Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
oas-validator
Advanced tools
The oas-validator npm package is used to validate OpenAPI Specification (OAS) documents. It ensures that the OAS documents adhere to the OpenAPI standards and helps in identifying any discrepancies or errors in the API definitions.
Validate OpenAPI 3.0 documents
This feature allows you to validate OpenAPI 3.0 documents to ensure they conform to the OpenAPI Specification. The code sample reads an OpenAPI document from a file and validates it using the oas-validator package.
const validator = require('oas-validator');
const fs = require('fs');
const apiSpec = JSON.parse(fs.readFileSync('path/to/openapi.json', 'utf8'));
validator.validate(apiSpec, {}, (err, options) => {
if (err) {
console.error('Validation failed:', err);
} else {
console.log('Validation succeeded');
}
});
Validate OpenAPI 2.0 (Swagger) documents
This feature allows you to validate OpenAPI 2.0 (Swagger) documents. The code sample reads a Swagger document from a file and validates it using the oas-validator package, specifying the version as '2.0'.
const validator = require('oas-validator');
const fs = require('fs');
const apiSpec = JSON.parse(fs.readFileSync('path/to/swagger.json', 'utf8'));
validator.validate(apiSpec, { version: '2.0' }, (err, options) => {
if (err) {
console.error('Validation failed:', err);
} else {
console.log('Validation succeeded');
}
});
Custom validation options
This feature allows you to use custom validation options such as linting and schema validation. The code sample demonstrates how to pass custom options to the validator.
const validator = require('oas-validator');
const fs = require('fs');
const apiSpec = JSON.parse(fs.readFileSync('path/to/openapi.json', 'utf8'));
const options = {
lint: true,
validateSchema: true
};
validator.validate(apiSpec, options, (err, options) => {
if (err) {
console.error('Validation failed:', err);
} else {
console.log('Validation succeeded');
}
});
The swagger-parser package is used to validate, parse, and dereference Swagger and OpenAPI documents. It provides similar functionalities to oas-validator but also includes features for parsing and dereferencing API definitions.
The openapi-schema-validator package is a lightweight validator for OpenAPI 3.0 schemas. It focuses on schema validation and is simpler compared to oas-validator, which offers more comprehensive validation options.
The swagger-tools package provides a suite of tools for working with Swagger documents, including validation, routing, and middleware. It offers broader functionality compared to oas-validator, which is focused solely on validation.
Usage:
const validator = require('oas-validator');
const options = {};
validator.validate(openapi, options)
.then(function(options){
// options.valid contains the result of the validation, true in this branch
})
.catch(function(err){
console.warn(err.message);
if (options.context) console.warn('Location',options.context.pop());
});
If a third callback
argument to validate
is provided, the callback will be called instead of a Promise being returned.
oas-validator
is an assertion-based validator, which stops on the first error, as structural errors may otherwise cause further (spurious) errors to be reported. If the lint
option is set, multiple warnings
may be reported.
See here for complete documentation of the options
object.
FAQs
Parser/validator for OpenAPI 3.x definitions
The npm package oas-validator receives a total of 1,148,384 weekly downloads. As such, oas-validator popularity was classified as popular.
We found that oas-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.