Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
json-schema-deref-sync
Advanced tools
The json-schema-deref-sync npm package is used to dereference JSON schemas. It resolves all $ref pointers in a JSON schema synchronously, making it easier to work with complex schemas that have multiple references.
Dereferencing JSON Schema
This feature allows you to dereference a JSON schema, resolving all $ref pointers. The code sample demonstrates how to use the json-schema-deref-sync package to dereference a schema with internal references.
const deref = require('json-schema-deref-sync');
const schema = {
"$id": "http://example.com/root.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"definitions": {
"address": {
"type": "object",
"properties": {
"street_address": { "type": "string" },
"city": { "type": "string" },
"state": { "type": "string" }
},
"required": ["street_address", "city", "state"]
}
},
"type": "object",
"properties": {
"billing_address": { "$ref": "#/definitions/address" },
"shipping_address": { "$ref": "#/definitions/address" }
}
};
const dereferencedSchema = deref(schema);
console.log(JSON.stringify(dereferencedSchema, null, 2));
json-schema-ref-parser is a powerful library for parsing, resolving, and dereferencing JSON schema $ref pointers. Unlike json-schema-deref-sync, it supports both synchronous and asynchronous operations, making it more flexible for different use cases.
json-schema-deref is another library for dereferencing JSON schemas. It is similar to json-schema-deref-sync but focuses on asynchronous operations, which can be beneficial for handling large schemas or when working in environments where non-blocking operations are preferred.
Dereference JSON pointers in a JSON schemas with their true resolved values. Basically a lighter, synchronous version of json-schema-deref but omits web references.
npm install json-schema-deref-sync
Let's say you have the following JSON Schema:
{
"description": "Just some JSON schema.",
"title": "Basic Widget",
"type": "object",
"definitions": {
"id": {
"description": "unique identifier",
"type": "string",
"minLength": 1,
"readOnly": true
}
},
"properties": {
"id": {
"$ref": "#/definitions/id"
},
"bar": {
"$ref": "bar.json"
}
}
}
Sometimes you just want that schema to be fully expanded, with $ref
's being their (true) resolved values:
{
"description": "Just some JSON schema.",
"title": "Basic Widget",
"type": "object",
"definitions": {
"id": {
"description": "unique identifier",
"type": "string",
"minLength": 1,
"readOnly": true
}
},
"properties": {
"id": {
"description": "unique identifier",
"type": "string",
"minLength": 1,
"readOnly": true
},
"bar": {
"description": "bar property",
"type": "boolean"
}
}
}
This utility lets you do that:
var deref = require('json-schema-deref-sync');
var myschema = require('schema.json');
var fullSchema = deref(myschema);
Object
| Error
Derefs $ref
's in JSON Schema to actual resolved values. Supports local, and file refs.
Kind: global function
Returns: Object
| Error
- the deref schema oran instance of Error
if error.
Param | Type | Description |
---|---|---|
schema | Object | The JSON schema |
options | Object | options |
options.baseFolder | String | the base folder to get relative path files from. Default is process.cwd() |
options.failOnMissing | Boolean | By default missing / unresolved refs will be left as is with their ref value intact. If set to true we will error out on first missing ref that we cannot resolve. Default: false . |
options.mergeAdditionalProperties | Boolean | By default properties in a object with $ref will be removed in the output. If set to true they will be added/overwrite the output. This will use lodash's merge function. Default: false . |
options.removeIds | Boolean | By default $id fields will get copied when dereferencing. If set to true they will be removed. Merged properties will not get removed. Default: false . |
options.loaders | Object | A hash mapping reference types (e.g., 'file') to loader functions. |
FAQs
Simple Node.js JSON Schema dereferencer
The npm package json-schema-deref-sync receives a total of 570,374 weekly downloads. As such, json-schema-deref-sync popularity was classified as popular.
We found that json-schema-deref-sync demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.