Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
swagger-ui-express
Advanced tools
The swagger-ui-express npm package is used to serve auto-generated swagger-ui generated API docs from express, based on a swagger.json file. The package allows you to serve the Swagger UI bound to your Swagger document. This is helpful for creating API documentation that can be read and tested interactively via a browser.
Serve API Documentation
This feature serves the API documentation on a specified express route. The `swagger.json` contains the API definitions.
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
Custom CSS
This feature allows you to apply custom CSS to the Swagger UI to modify its appearance according to your preferences.
const options = {
customCss: '.swagger-ui .topbar { display: none }'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
Custom Site Title
This feature allows you to set a custom title for the API documentation page.
const options = {
customSiteTitle: 'My API Docs'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
Serve Swagger UI with Custom API Docs
This feature allows you to load your Swagger document from a YAML file instead of a JSON file, which some developers find more readable and easier to maintain.
const swaggerUi = require('swagger-ui-express');
const YAML = require('yamljs');
const swaggerDocument = YAML.load('./swagger.yaml');
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
Redoc-express is similar to swagger-ui-express in that it serves API documentation using the express framework. However, it uses Redoc to generate the documentation, which offers a different look and feel and some different features compared to Swagger UI.
Fastify-swagger is designed for the Fastify framework rather than Express. It provides similar functionality to swagger-ui-express but is tailored to work with Fastify's unique plugin architecture.
Hapi-swagger is an npm package that provides Swagger UI integration for the Hapi.js framework. It is similar to swagger-ui-express but is specifically built to work within the Hapi ecosystem.
Statements | Branches | Functions | Lines |
---|---|---|---|
This module allows you to serve auto-generated swagger-ui generated API docs from express, based on a swagger.json
file. The result is living documentation for your API hosted from your API server via a route.
Swagger version is pulled from npm module swagger-ui-dist. Please use a lock file or specify the version of swagger-ui-dist you want to ensure it is consistent across environments.
You may be also interested in:
Install using npm:
$ npm install swagger-ui-express
Express setup app.js
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
or if you are using Express router
const router = require('express').Router();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
router.use('/api-docs', swaggerUi.serve);
router.get('/api-docs', swaggerUi.setup(swaggerDocument));
Open http://<app_host>
:<app_port>
/api-docs in your browser to view the documentation.
If you want to set up routing based on the swagger document checkout swagger-express-router
If you are using swagger-jsdoc simply pass the swaggerSpec into the setup function:
// Initialize swagger-jsdoc -> returns validated swagger spec in json format
const swaggerSpec = swaggerJSDoc(options);
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));
By default the Swagger Explorer bar is hidden, to display it pass true as the 'explorer' property of the options to the setup function:
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
explorer: true
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
To pass custom options e.g. validatorUrl, to the SwaggerUi client pass an object as the 'swaggerOptions' property of the options to the setup function:
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
swaggerOptions: {
validatorUrl: null
}
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
For all the available options, refer to Swagger UI Configuration
To customize the style of the swagger page, you can pass custom CSS as the 'customCss' property of the options to the setup function.
E.g. to hide the swagger header:
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customCss: '.swagger-ui .topbar { display: none }'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
You can also pass the url to a custom css file, the value must be the public url of the file and can be relative or absolute to the swagger path.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customCssUrl: '/custom.css'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
You can also pass an array of css urls to load multiple css files.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customCssUrl: [
'/custom.css',
'https://example.com/other-custom.css'
]
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
If you would like to have full control over your HTML you can provide your own javascript file, value accepts absolute or relative path. Value must be the public url of the js file.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customJs: '/custom.js'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
You can also pass an array of js urls to load multiple js files.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customJs: [
'/custom.js',
'https://example.com/other-custom.js'
]
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
It is also possible to add inline javascript, either as string or array of string.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customJsStr: 'console.log("Hello World")'
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
customJsStr: [
'console.log("Hello World")',
`
var x = 1
console.log(x)
`
]
};
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument, options));
To load your swagger from a url instead of injecting the document, pass null
as the first parameter, and pass the relative or absolute URL as the 'url' property to 'swaggerOptions' in the setup function.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
var options = {
swaggerOptions: {
url: 'http://petstore.swagger.io/v2/swagger.json'
}
}
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(null, options));
To load multiple swagger documents from urls as a dropdown in the explorer bar, pass an array of object with name
and url
to 'urls' property to 'swaggerOptions' in the setup function.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
var options = {
explorer: true,
swaggerOptions: {
urls: [
{
url: 'http://petstore.swagger.io/v2/swagger.json',
name: 'Spec1'
},
{
url: 'http://petstore.swagger.io/v2/swagger.json',
name: 'Spec2'
}
]
}
}
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(null, options));
Make sure 'explorer' option is set to 'true' in your setup options for the dropdown to be visible.
To load your swagger specification yaml file you need to use a module able to convert yaml to json; for instance yaml
.
npm install yaml
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const fs = require("fs")
const YAML = require('yaml')
const file = fs.readFileSync('./swagger.yaml', 'utf8')
const swaggerDocument = YAML.parse(file)
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
To dynamically set the host, or any other content, in the swagger file based on the incoming request object you may pass the json via the req object; to achieve this just do not pass the the swagger json to the setup function and it will look for swaggerDoc
in the req
object.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {}
app.use('/api-docs', function(req, res, next){
swaggerDocument.host = req.get('host');
req.swaggerDoc = swaggerDocument;
next();
}, swaggerUi.serveFiles(swaggerDocument, options), swaggerUi.setup());
To run 2 swagger ui instances with different swagger documents, use the serveFiles function instead of the serve function. The serveFiles function has the same signature as the setup function.
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocumentOne = require('./swagger-one.json');
const swaggerDocumentTwo = require('./swagger-two.json');
var options = {}
app.use('/api-docs-one', swaggerUi.serveFiles(swaggerDocumentOne, options), swaggerUi.setup(swaggerDocumentOne));
app.use('/api-docs-two', swaggerUi.serveFiles(swaggerDocumentTwo, options), swaggerUi.setup(swaggerDocumentTwo));
app.use('/api-docs-dynamic', function(req, res, next){
req.swaggerDoc = swaggerDocument;
next();
}, swaggerUi.serveFiles(), swaggerUi.setup());
To render a link to the swagger document for downloading within the swagger ui - then serve the swagger doc as an endpoint and use the url option to point to it:
const express = require('express');
const app = express();
const swaggerUi = require('swagger-ui-express');
const swaggerDocument = require('./swagger.json');
var options = {
swaggerOptions: {
url: "/api-docs/swagger.json",
},
}
app.get("/api-docs/swagger.json", (req, res) => res.json(swaggerDocument));
app.use('/api-docs', swaggerUi.serveFiles(null, options), swaggerUi.setup(null, options));
npm install
npm test
FAQs
Swagger UI Express
The npm package swagger-ui-express receives a total of 1,446,414 weekly downloads. As such, swagger-ui-express popularity was classified as popular.
We found that swagger-ui-express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.