Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sn-swagger-express-middleware
Advanced tools
Supports Swagger 2.0 specs in JSON or YAML
Swagger Express Middleware uses Swagger-Parser to parse, validate, and dereference Swagger files. You can even split your spec into multiple different files using $ref
pointers.
Thoroughly tested
Over 1,000 unit tests and integration tests with 100% code coverage. Tested on over 100 Google APIs. All tests are run on Mac, Linux, and Windows using the past 3 versions of Node. But nothing's perfect, so if you find a bug, please report it.
Mock middleware
Fully-functional mock implementations for every operation in your API, including data persistence, all with zero code! This is a great way to test-drive your API as you write it, or for quick demos and POCs. You can even extend the mock middleware with your own logic and data to fill in any gaps.
Metadata middleware
Annotates each request with all the relevant information from the Swagger definition. The path, the operation, the parameters, the security requirements - they're all easily accessible at req.swagger
.
Parse Request middleware
Parses incoming requests and converts everything into the correct data types, according to your Swagger API definition.
Validate Request middleware
Ensures that every request complies with your Swagger API definition, or returns the appropriate HTTP error codes if needed. Of course, you can catch any validation errors and handle them however you want.
CORS middleware
Adds the appropriate CORS headers to each request and automatically responds to CORS preflight requests, all in compliance with your Swagger API definition.
Files middleware
Serves the Swagger API file(s) in JSON or YAML format so they can be used with front-end tools like Swagger UI, Swagger Editor, and Postman.
Install using NPM.
npm install swagger-express-middleware
Then use it in your Node.js script like this:
var express = require('express');
var middleware = require('swagger-express-middleware');
var app = express();
middleware('PetStore.yaml', app, function(err, middleware) {
// Add all the Swagger Express Middleware, or just the ones you need.
// NOTE: Some of these accept optional options (omitted here for brevity)
app.use(
middleware.metadata(),
middleware.CORS(),
middleware.files(),
middleware.parseRequest(),
middleware.validateRequest(),
middleware.mock()
);
app.listen(8000, function() {
console.log('The PetStore sample is now running at http://localhost:8000');
});
});
Swagger Express Middleware comes two samples that use the Swagger Pet Store API.
This sample demonstrates the most simplistic usage of Swagger Express Middleware. It simply creates a new Express Application and adds all of the Swagger middleware without changing any options, and without adding any custom middleware.
This sample demonstrates a few more advanced features of Swagger Express Middleware, such as setting a few options, initializing the mock data store, and adding custom middleware logic.
I welcome any contributions, enhancements, and bug-fixes. File an issue on GitHub and submit a pull request.
To build/test the project locally on your computer:
Clone this repo
git clone https://github.com/bigstickcarpet/swagger-express-middleware.git
Install dependencies
npm install
Run the build script
npm run build
Run the unit tests
npm run mocha
(just the tests)
npm test
(tests + code coverage)
Run the sample app
npm start
Swagger Express Middleware is 100% free and open-source, under the MIT license. Use it however you want.
FAQs
Swagger middleware and mocks for Express
We found that sn-swagger-express-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.