Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
openapi-snippet
Advanced tools
Generates code snippets from Open API (previously Swagger) documents.
Generates code snippets from Open API (previously Swagger) documents.
This package takes as input an OpenAPI v2.0 or v3.0.x document. It translates the document into an HTTP Archive 1.2 request object. It uses the HTTP Snippet library to generate code snippets for every API endpoint (URL path + HTTP method) defined in the specification in various languages & tools (cURL
, Node
, Python
, Ruby
, Java
, Go
, C#
...), or for selected endpoints.
npm i openapi-snippet
Clone this repository. Install required dependencies:
npm i
Build a minified version of OpenAPI Snippet (openapisnippet.min.js
):
npm run build
const OpenAPISnippet = require('openapi-snippet')
// define input:
const openApi = ... // Open API document
const targets = ['node_unirest', 'c'] // array of targets for code snippets. See list below...
try {
// either, get snippets for ALL endpoints:
const results = OpenAPISnippet.getSnippets(openApi, targets) // results is now array of snippets, see "Output" below.
// ...or, get snippets for a single endpoint:
const results2 = OpenAPISnippet.getEndpointSnippets(openApi, '/users/{user-id}/relationship', 'get', targets)
} catch (err) {
// do something with potential errors...
}
Include the openapisnippet.min.js
file created after building the the library (see above) in your HTML page:
<script type="text/javascript" src="path/to/openapisnippet.min.js"></script>
Use OpenAPI Snippet, which now defines the global variable OpenAPISnippet
.
The output for every endpoint is an object, containing the method
, url
, a human-readable description
, and the corresponding resource
- all of these values stem from the OpenAPI document. In addition, within the snippets
list, an object containing a code snippet for every chosen target is provided. As of version 0.4.0
, the snippets include exemplary payload data.
If getSnippets
is used, an array of the above described objects is returned.
For example:
[
// ...
{
"method": "GET",
"url": "https://api.instagram.com/v1/users/{user-id}/relationship",
"description": "Get information about a relationship to another user.",
"resource": "relationship",
"snippets": [
{
"id": "node",
"mimeType": "application/json", // Only set for methods with a request body
"title": "Node + Native",
"content": "var http = require(\"https\");\n\nvar options = {..."
}
]
}
// ...
]
Currently, OpenAPI Snippet supports the following targets (depending on the HTTP Snippet library):
c_libcurl
(default)csharp_restsharp
(default)csharp_httpclient
go_native
(default)java_okhttp
java_unirest
(default)javascript_jquery
javascript_xhr
(default)node_native
(default)node_request
node_unirest
objc_nsurlsession
(default)ocaml_cohttp
(default)php_curl
(default)php_http1
php_http2
python_python3
(default)python_requests
ruby_native
(default)shell_curl
(default)shell_httpie
shell_wget
swift_nsurlsession
(default)If only the language is provided (e.g., c
), the default library will be selected.
License: MIT
FAQs
Generates code snippets from Open API (previously Swagger) documents.
The npm package openapi-snippet receives a total of 18,150 weekly downloads. As such, openapi-snippet popularity was classified as popular.
We found that openapi-snippet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.