Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@zapier/spectral-api-ruleset

Package Overview
Dependencies
Maintainers
0
Versions
19
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@zapier/spectral-api-ruleset

Spectral ruleset for Zapier API Guidelines.

  • 1.2.0
  • npm
  • Socket score

Version published
Maintainers
0
Created
Source

@zapier/spectral-api-ruleset

Node package for linting API schemas using Spectral.

OwnershipFeaturesInstallationUsageDevelopmentTesting


Ownership

#team-staff-engineering owns the API Design Guidelines and these spectral rules that help teams align with them.

MRs are always welcome!

Features

Provides a Spectral linting ruleset to lint OpenAPI schemas against Zapier's API Design Guidelines.

Installation

pnpm add -D @stoplight/spectral-cli
pnpm add -D @zapier/spectral-api-ruleset

For some reason, installing the CLI globally and running spectral lint or npx spectral lint always fails to find the package. Adding the CLI as a local dependency and then running pnpm exec spectral lint does work.

Usage

CLI

There are a few ways you can use this ruleset in your projects.

You can load the ruleset in a few different ways with Spectral.

They support direct http access, via NPM, and via the local file system.

If you'd like to extend the ruleset and and even more specific rules for your API service, you can create a local spectral.yaml that extends the ruleset:

extends:
  - '@zapier/spectral-api-ruleset'

Then run:

spectral lint your-schema.yaml --ruleset .spectral.yaml

or

pnpm exec spectral lint your-schema.yaml --ruleset .spectral.yaml

or

spectral lint your-schema.yaml --ruleset https://unpkg.com/@zapier/spectral-api-ruleset@{VERSION}/.spectral.yaml

depending on whether you installed the CLI locally or globally.

See the Spectral CLI docs for more details.

CI

Use a GitLab job like the following:

openapi:lint:
  stage: validate
  before_script:
    - mkdir spectral
  script:
    - pnpm exec spectral lint your-schema.yaml -o spectral/junit.xml -f junit
  artifacts:
    when: always
    paths:
      - spectral
    reports:
      junit: spectral/junit.xml

For non-TypeScript projects, you can use the spectral docker image to avoid installing additional dependencies.

openapi:lint:
  stage: test
  image:
    name: stoplight/spectral:6.11.0
    entrypoint: [""]
  script:
    - spectral lint openapi.yaml
  only:
    - merge_requests

See Continuous Integration docs and our own openapi:lint guideance in the Engineering Index for more details.

Development

Setup

  1. Install dependencies:
pnpm install
  1. Run tests:
pnpm test
  1. Build the package:
pnpm run build
  1. Validate the package:
pnpm run validate

Adding Rules

You can add rules to .spectral.yaml. See the Rules docs for details.

  • Provide the correct severity (error for minimal OpenAPI standard compliance, warn for "shoulds" for existing and new APIs, info for "where we want NEW APIs to be").
  • Provide a clear description, as well as a documentationUrl that points to the relevant guide or guide section.
  • Provide a message, which in most cases should just be {{error}}.
  • Prefer Core Functions over Custom Functions.
  • Include unit test(s) in tests/spectral.test.ts for all new rules.

Testing

This project uses Vitest for testing. To run the tests:

pnpm test

Publishing

GitLab CI will automatically publish the package to NPM when a merge request is merged into the main branch. Be sure to update the package version in package.json accordingly before merging.

FAQs

Package last updated on 15 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc