Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
json-schema-diff
Advanced tools
A language agnostic CLI tool and nodejs api to identify differences between two json schema files.
A language agnostic CLI tool and nodejs api to identify differences between two json schema files.
Install the tool using npm and add it to the package.json
npm install json-schema-diff --save-dev
This tool identifies what has changed between two json schema files. These changes are classified into two groups, added and removed. Using an approach based on set theory this tool is able to calculate these differences to a high level of accuracy.
KEYWORDS.md contains the details of what json schema keywords are supported.
A change is considered an addition when the destination schema has become more permissive relative to the source schema. For example {"type": "string"}
-> {"type": ["string", "number"]}
.
A change is considered a removal when the destination schema has become more restrictive relative to the source schema. For example {"type": ["string", "number"]}
-> {"type": "string"}
.
The addition and removal changes detected are returned in JsonSchema format. These schemas represent the set of values that have been added or removed.
{
"properties": {
"id": {
"type": "number"
}
},
"type": "object"
}
{
"properties": {
"id": {
"type": ["string", "number"]
}
},
"type": "object"
}
All objects that contain an id property of type string. The id property is required because both source and destination schemas accept objects without an id property, so we want to exclude those objects from the added result.
{
"properties": {
"id": {
"type": "string"
}
},
"required": ["id"],
"type": "object"
}
All values accepted by the source schema are also accepted by the destination schema, so the removed result is a schema that accepts no values.
false
Invoke the tool with a file path to the source schema file and the destination schema file. These files should be in JSON format and be valid according to the json schema draft-07 specification.
The tool will return two json schemas as output, one representing the values that were added by the destination schema and the other representing the values that were removed by the destination schema.
The tool will fail if any removed differences are detected.
/path/to/source-schema.json
{
"type": "string"
}
/path/to/destination-schema.json
{
"type": ["string", "number"]
}
Invoking the tool
json-schema-diff /path/to/source-schema.json /path/to/destination-schema.json
Output
Non-breaking changes found between the two schemas.
Values described by the following schema were added:
{
"type": [
"number"
]
}
Values described by the following schema were removed:
false
Invoke the library with the source schema and the destination schema. These objects should be simple javascript objects and be valid according to the json schema draft-07 specification.
For full details of the nodejs api please refer to api-types.d.ts
const jsonSchemaDiff = require('json-schema-diff');
const source = {type: 'string'};
const destination = {type: ['string', 'number']};
const result = await jsonSchemaDiff.diffSchemas({
sourceSchema: source,
destinationSchema: destination
});
if (result.removalsFound) {
console.log('Something was removed!');
}
if (result.additionsFound) {
console.log('Something was added!');
}
See CHANGELOG.md
See CONTRIBUTING.md
See LICENSE.txt
FAQs
A language agnostic CLI tool and nodejs api to identify differences between two json schema files.
The npm package json-schema-diff receives a total of 95,335 weekly downloads. As such, json-schema-diff popularity was classified as popular.
We found that json-schema-diff demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.