Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
api-contract-validator
Advanced tools
Readme
This plugin for assertion libraries is for validating API response schemas against Swagger/OpenAPI definition.
Using the plugin is easy. Simply point the plugin to your API definitions file path and add one line to your integration test to validate that your application adheres to its design contract.
axios
, superagent
, supertest
, request
and light-my-request
(used by fastify
)The api-contract-validator transforms your API definition into a json-schema based on the provided API documentation file. Then whenever the matchApiSchema
assertion is called, it automatically extracts the method, path and status code from the response object returned by the API request that you invoked and validates the response object. Both the response headers and body are validated.
Installation
> npm i --save-dev api-contract-validator
const matchApiSchema = require('api-contract-validator').chaiPlugin;
const path = require('path');
const { expect, use } = require('chai');
// API definitions path
const apiDefinitionsPath = path.join(__dirname, 'myApp.yaml');
// add as chai plugin
use(matchApiSchema({ apiDefinitionsPath }));
it('GET /pets/123', async () => {
const response = await request.get('/pet/123');
expect(response).to.have.status(200).and.to.matchApiSchema();
// alternatively pass
const { statusCode, headers, body } = response
expect({
path: '/pet/123',
method: 'get',
status: statusCode,
body: body,
headers: headers,
}).to.have.status(200).and.to.matchApiSchema();
})
const matchApiSchema = require('api-contract-validator').shouldPlugin;
// API definitions path
const apiDefinitionsPath = path.join(__dirname, 'myApp.yaml');
// add as should plugin
matchApiSchema(should, { apiDefinitionsPath });
it('GET /pets/123', async () => {
const response = await request.get('/pet/123');
should(response).have.status(200).and.matchApiSchema();
})
const matchApiSchema = require('api-contract-validator').jestPlugin;
// API definitions path
const apiDefinitionsPath = path.join(__dirname, 'myApp.yaml');
// add as jest plugin
matchApiSchema({ apiDefinitionsPath });
it('GET /pets/123', async () => {
const response = await request.get('/pet/123');
expect(response).toHaveStatus(200);
expect(response).toMatchApiSchema();
})
use apiDefinitionsPath option with an array of files paths
const apiDefinitionsPath = [path.join(__dirname, 'myApp.yaml'), path.join(__dirname, 'myApp2.yaml')];
AssertionError: expected response to match API schema
+ expected - actual
{
"body": {
- "age": -1
+ "age": "should be >= 0"
+ "name": "should have required property"
}
"headers": {
- "x-expires-after": []
- "x-rate-limit": -5
+ "x-expires-after": "should be string"
+ "x-rate-limit": "should be >= 0"
}
}
By providing in the plugin options, the flag reportCoverage:true
, the plugin generates a report of all uncovered API definitions.
use(matchApiSchema({
apiDefinitionsPath,
reportCoverage: true
}));
* API definitions coverage report *
Uncovered API definitions found:
*ROUTE* | *METHOD* | *STATUSES*
/v2/pet | POST | 405
/v2/pet | PUT | 400,404,405
/v2/pet/findByStatus | GET | 200,400
/v2/pet/findByTags | GET | 200,400
/v2/pet/:petId | GET | 400,404
/v2/pet/:petId | POST | 405
/v2/pet/:petId | DELETE | 400,404
/v2/pet/:petId/uploadImage | POST | 200
When providing exportCoverage: true
a coverage.json
file will be created in your cwd with following structure:
use(matchApiSchema({
apiDefinitionsPath,
exportCoverage: true
}));
coverage.json:
[{"route":"/v2/pet","method":"POST","statuses":"405"},
{"route":"/v2/pet","method":"PUT","statuses":"400,404,405"},
{"route":"/v2/pet/:petId","method":"GET","statuses":"200"},
{"route":"/v2/pet/:petId","method":"POST","statuses":"405"},
{"route":"/v2/pet/:petId","method":"DELETE","statuses":"404"}]
* When using request-promise resolveWithFullResponse:true
must be added to the request options, in order to properly extract the request details
FAQs
Plugin for validating API schemas from API documentation
The npm package api-contract-validator receives a total of 16,829 weekly downloads. As such, api-contract-validator popularity was classified as popular.
We found that api-contract-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.