Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
openapi-data-validator
Advanced tools
openapi-data-validator
Automatically validate API requests and responses with OpenAPI 3.
OpenAPI Data Validator
Lightweight OpenAPI complete request model validator. Fast, unopinionated, full featured validator for API requests that utilize OpenAPI docs for API documentation.
This is an open source project managed by the Authress Engineering team.
Usage
It is simple, and that's all there is to it!
npm install openapi-data-validator --save
const { OpenApiValidator } = require('openapi-data-validator');
const spec = require('./openapi.json');
const openApiValidator = new OpenApiValidator({ apiSpec: spec });
const validator = openApiValidator.createValidator();
// Configure this to the client's request. It will resolve the expected schema in the spec using the method and route defined, and validate the request parameters.
const newRequest = {
method: 'GET',
// Matched openapi specification generic route, this should be the generic `path` from the spec, such as `/resources/{resourceId}/`, it must match one of them exactly.
route: request.route
headers: { Authorization: 'Bearer Token' },
// Query string parameters from the request
query: { limit: 10 },
// Body already parsed to JSON
body: { field: true },
// Path parameters
path: { user: 'userId' }
};
await validator(newRequest);
Compile validator
For improved processing speed the validator can be pre-compiled from the spec
const openApiValidator = new OpenApiValidator({ apiSpec: spec, compiledFilePath: './compiledValidator.json' });
await openApiValidator.compileValidator();
// Later
const validator = await openApiValidator.loadValidation();
// ...
await validator(request);
Checkout the full: Async example
FAQs
Why not just use AJV
AJV is the best, but there are some things that just are very OpenAPI specific that don't make sense to be in the validator. Don't need them? Great, go use AJV.
- Top level defined Path parameters - AJV doesn't understand
- Inline request body definitions, AJV doesn't understand schema defined in the method, it has to be in a component
- Body Content-Type validation - Request bodies with multiple content types allowed
FAQs
Automatically validate API requests and responses with OpenAPI 3.
We found that openapi-data-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025