
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
openapi-to-effect
Advanced tools
Generate @effect/schema definitions from an OpenAPI document.
Note that @effect/schema is currently in pre-stable version, and thus there will likely be breaking changes in the future.
Features:
formats).Schema.suspend().prettier. Descriptions in the schema (e.g. title, description) are output as comments in the generated code. title fields are assumed to be single line comments, which are output as // comments, whereas description results in a block comment.Limitations:
$allOf operator currently only supports schemas of type object. Generic intersections are not currently supported.This package exposes an openapi-to-effect command:
npx openapi-to-effect <command> <args>
@effect/schema code with the gen commandThe gen command takes the path to an OpenAPI v3.1 document (in JSON format), the path to the output directory, and optionally a spec file to configure the output:
npx openapi-to-effect gen ./api.json ./output --spec=./spec.ts
npx openapi-to-effect gen ./example_api.json ./output --spec=./example_spec.ts
example_api.json
{
"openapi": "3.1.0",
"info": {
"title": "Example API",
"version": "0.1.0"
},
"components": {
"schemas": {
"Category": {
"type": "object",
"properties": {
"name": { "type": "string" },
"subcategories": {
"type": "object",
"additionalProperties": {
"$ref": "#/components/schemas/Category"
},
"default": {}
}
},
"required": ["name"]
},
"User": {
"type": "object",
"properties": {
"id": {
"title": "Unique ID",
"type": "string",
"format": "uuid"
},
"name": {
"title": "The user's full name.",
"type": "string"
},
"last_logged_in": {
"title": "When the user last logged in.",
"type": "string", "format": "date-time"
},
"role": {
"title": "The user's role within the system.",
"description": "Roles:\n- ADMIN: Administrative permissions\n- USER: Normal permissions\n- AUDITOR: Read only permissions",
"type": "string",
"enum": ["ADMIN", "USER", "AUDITOR"]
},
"interests": {
"type": "array",
"items": { "$ref": "#/components/schemas/Category" },
"default": []
}
},
"required": ["id", "name", "last_logged_in", "role"]
}
}
}
}
example_spec.ts
import { type GenerationSpec } from '../../src/generation/generationSpec.ts';
export default {
generationMethod: { method: 'bundled', bundleName: 'example' },
hooks: {},
runtime: {},
modules: {
'./Category.ts': {
definitions: [
{
action: 'generate-schema',
schemaId: 'Category',
typeDeclarationEncoded: `{
readonly name: string,
readonly subcategories?: undefined | { readonly [key: string]: _CategoryEncoded }
}`,
typeDeclaration: `{
readonly name: string,
readonly subcategories: { readonly [key: string]: _Category }
}`,
},
],
},
},
} satisfies GenerationSpec;
output/example.ts
import { Schema as S } from '@effect/schema';
/* Category */
type _Category = {
readonly name: string;
readonly subcategories: { readonly [key: string]: _Category };
};
type _CategoryEncoded = {
readonly name: string;
readonly subcategories?: undefined | { readonly [key: string]: _CategoryEncoded };
};
export const Category = S.Struct({
name: S.String,
subcategories: S.optional(
S.Record(
S.String,
S.suspend((): S.Schema<_Category, _CategoryEncoded> => Category),
),
{
default: () => ({}),
},
),
}).annotations({ identifier: 'Category' });
export type Category = S.Schema.Type<typeof Category>;
export type CategoryEncoded = S.Schema.Encoded<typeof Category>;
/* User */
export const User = S.Struct({
id: S.UUID, // Unique ID
name: S.String, // The user's full name.
last_logged_in: S.Date, // When the user last logged in.
/**
* Roles:
*
* - ADMIN: Administrative permissions
* - USER: Normal permissions
* - AUDITOR: Read only permissions
*/
role: S.Literal('ADMIN', 'USER', 'AUDITOR'), // The user's role within the system.
interests: S.optional(S.Array(Category), {
default: () => [],
}),
}).annotations({ identifier: 'User' });
export type User = S.Schema.Type<typeof User>;
export type UserEncoded = S.Schema.Encoded<typeof User>;
We gratefully accept bug reports and contributions from the community. By participating in this community, you agree to abide by Code of Conduct. All contributions are covered under the Developer's Certificate of Origin (DCO).
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
This project is primarily distributed under the terms of the Mozilla Public License (MPL) 2.0, see LICENSE for details.
FAQs
OpenAPI to Effect Schema code generator
The npm package openapi-to-effect receives a total of 181 weekly downloads. As such, openapi-to-effect popularity was classified as not popular.
We found that openapi-to-effect demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.