Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
An API Blueprint renderer that supports multiple themes and outputs static HTML that can be served by any web host. API Blueprint is a Markdown-based document format that lets you write API descriptions and documentation in a simple and straightforward way. Currently supported is API Blueprint format 1A.
aglio -i service.apib -o api.html
aglio -i service.apib --server
require('aglio')
Example output is generated from the example API Blueprint using the default Olio theme.
It is possible to include other files in your blueprint by using a special include directive with a path to the included file relative to the current file's directory. Included files can be written in API Blueprint, Markdown or HTML (or JSON for response examples). Included files can include other files, so be careful of circular references.
<!-- include(filename.md) -->
For tools that do not support this include directive it will just render out as an HTML comment. API Blueprint may support its own mechanism of including files in the future, and this syntax was chosen to not interfere with the external documents proposal while allowing aglio
users to include documents today.
There are three ways to use aglio: as an executable, in a docker container or as a library for Node.js.
Install aglio via NPM. You need Node.js installed and you may need to use sudo
to install globally:
npm install -g aglio
Then, start generating HTML.
# Default theme
aglio -i input.apib -o output.html
# Use three-column layout
aglio -i input.apib --theme-template triple -o output.html
# Built-in color scheme
aglio --theme-variables slate -i input.apib -o output.html
# Customize a built-in style
aglio --theme-style default --theme-style ./my-style.less -i input.apib -o output.html
# Custom layout template
aglio --theme-template /path/to/template.jade -i input.apib -o output.html
# Custom theme engine
aglio -t my-engine -i input.apib -o output.html
# Run a live preview server on http://localhost:3000/
aglio -i input.apib -s
# Print output to terminal (useful for piping)
aglio -i input.apib -o -
# Disable condensing navigation links
aglio --no-theme-condense -i input.apib -o output.html
# Render full-width page instead of fixed max width
aglio --theme-full-width -i input.apib -o output.html
# Set an explicit file include path and read from stdin
aglio --include-path /path/to/includes -i - -o output.html
# Output verbose error information with stack traces
aglio -i input.apib -o output.html --verbose
You can choose to use the provided Dockerfile
to build yourself a repeatable and testable environment:
docker build -t aglio .
docker run -t aglio
You can use the -v
switch to dynamically mount the folder that holds your API blueprint:docker run -v $(pwd):/tmp -t aglio -i /tmp/input.apib -o /tmp/output.html
You can also use aglio as a library. First, install and save it as a dependency:
npm install --save aglio
Then, convert some API Blueprint to HTML:
var aglio = require('aglio');
// Render a blueprint with a template by name
var blueprint = '# Some API Blueprint string';
var options = {
themeVariables: 'default'
};
aglio.render(blueprint, options, function (err, html, warnings) {
if (err) return console.log(err);
if (warnings) console.log(warnings);
console.log(html);
});
// Render a blueprint with a custom template file
options = {
themeTemplate: '/path/to/my-template.jade'
};
aglio.render(blueprint, options, function (err, html, warnings) {
if (err) return console.log(err);
if (warnings) console.log(warnings);
console.log(html);
});
// Pass custom locals along to the template, for example
// the following gives templates access to lodash and async
options = {
themeTemplate: '/path/to/my-template.jade',
locals: {
_: require('lodash'),
async: require('async')
}
};
aglio.render(blueprint, options, function (err, html, warnings) {
if (err) return console.log(err);
if (warnings) console.log(warnings);
console.log(html);
});
The following methods are available from the aglio
library:
Get a list of paths that are included in the blueprint. This list can be watched for changes to do things like live reload. The blueprint's own path is not included.
var blueprint = '# GET /foo\n<-- include(example.json -->\n';
var watchPaths = aglio.collectPathsSync(blueprint, process.cwd())
Render an API Blueprint string and pass the generated HTML to the callback. The options
can either be an object of options or a simple layout name or file path string. Available options are:
Option | Type | Default | Description |
---|---|---|---|
filterInput | bool | true | Filter \r and \t from the input |
includePath | string | process.cwd() | Base directory for relative includes |
locals | object | {} | Extra locals to pass to templates |
theme | string | 'default' | Theme name to load for rendering |
In addition, the default theme provides the following options:
Option | Type | Default | Description |
---|---|---|---|
themeVariables | string | default | Built-in color scheme or path to LESS or CSS |
themeCondenseNav | bool | true | Condense single-action navigation links |
themeFullWidth | bool | false | Use the full page width |
themeTemplate | string | Layout name or path to custom layout file | |
themeStyle | string | default | Built-in style name or path to LESS or CSS |
var blueprint = '...';
var options = {
themeTemplate: 'default',
locals: {
myVariable: 125
}
};
alio.render(blueprint, options, function (err, html, warnings) {
if (err) return console.log(err);
console.log(html);
});
Render an API Blueprint file and save the HTML to another file. The input/output file arguments are file paths. The options behaves the same as above for aglio.render
, except that the options.includePath
defaults to the basename of the input filename.
aglio.renderFile('/tmp/input.apib', '/tmp/output.html', options, function (err, warnings) {
if (err) return console.log(err);
if (warnings) console.log(warnings);
});
Pull requests are encouraged! Feel free to fork and hack away, especially on new themes. The build system in use is Grunt, so make sure you have it installed:
npm install -g grunt-cli
Then you can build the source and run the tests:
# Lint/compile the Coffeescript
grunt
# Run the test suite
grunt test
# Generate an HTML test coverage report
grunt coverage
# Render examples
grunt examples
Aglio is split into two components: a base that contains logic for loading API Blueprint, handling commandline arguments, etc and a theme engine that handles turning the API Blueprint AST into HTML. The default theme engine that ships with Aglio is called olio. Templates are written in Jade, with support for inline Coffeescript, LESS and Stylus via filters. The default stylesheets are written in LESS.
While developing customizations, you may want to disable caching using the NOCACHE
environment variable.
NOCACHE=1 aglio -i input.apib [customization options]
Aglio's default theme provides a way to easily override colors, fonts, padding, etc to match your company's style. This is done by providing your own LESS or CSS file(s) via the --theme-variables
and --theme-style
options. For example:
# Use my custom colors
aglio --theme-variables /path/to/my-colors.less -i input.apib -o output.html
The my-variables.less
file might contain a custom HTTP PUT color specification:
/* HTTP PUT */
@put-color: #f0ad4e;
@put-background-color: #fcf8e3;
@put-text-color: contrast(@put-background-color);
@put-border-color: darken(spin(@put-background-color, -10), 5%);
See the default variables file for examples of which variables can be set.
The --theme-style
option lets you override built-in styles with your own LESS or CSS definitions. It is processed after the variables have been defined, so the variables are available for your use. If you wish to modify a rule from an existing built-in style then you must copy the style. The order of loading roughly follows:
Note that these options can be passed more than once, in which case they will be loaded in the order they were passed. This lets you, for example, load a variable preset like flatly
and modify one of the colors with your own LESS file. Keep in mind that when you want to modify a built-in style you must explicitly list the style, e.g. --theme-style default --theme-style my-style.less
.
cyborg
default
flatly
slate
default
The --theme-template
option allows you to provide a custom layout template that overrides the default. This is specified in the form of a Jade template file. See the default template file for an example.
The locals available to templates look like the following:
Name | Description |
---|---|
api | The API Blueprint AST from Protagonist |
condenseNav | If true, you should condense the nav if possible |
date | Date and time handling from Moment.js |
fullWidth | If true, you should consume the entire page width |
highlight | A function (code , lang ) to highlight a piece of code |
markdown | A function to convert Markdown strings to HTML |
slug | A function to convert a string to a slug usable as an ID |
hash | A function to return an hash (currently MD5) |
default
While Aglio ships with a default theme, you have the option of installing and using third-party theme engines. They may use any technology and are not limited to Jade and LESS. Consult the theme's documentation to see which options are available and how to use and customize the theme. Common usage between all themes:
# Install a custom theme engine globally
npm install -g aglio-theme-<NAME>
# Render using a custom theme engine
aglio -t <NAME> -i input.apib -o output.html
# Get a list of all options for a theme
aglio -t <NAME> --help
Theme engines are simply Node.js modules that provide two public functions and follow a specific naming scheme (aglio-theme-NAME
). Because they are their own npm package they can use whatever technologies the theme engine author wishes. The only hard requirement is to provide these two public functions:
getConfig()
Returns configuration information about the theme, such as the API Blueprint format that is supported and any options the theme provides.
render(input, options, done)
Render the given input API Blueprint AST with the given options. Calls done(err, html)
when finished, either passing an error or the rendered HTML output as a string.
The following is a very simple example theme. Note: it only returns a very simple string instead of rending out the API Blueprint AST. Normally you would invoke a template engine and output the resulting HTML that is generated.
// Get the theme's configuration options
exports.getConfig = function () {
return {
// This is a list of all supported API Blueprint format versions
formats: ['1A'],
// This is a list of all options your theme accepts. See
// here for more: https://github.com/bcoe/yargs#readme
// Note: These get prefixed with `theme` when you access
// them in the options object later!
options: [
{
name: 'name',
description: 'Your name',
default: 'world'
}
]
};
}
// Asyncronously render out a string
exports.render = function (input, options, done) {
// Normally you would use some template engine here.
// To keep this code really simple, we just print
// out a string and ignore the API Blueprint.
done(null, 'Hello, ' + options.themeName + '!');
};
Example use:
# Install the theme globally
npm install -g aglio-theme-hello
# Render some output!
aglio -t hello -i example.apib -o -
=> 'Hello, world!'
# Pass in the custom theme option!
aglio -t hello --theme-name Daniel -i example.apib -o -
=> 'Hello, Daniel!'
You are free to use whatever template system (Jade, EJS, Nunjucks, etc) and any supporting libraries (e.g. for CSS) you like.
Copyright (c) 2016 Daniel G. Taylor
FAQs
An API Blueprint renderer with theme support
The npm package aglio receives a total of 3,321 weekly downloads. As such, aglio popularity was classified as popular.
We found that aglio demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.