Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
By Sarah Gooding - Nov 19, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
swagger-parser
Advanced tools
What is swagger-parser?
swagger-parser is a powerful npm package that allows you to parse, validate, and dereference Swagger (OpenAPI) definitions. It helps in ensuring that your API definitions are correct and can be used to resolve $ref pointers to simplify the API documentation.
What are swagger-parser's main functionalities?
Parse
This feature allows you to parse a Swagger (OpenAPI) definition file. The code sample demonstrates how to parse a Swagger file and log the API name and version.
const SwaggerParser = require('swagger-parser');
SwaggerParser.parse('path/to/your/swagger.yaml')
.then(api => {
console.log('API name: %s, Version: %s', api.info.title, api.info.version);
})
.catch(err => {
console.error(err);
});Validate
This feature allows you to validate a Swagger (OpenAPI) definition file. The code sample demonstrates how to validate a Swagger file and log whether the API is valid or not.
const SwaggerParser = require('swagger-parser');
SwaggerParser.validate('path/to/your/swagger.yaml')
.then(api => {
console.log('API is valid:', api);
})
.catch(err => {
console.error('API is invalid:', err);
});Dereference
This feature allows you to dereference $ref pointers in a Swagger (OpenAPI) definition file. The code sample demonstrates how to dereference a Swagger file and log the dereferenced API.
const SwaggerParser = require('swagger-parser');
SwaggerParser.dereference('path/to/your/swagger.yaml')
.then(api => {
console.log('Dereferenced API:', api);
})
.catch(err => {
console.error(err);
});Bundle
This feature allows you to bundle all external $ref pointers into a single file. The code sample demonstrates how to bundle a Swagger file and log the bundled API.
const SwaggerParser = require('swagger-parser');
SwaggerParser.bundle('path/to/your/swagger.yaml')
.then(api => {
console.log('Bundled API:', api);
})
.catch(err => {
console.error(err);
});Other packages similar to swagger-parser
openapi-schema-validator
openapi-schema-validator is a package that validates OpenAPI 3.0 schemas. It focuses on schema validation and does not provide parsing or dereferencing functionalities like swagger-parser.
swagger-jsdoc
swagger-jsdoc is a package that generates Swagger (OpenAPI) definitions from JSDoc comments in your code. It is more focused on generating documentation from code comments rather than parsing and validating existing Swagger files.
swagger-client
swagger-client is a package that provides a JavaScript client for interacting with Swagger (OpenAPI) APIs. It includes functionalities for making API requests and handling responses, but it does not focus on parsing or validating Swagger definitions.
Swagger-Parser
Parses, validates, and dereferences JSON/YAML Swagger specs in Node and browsers
Features
- Parses Swagger specs in JSON or YAML format
- Validates against the official Swagger 2.0 schema
- Dereferences all $ref pointers, including pointers to external files and URLs
- Asynchronously downloads and caches external files and URLs
- Tested in Node.js and all major web browsers on Windows, Mac, and Linux
- Supports nested $ref pointers, even in external files and URLs
- Supports circular $ref pointers (see notes below)
- Multiple $ref pointers to the same object are resolved to the same object instance
Basic Example
swagger.parser.parse("swagger.yaml", function(err, api, metadata) {
if (!err) {
console.log("API name: %s, Version: %s", api.info.title, api.info.version);
}
});
The api parameter that's passed to the callback function is the parsed, validated, and dereferenced Swagger object.
Installation and Use
Node
npm install swagger-parser
Then add this to your Node script:
var parser = require("swagger-parser");
parser.parse('swagger.yaml', function(err, api, metadata) { ... });
Bower
bower install swagger-parser
Then add this to your HTML page:
<script src="bower_components/swagger-parser/dist/swagger-parser.js"></script>
<script>
swagger.parser.parse('http://mysite.com/swagger.yaml', function(err, api, metadata) { ... });
</script>
AMD (Require.js)
Just add swagger-parser to your AMD module's dependencies, or require("swagger-parser") explicitly.
define("myModule", ["swagger-parser"], function(parser) {
parser.parse('http://mysite.com/swagger.yaml', function(err, api, metadata) { ... });
});
The API
Parser.parse(swaggerPath, [options], callback)
-
swaggerPath (required) -
string
The file path or URL of your Swagger file. Relative paths are allowed. In Node, the path is relative toprocess.cwd(). In the browser, it's relative to the URL of the page. -
options (optional) -
object
An object containing one or more parsing options. See options below. -
callback (required) -
function(err, api, metadata)
Called after the parsing is finished, or when an error occurs. See callback below for details.
Options
| Property | Type | Default | Description |
|---|---|---|---|
parseYaml | bool | true | Determines whether the parser will allow Swagger specs in YAML format. If set to false, then only JSON will be allowed. |
dereference$Refs | bool | true | Determines whether $ref pointers in the Swagger API will be replaced with their resolved values. Different $ref pointers that resolve to the same object will be replaced with the same object instance. Setting this option to false will leave the $ref pointers in the Swagger API, but you can still access the resolved values using the metadata object. |
resolve$Refs | bool | true | Determines whether $ref pointers will be resolved. Setting this option to false effectively disables dereference$Refs as well. The difference is that the metadata object won't be populated either. |
resolveExternal$Refs | bool | true | Determines whether $ref pointers will be resolved if they point to external files or URLs. Internal $ref pointers will still be resolved and dereferenced. |
validateSchema | bool | true | Determines whether your API will be validated against the official Swagger schema. If set to false, then the resulting Swagger object may be missing properties, have properties of the wrong data type, etc. |
Callback
| Parameter | Type | Description |
|---|---|---|
err | Error | null unless an error occurred. |
api | Swagger object | The complete Swagger API object. Or null if an error occurred |
metadata | object | This parameter provides extra information about the parsing operation. It is always provided, even if there's an error. |
Metadata
The metadata parameter is an object with the following properties:
| Property | Type | Description |
|---|---|---|
baseDir | string | The directory of the main Swagger file, which is the base directory used to resolve any external $ref pointers. |
files | array of strings | The full paths of all files that were parsed. This only includes local files, not URLs. If Parser.parse() was called with a local file path, then it will be the first item in this array. |
urls | array of URL objects | The URLs that were parsed. If Parser.parse() was called with a URL, then it will be the first item in this array. |
$refs | object | A map of all the $ref pointers that were resolved, and the objects they resolved to. If an error occurs while resolving a reference, then this object will still contain the $refs that were successfully parsed up to that point. |
Circular $Refs
Swagger files can contain circular $ref pointers, and Swagger-Parser will correctly parse them, resolve their values, and validate them against the Swagger schema. However, Swagger-Parser does not dereference circular references because this can easily cause stack overflows when the Swagger object is serialized, as well as other, more subtle bugs.
If your Swagger API includes circular references, then the callback will receive a ReferenceError to alert you that the Swagger object was not fully dereferenced. However, you can choose to ignore this error and use the api parameter anyway. All non-circular $ref pointers in the Swagger object will still be resolved and dereferenced like always. Circular $ref pointers will not be dereferenced, but they will be resolved, so you can access their resolved values in metadata.$refs.
person:
properties:
name:
type: string
spouse:
type:
$ref: person # circular reference
Contributing
I welcome any contributions, enhancements, and bug-fixes. File an issue on GitHub and submit a pull request. Use JSHint to make sure your code passes muster. (see .jshintrc).
License
Swagger-Parser is 100% free and open-source, under the MIT license. Use it however you want.
FAQs
Swagger 2.0 and OpenAPI 3.0 parser and validator for Node and browsers
The npm package swagger-parser receives a total of 772,680 weekly downloads. As such, swagger-parser popularity was classified as popular.
We found that swagger-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 05 Jan 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
By Kush Pandya - Nov 15, 2024
Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
By Sarah Gooding - Nov 15, 2024