Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
swagger-cli
Advanced tools
The swagger-cli npm package is a command-line tool for working with Swagger and OpenAPI definitions. It provides various functionalities such as validating, bundling, dereferencing, and serving API definitions.
Validate
This feature allows you to validate your Swagger/OpenAPI definition to ensure it is correctly formatted and adheres to the specification.
swagger-cli validate my-api.yaml
Bundle
This feature bundles multiple Swagger/OpenAPI files into a single file. This is useful for managing large APIs split across multiple files.
swagger-cli bundle my-api.yaml --outfile bundled-api.yaml
Dereference
This feature dereferences $ref pointers in your Swagger/OpenAPI definition, replacing them with the actual content they point to. This can be useful for simplifying the API definition.
swagger-cli dereference my-api.yaml --outfile dereferenced-api.yaml
Serve
This feature serves your Swagger/OpenAPI definition over HTTP, allowing you to view and interact with it using a web browser.
swagger-cli serve my-api.yaml
Swagger Parser is a powerful library for parsing, validating, and dereferencing Swagger and OpenAPI definitions. It offers similar functionalities to swagger-cli but is more focused on being used as a library within Node.js applications rather than a command-line tool.
Speccy is a command-line tool for working with OpenAPI specifications. It provides features like validation, linting, and bundling. It is similar to swagger-cli but includes additional features like linting to enforce best practices.
$ref
pointersInstall using npm:
npm install -g swagger-cli
swagger-cli <command> [options] <file>
Commands:
validate Validates an API definition in Swagger 2.0 or OpenAPI 3.0 format
bundle Bundles a multi-file API definition into a single file
Options:
-h, --help Show help for any command
-v, --version Output the CLI version number
-d, --debug [filter] Show debug output, optionally filtered (e.g. "*", "swagger:*", etc.)
The swagger-cli validate
command will validate your Swagger/OpenAPI definition against the Swagger 2.0 schema or OpenAPI 3.0 Schema. It also performs additional validations against the specification, which will catch some things that aren't covered by the schema, such as duplicate parameters, invalid MIME types, etc.
The command will exit with a non-zero code if the API is invalid.
swagger-cli validate [options] <file>
Options:
--no-schema Do NOT validate against the Swagger/OpenAPI JSON schema
--no-spec Do NOT validate against the Swagger/OpenAPI specification
The Swagger and OpenAPI specs allows you to split your API definition across multiple files using $ref
pointers to reference each file. You can use the swagger-cli bundle
command to combine all of those referenced files into a single file, which is useful for distribution or interoperation with other tools.
By default, the swagger-cli bundle
command tries to keep the output file size as small as possible, by only embedding each referenced file once. If the same file is referenced multiple times, then any subsequent references are simply modified to point to the single inlined copy of the file. If you want to produce a bundled file without any $ref
pointers, then add the --dereference
option. This will result in a larger file size, since multiple references to the same file will result in that file being embedded multiple times.
If you don't specify the --output-file
option, then the bundled API will be written to stdout, which means you can pipe it to other commands.
The result of this method by default is written as JSON. It can be changed to YAML with the --type
option, by passing the yaml
value.
swagger-cli bundle [options] <file>
Options:
-o, --outfile <file> The output file
-r, --dereference Fully dereference all $ref pointers
-f, --format <spaces> Formats the JSON output using the given number of spaces
(the default is 2 spaces)
-t, --type <filetype> Defines the output file type. The valid values are: json, yaml
(the default is JSON)
I welcome any contributions, enhancements, and bug-fixes. File an issue on GitHub and submit a pull request.
To build/test the project locally on your computer:
Clone this repo
git clone https://github.com/bigstickcarpet/swagger-cli.git
Install dependencies
npm install
Run the tests
npm test
Swagger CLI is 100% free and open-source, under the MIT license. Use it however you want.
FAQs
Swagger 2.0 and OpenAPI 3.0 command-line tool
The npm package swagger-cli receives a total of 177,107 weekly downloads. As such, swagger-cli popularity was classified as popular.
We found that swagger-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.