Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
openapi-sampler
Advanced tools
The openapi-sampler npm package is used to generate sample data from OpenAPI specifications. It helps in creating mock data for API responses based on the defined schemas in the OpenAPI document.
Generate Sample from Schema
This feature allows you to generate a sample object based on a given JSON schema. The sample data will adhere to the types and examples specified in the schema.
const openapiSampler = require('openapi-sampler');
const schema = {
type: 'object',
properties: {
id: { type: 'integer', example: 1 },
name: { type: 'string', example: 'John Doe' }
}
};
const sample = openapiSampler.sample(schema);
console.log(sample);
Generate Sample from OpenAPI Document
This feature allows you to generate sample data directly from an OpenAPI document. It extracts the schema from the specified path and response, and generates a sample based on it.
const openapiSampler = require('openapi-sampler');
const openapiDoc = {
openapi: '3.0.0',
info: { title: 'Sample API', version: '1.0.0' },
paths: {
'/user': {
get: {
responses: {
'200': {
description: 'A user object',
content: {
'application/json': {
schema: {
type: 'object',
properties: {
id: { type: 'integer', example: 1 },
name: { type: 'string', example: 'John Doe' }
}
}
}
}
}
}
}
}
}
};
const sample = openapiSampler.sample(openapiDoc.paths['/user'].get.responses['200'].content['application/json'].schema);
console.log(sample);
The swagger-mock-api package is used to create a mock server based on Swagger (OpenAPI) definitions. It allows you to simulate API endpoints and responses for testing purposes. Unlike openapi-sampler, which focuses on generating sample data, swagger-mock-api provides a full mock server implementation.
The swagger-jsdoc package is used to generate Swagger (OpenAPI) documentation from JSDoc comments in your code. While it does not generate sample data, it helps in creating and maintaining OpenAPI documentation, which can then be used with tools like openapi-sampler to generate sample data.
The json-schema-faker package generates fake data based on JSON Schema definitions. It is similar to openapi-sampler in that it generates sample data, but it is more focused on JSON Schema rather than OpenAPI specifically. It offers more customization options for generating fake data.
Tool for generation samples based on OpenAPI payload/response schema
allOf
, oneOf
, anyOf
, if/then/else
additionalProperties
with x-additionalPropertiesName
const
, examples
, enum
and default
where possible - in this ordercontains
, minItems
, maxItems
, and tuples (items
as an array)minLength
, maxLength
, min
, max
, exclusiveMinimum
, exclusiveMaximum
string
formats:
$ref
resolvingInstall using npm
npm install openapi-sampler --save
or using yarn
yarn add openapi-sampler
Then require it in your code:
var OpenAPISampler = require('openapi-sampler');
OpenAPISampler.sample(schema, [options], [spec])
object
An OpenAPI Schema Object or a JSON Schema Draft 7 document.object
Available options:
boolean
Don't include non-required object properties not specified in required
property of the schema objectboolean
Don't include readOnly
object propertiesboolean
Don't include writeOnly
object propertiesboolean
Don't log console warning messages$ref
. spec must not contain any external referencesconst OpenAPISampler = require('.');
OpenAPISampler.sample({
type: 'object',
properties: {
a: {type: 'integer', minimum: 10},
b: {type: 'string', format: 'password', minLength: 10},
c: {type: 'boolean', readOnly: true}
}
}, {skipReadOnly: true});
// { a: 10, b: 'pa$$word_q' }
FAQs
Tool for generation samples based on OpenAPI payload/response schema
The npm package openapi-sampler receives a total of 680,478 weekly downloads. As such, openapi-sampler popularity was classified as popular.
We found that openapi-sampler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.