Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Schemathesis is an API testing tool that automatically finds crashes and validates spec compliance.
Finding server crashes in the Demo API.
🎯 Catches Hard-to-Find Bugs
⚡ Accelerates Testing Cycles
🧩 Integrates Seamlessly
🔧 Customizable and Extendable
🐞 Simplifies Debugging
🔬 Proven by Research
Use Schemathesis via Docker, or install it from PyPI
# Via Docker.
$ docker pull schemathesis/schemathesis:stable
# With pip.
$ pip install schemathesis
Schemathesis works as a standalone CLI:
docker run schemathesis/schemathesis:stable
run --checks all https://example.schemathesis.io/openapi.json
# Or when installed with pip
schemathesis run --checks all https://example.schemathesis.io/openapi.json
Or a Python library:
import schemathesis
schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")
@schema.parametrize()
def test_api(case):
case.call_and_validate()
See a complete working example project in the /example directory.
Schemathesis can be easily integrated into your CI/CD pipeline using GitHub Actions. Add this block to your GitHub Actions to run Schemathesis against your API:
api-tests:
runs-on: ubuntu-latest
steps:
- uses: schemathesis/action@v1
with:
schema: "https://example.schemathesis.io/openapi.json"
# OPTIONAL. Add Schemathesis.io token for pull request reports
token: ${{ secrets.SCHEMATHESIS_TOKEN }}
For more details, check out our GitHub Action repository or see our GitHub Tutorial.
For test reports in your pull requests, install the GitHub app:
Schemathesis CLI integrates with Schemathesis.io to enhance bug detection by optimizing test case generation. It also provides a user-friendly UI for viewing and analyzing test results. For a quick setup all-in-one solution, we offer a free tier.
Schemathesis is used by a number of projects and companies, including direct usage or integration into other tools:
"The world needs modern, spec-based API tests, so we can deliver APIs as-designed. Schemathesis is the right tool for that job."
"Schemathesis is the only sane way to thoroughly test an API."
"The tool is absolutely amazing as it can do the negative scenario testing instead of me and much faster! Before I was doing the same tests in Postman client. But it's much slower and brings maintenance burden."
"Schemathesis is the best tool for fuzz testing of REST API on the market. We are at Red Hat use it for examining our applications in functional and integrations testing levels."
"There are different levels of usability and documentation quality among these tools which have been reported, where Schemathesis clearly stands out among the most user-friendly and industry-strength tools."
We welcome contributions in code and are especially interested in learning about your use cases. Your input is essential for improving Schemathesis and directly influences future updates.
Thank you for contributing to making Schemathesis better! 👍
If you're a large enterprise or startup seeking specialized assistance, we offer commercial support to help you integrate Schemathesis effectively into your workflows. This includes:
To discuss a custom support arrangement that best suits your organization, please contact our support team at support@schemathesis.io.
Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.
This project is licensed under the terms of the MIT license.
FAQs
Property-based testing framework for Open API and GraphQL based apps
We found that schemathesis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.