPI v3. Spectral can apply rules to any JSON/YAML object (including OpenAPI v2 and v3) through the use of JSONPath given
parameters. Some rule types have been enhanced to be a little more flexible along with being able to create your own rules based on the built-in functions, and we've added the ability to define custom functions too.
If you are interested in contributing to Spectral itself, check out our contributing docs to get started.
If you are using Spectral in your project and want to be listed in the examples section, we encourage you to open an issue.
given
path you wantgetJsonPathForPosition
or getLocationForJsonPath
If you have a bug or feature request, please create an issue.
If you need help using Spectral or have a support question, please use the Stoplight Community forum. We've created an open source category for these questions. It's also a great place to share your implementations.
If you want to discuss something in private, you can reach out to Stoplight support at support@stoplight.io.
FAQs
[![Demo of Spectral linting an OpenAPI document from the CLI](./docs/img/readme-header.svg)](https://stoplight.io/api-governance?utm_source=github&utm_medium=spectral&utm_campaign=readme) [![CircleCI](https://img.shields.io/circleci/build/github/stoplight
The npm package @stoplight/spectral receives a total of 26,727 weekly downloads. As such, @stoplight/spectral popularity was classified as popular.
We found that @stoplight/spectral demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 34 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.