Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@useoptic/cli
Advanced tools
API CLI from Optic. Document and test your APIs as you build them.
Try Optic • Document APIs • Detect Changes • Optic GitBot • Contributing License
Similar to
git init
Install Optic with npm or yarn"
yarn add global @useoptic/cli
npm install @useoptic/cli -g
Then run init command:
## Navigate to your API project directory
api init
Set up aliases for the commands your team runs when building the API in optic.yml
ie npm start
-> api start
ie newman run mycollection.json
-> api run postman-tests
name: My API
tasks:
start:
command: npm start
inboundUrl: http://localhost:4000
postman-tests:
command: newman run mycollection.json
usesTask: http://localhost:4000
How does Optic monitor local traffic? Whenever you start your API or run tests using Optic's CLI, it will observe your traffic and surface API diffs. All of this processing is done locally, in the background, by a Rust binary built from the open source code in this repository.
Similar to
git add
Once you add Optic to your API, hit it with some traffic, and document your first endpoints.
You just have to provide Optic with your API paths, and it will document every status code, response body, and request body automatically based on its observations.
You don't have to worry about hitting every possible request/response your first go -- Optic isn't "one-shot", it builds your spec up incrementally as it makes more observations about your API's behavior. For example, if Optic sees a 200
for an endpoint, and later sees a 400
for the same endpoint, it will help you add the new response.
api start
[optic] Starting My API API on Port: 3005, with npm run server-start
Similar to
git status
While you develop your API and run tests locally, Optic diffs the traffic to find new endpoints, or changes to existing endpoints. These API diffs are listed when you run api status
:
Similar to staging changes
When Optic detects an API diff, it helps you:
Similar to GitHub's compare page, but for API changes
The Optic GitBot adds an API Changelog during Code Review, so your team understands how the API will change when each PR is merged.
🚦 Prevent Breaking Changes
Discover breaking changes before they're merged. Request compatible changes in code review, or coordinate the breaking changes with consumers.
🔎 API First
Adding explicit API changelogs in PRs facilitates discussion and leads to better API design. It's also a great way to make sure unintended API changes don't get deployed.
✅ Updated Docs
No more doc drift. When you approve an API change Optic also updates the specification.
Read our about Aidan + Dev's vision for the space Read: Git for APIs
Listen to Optic on Software Engineering Daily
Read API Evangelist on Optic Automatically Generate OpenAPI For Your APIs Just By Using Them
Want to help us design the next features? Book Maintainer Office Hours
MIT
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
API CLI from Optic. Document and test your APIs as you build them.
The npm package @useoptic/cli receives a total of 9 weekly downloads. As such, @useoptic/cli popularity was classified as not popular.
We found that @useoptic/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.