Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign hits npm.
By Socket Research Team -  Nov 24, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
@telus/colophon-schema
Advanced tools
Colophon Schema
Schema & Validator for Colophon
Schema Specification
Versions
| # | status |
|---|---|
3.0 | stable |
2.0 | stable |
1.1 | deprecated |
1.0 | deprecated |
see an example of this repo's own
.colophon.yml...
Install
Available as an npm package for validation purposes, exposes validation helper, and the schema itself (compatible with any JSON Schema validation tool)
npm install @colophon/schema
Usage
const parser = require('@colophon/schema')
const { schema, regex } = require('@colophon/schema/versions/latest')
Referencing older versions
const schemas = require('@colophon/schema/versions')
const { schema, regex } = schemas['1.0']
API
parser(colophon: String | Object): Promise<Object>
Resolves with
contentas a valid JavaScript Colophon Object Rejects withColophonErroron invalid schema test
Example: Valid Colophon
const parser = require('@colophon/schema')
const valid = { ... } // supply an Object or YAML String
const colophon = await parser(valid)
// colophon is a JavaScript Object (parsed from YAML string, or returned as is)
Example: Invalid Colophon
const parser = require('@colophon/schema')
// invalid
const invalid = `
version: 2.0 // or version 3.0
id: my-app
`
parser(invalid)
.then(colophon)
.catch(err => console.error(err.message, err.errors))
// invalid colophon content
// "err.errors" object contains schema errors
// e.g. "err.errors": [ { message: "should have required property 'contacts'" } ]
// see https://github.com/epoberezkin/ajv#validation-errors for details
}
Credits
- Original Idea: @crimeminister
- Name: @andrewkumar
Author: Ahmad Nassri • Github: @project-colophon • Twitter: @ColophonID
FAQs
Fork of Schema & Validator for https://colophon.id
The npm package @telus/colophon-schema receives a total of 5 weekly downloads. As such, @telus/colophon-schema popularity was classified as not popular.
We found that @telus/colophon-schema demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 22 open source maintainers collaborating on the project.
Package last updated on 31 Jan 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025