Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoplight/spectral
Advanced tools
A flexible object linter with out of the box support for OpenAPI v2 and v3.
A flexible JSON/YAML linter, with out of the box support for OpenAPI v2/v3 and AsyncAPI v2.
Spectral is 100% free and open-source, under Apache License 2.0.
npm install -g @stoplight/spectral
# OR
yarn global add @stoplight/spectral
Find more installation methods in our documentation.
This package is Treeware so if you would like to thank us for creating it, we ask that you buy the world a tree.
Take a look at our getting started documentation, then peek through some of our guides:
Ajv is a JSON Schema validator, and Spectral is a JSON/YAML linter. Instead of just validating against JSON Schema, it can be used to write rules for any sort of JSON/YAML object, which could be JSON Schema, or OpenAPI, or anything similar. Spectral does expose a schema
function that you can use in your rules to validate all or part of the target object with JSON Schema (we even use Ajv used under the hood for this), but that's just one of many functions.
No problem! A hosted version of Spectral comes free with the Stoplight platform. Sign up for a free account here.
Speccy was a great inspiration for Spectral, but was designed to work only with OpenAPI v3. Spectral can apply rules to any JSON/YAML object (including OpenAPI v2/v3 and AsyncAPI). It's mostly been abandoned now, and is JavaScript not TypeScript.
If you are interested in contributing to Spectral, check out CONTRIBUTING.md.
If you need help using Spectral or have a support question, please use the Stoplight Community forum. We've created an open source category for these questions. It's also a great place to share your implementations.
If you have a bug or feature request, please create an issue.
If you want to discuss something in private, you can reach out to Stoplight support at support@stoplight.io.
[5.5.0] - 2020-08-25
documentationUrl
property to specify the source of the documentation #1242operation-paramaters
rule outputs better messages #1235FAQs
[![Demo of Spectral linting an OpenAPI document from the CLI](./docs/img/readme-header.svg)](https://stoplight.io/api-governance?utm_source=github&utm_medium=spectral&utm_campaign=readme) [![CircleCI](https://img.shields.io/circleci/build/github/stoplight
The npm package @stoplight/spectral receives a total of 26,727 weekly downloads. As such, @stoplight/spectral popularity was classified as popular.
We found that @stoplight/spectral demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 34 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.