
Security News
CISA Kills Off RSS Feeds for KEVs and Cyber Alerts
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.
json-schema-traverse
Advanced tools
The json-schema-traverse package is used to traverse and process JSON Schemas. It allows you to visit every schema node to analyze or modify the schema. This can be useful for schema analysis, transformation, and enhancement.
Traversing a JSON Schema
This feature allows you to traverse a JSON Schema and execute a callback function at each node. The callback receives information about the current schema node, its path, and its context within the overall schema.
{"schema": {"type": "object", "properties": {"foo": {"type": "string"}, "bar": {"type": "number"}}}, "callback": "(schema, jsonPtr, rootSchema, parentJsonPtr, parentKeyword, parentSchema, keyIndex) => { console.log('Traversing:', jsonPtr); }"}
Modifying a JSON Schema during traversal
This feature allows you to modify the schema nodes during traversal. For example, you can add constraints like 'minLength' to string properties.
{"schema": {"type": "object", "properties": {"foo": {"type": "string"}, "bar": {"type": "number"}}}, "callback": "(schema, jsonPtr, rootSchema, parentJsonPtr, parentKeyword, parentSchema, keyIndex) => { if (schema.type === 'string') { schema.minLength = 1; } }"}
json-schema-walker is similar to json-schema-traverse in that it allows you to walk through a JSON Schema. However, it has a different API and may offer different customization options for the traversal process.
json-schema-ref-parser can dereference JSON Schemas, resolving all $ref pointers. This is different from json-schema-traverse, which does not resolve references but can be used in conjunction with it to traverse the dereferenced schema.
Traverse JSON Schema passing each schema object to callback
npm install json-schema-traverse
const traverse = require('json-schema-traverse');
const schema = {
properties: {
foo: {type: 'string'},
bar: {type: 'integer'}
}
};
traverse(schema, {cb});
// cb is called 3 times with:
// 1. root schema
// 2. {type: 'string'}
// 3. {type: 'integer'}
// Or:
traverse(schema, {cb: {pre, post}});
// pre is called 3 times with:
// 1. root schema
// 2. {type: 'string'}
// 3. {type: 'integer'}
//
// post is called 3 times with:
// 1. {type: 'string'}
// 2. {type: 'integer'}
// 3. root schema
Callback function cb
is called for each schema object (not including draft-06 boolean schemas), including the root schema, in pre-order traversal. Schema references ($ref) are not resolved, they are passed as is. Alternatively, you can pass a {pre, post}
object as cb
, and then pre
will be called before traversing child elements, and post
will be called after all child elements have been traversed.
Callback is passed these parameters:
traverse
objectproperties
, anyOf
, etc.){type: 'string'}
is the root schema{type: 'string'}
the property name is 'foo'
const traverse = require('json-schema-traverse');
const schema = {
mySchema: {
minimum: 1,
maximum: 2
}
};
traverse(schema, {allKeys: true, cb});
// cb is called 2 times with:
// 1. root schema
// 2. mySchema
Without option allKeys: true
callback will be called only with root schema.
json-schema-traverse package is a part of Tidelift enterprise subscription - it provides a centralised commercial support to open-source software users, in addition to the support provided by software maintainers.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure. Please do NOT report security vulnerability via GitHub issues.
FAQs
Traverse JSON Schema passing each schema object to callback
The npm package json-schema-traverse receives a total of 94,073,756 weekly downloads. As such, json-schema-traverse popularity was classified as popular.
We found that json-schema-traverse demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.
Security News
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.