
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
An OpenAPI SDK generator with very strong type guarantees and minimal boilerplate.
npm i -D abaca-cli
generate command (or g for short) to create a TypeScript SDK from
an OpenAPI specification file, typically from an npm script:abaca g resources/openapi.yaml -o src/sdk.gen.ts
import {createSdk} from './sdk.gen.js';
const sdk = createSdk(/* Optional configuration */);
const res = await sdk.someOperation(/* Request body, parameters, ... */);
switch (res.code) {
case 200:
doSomething(res.body); // Narrowed response body
break;
// ...
}
Take a look at the repository's README for more information, examples, and extensions (e.g. Koa integrations).
Abaca checks request types and narrows response types extensively. This section describes the major components and highlights common patterns.
const res = await sdk.doSomething({
headers: {
'content-type': 'application/json', // 1
accept: 'application/json', // 2
},
params: {/* ... */}, // 3
body: {/* ... */}, // 4
options: {/* ... */}, // 5
});
if (res.code === 200) { // 6
return res.body; // 7
}
content-type header (or, if omitted, the SDK's default) must match one
of the operation's request body's mime types. The type of the request's body
automatically reflects this value.accept header (or, if omitted, the SDK's default) must match one of the
operation's response mime types. The type of the response automatically
reflects this value.parameters (query, path, and headers) must have the expected
type and be present if required.body can only be specified if the operation expects one and
must be present if required. Its type must be valid for the operation and
chosen content-type.fetch
implementation.2XX, ...).accept header and
response code.Abaca automatically type checks each request's body against its 'content-type'
header. In the common case where the header is omitted, the SDK's default is
used (application/json, unless overridden). For example, using the
uploadTable operation defined here, its body should by default
contain a Table:
await sdk.uploadTable({
headers: {'content-type': 'application/json'}, // Can be omitted
params: {id: 'my-id'},
body: {/* ... */}, // Expected type: `Table`
});
Switching to CSV will automatically change the body's expected type:
await sdk.uploadTable({
headers: {'content-type': 'text/csv'}, // Different content-type
params: {id: 'my-id'},
body: '...', // Expected type: `string`
});
Additionally the 'content-type' header is statically checked to match one of
the defined body types. It also can be auto-completed in compatible editors:
await sdk.uploadTable({
headers: {'content-type': 'application/xml'}, // Compile time error
params: {id: 'my-id'},
});
Abaca automatically narrows the types of responses according to the response's
code and request's 'accept' header. When the header is omitted, it uses the
SDK's default (similar to request typing above, defaulting to
application/json;q=1, text/*;q=0.5). For example, using the downloadTable
operation defined here:
const res = await sdk.downloadTable({params: {id: 'my-id'}});
switch (res.code) {
case 200:
res.body; // Narrowed type: `Table`
break;
case 404:
res.body; // Narrowed type: `undefined`
break;
}
Setting the accept header to CSV updates the response's type accordingly:
const res = await sdk.downloadTable({
headers: {accept: 'text/csv'},
params: {id: 'my-id'},
});
switch (res.code) {
case 200:
res.body; // Narrowed type: `string`
break;
case 404:
res.body; // Narrowed type: `undefined`
break;
}
Wildcards are also supported. In this case the returned type will be the union of all possible response values:
const res = await sdk.downloadTable({
params: {id: 'my-id'},
headers: {accept: '*/*'},
});
if (res.code === 200) {
res.body; // Narrowed type: `Table | string`
}
Finally, the accept header itself is type-checked (and auto-completable):
const res = await sdk.downloadTable({
params: {id: 'my-id'},
headers: {
// Valid examples:
accept: 'application/json',
accept: 'application/*',
accept: 'text/csv',
accept: 'text/*',
accept: '*/*',
// Invalid examples:
accept: 'application/xml',
accept: 'text/plain',
accept: 'image/*',
},
});
fetch implementationThe fetch SDK creation option allows swapping the underlying fetch
implementation. SDK method typings will automatically be updated to accept any
additional arguments it supports. For example to use
node-fetch:
import fetch from 'node-fetch'
const nodeFetchSdk = createSdk({fetch, /** Other options... */});
await nodeFetchSdk.uploadTable({
options: {
compress: true, // OK: `node-fetch` argument
},
// ...
});
const fetchSdk = createSdk();
await fetchSdk.uploadTable({
options: {
compress: true, // Type error: default `fetch` does not support `compress`
},
})
const sdk = createSdk();
const res = await sdk.runSomeOperation({
params: {/* ... */}, // Checked
body: {/* ... */}, // Checked
headers: {
accept: 'application/json', // Checked (and optional)
'content-type': 'application/json', // Checked (and optional)
},
});
switch (res.code) {
case 200:
res.body; // Narrowed (based on code and `accept` header)
// ...
}
FAQs
OpenAPI SDK generator with strong type guarantees and minimal boilerplate
The npm package abaca-cli receives a total of 1 weekly downloads. As such, abaca-cli popularity was classified as not popular.
We found that abaca-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.