Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
postman-collection
Advanced tools
Enables developers to use a unified Postman Collection format Object across projects
The postman-collection npm package provides a set of utilities to work with Postman collections, which are a way to group and organize API requests. This package allows you to create, manipulate, and validate Postman collections programmatically.
Create a Collection
This feature allows you to create a new Postman collection with a specified name and description.
const { Collection } = require('postman-collection');
const myCollection = new Collection({
info: {
name: 'My Collection',
description: 'A sample collection'
},
item: []
});
console.log(myCollection);
Add a Request to a Collection
This feature allows you to add a new request to an existing Postman collection.
const { Collection, Item } = require('postman-collection');
const myCollection = new Collection({
info: {
name: 'My Collection'
},
item: []
});
const requestItem = new Item({
name: 'Sample Request',
request: {
url: 'https://api.example.com',
method: 'GET'
}
});
myCollection.items.add(requestItem);
console.log(myCollection);
Validate a Collection
This feature allows you to validate a Postman collection to ensure it meets the required schema.
const { Collection } = require('postman-collection');
const myCollection = new Collection({
info: {
name: 'My Collection'
},
item: []
});
const isValid = myCollection.validate();
console.log(isValid);
swagger-jsdoc is a package that allows you to integrate JSDoc comments with Swagger (OpenAPI) definitions. It is used to generate Swagger documentation for your APIs. Unlike postman-collection, which focuses on Postman collections, swagger-jsdoc is centered around creating and managing API documentation.
openapi-types is a package that provides TypeScript definitions for OpenAPI specifications. It is useful for working with OpenAPI (Swagger) documents in a type-safe manner. While postman-collection is focused on Postman collections, openapi-types is specifically designed for OpenAPI specifications.
raml-1-parser is a package for parsing and validating RAML (RESTful API Modeling Language) documents. It allows you to work with RAML specifications programmatically. In contrast to postman-collection, which deals with Postman collections, raml-1-parser is tailored for RAML documents.
Postman Collection SDK is a NodeJS module that allows a developer to work with Postman Collections. Using this module a developer can create collections, manipulate them and then export them in a format that the Postman Apps and Postman CLI Runtimes (such as Newman) can consume.
A collection lets you group individual requests together. These requests can be further organized into folders to accurately mirror your API. Requests can also store sample responses when saved in a collection. You can add metadata like name and description too so that all the information that a developer needs to use your API is available easily.
To know more about Postman Collections, visit the collection documentation section on Postman Website.
The new Collection Format v2 builds a stronger foundation for improving your productivity while working with APIs. We want your feedback and iron out issues before this goes into the Postman Apps.
Postman Collection SDK can be installed using NPM or directly from the git repository within your NodeJS projects. If
installing from NPM, the following command installs the SDK and saves in your package.json
> npm install postman-collection --save
In this example snippet we will get started by loading a collection from a file and output the same in console.
var fs = require('fs'), // needed to read JSON file from disk
Collection = require('postman-collection').Collection,
myCollection;
// Load a collection to memory from a JSON file on disk (say, sample-collection.json)
myCollection = new Collection(JSON.parse(fs.readFileSync('sample-collection.json').toString()));
// log items at root level of the collection
console.log(myCollection.toJSON());
After loading the collection from file, one can do a lot more using the functions that are available in the SDK. To know more about these functions, head over to Collection SDK Docs.
The collection schema outlines the JSON definition of data structure accepted by the constructor of each properties of this SDK. In other words, this SDK provides JavaScript level object manipulation for the JSON structure defined by Postman Collection Format in http://schema.postman.com/.
Schema Version | Compatible SDK Versions |
---|---|
1.0 | none |
2.0 | <3.0 |
2.1 | >= 3.0 |
Conceptually, a JSON input to the constructor of an SDK property should provide similar output when that property
instance's .toJSON()
is called.
FAQs
Enables developers to use a unified Postman Collection format Object across projects
The npm package postman-collection receives a total of 827,174 weekly downloads. As such, postman-collection popularity was classified as popular.
We found that postman-collection demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.