Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah GoodingΒ - Β Dec 12, 2025
π¨ Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis β
schemathesis
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 4.7.0
- Maintainers
- 1
Schemathesis
Catch API bugs before your users do.
Schemathesis automatically generates thousands of test cases from your OpenAPI or GraphQL schema and finds edge cases that break your API.
Finding bugs that manual testing missed
Try it now
# Test a demo API - finds real bugs in 30 seconds
uvx schemathesis run https://example.schemathesis.io/openapi.json
# Test your own API
uvx schemathesis run https://your-api.com/openapi.json
What problems does it solve?
- π₯ 500 errors that crash your API on edge case inputs
- π Schema violations where your API returns different data than documented
- πͺ Validation bypasses where invalid data gets accepted
- π Integration failures when responses don't match client expectations
- π Stateful bugs where operations work individually but fail in realistic workflows
β οΈ Upgrading from older versions? Check our Migration Guide for key changes.
Installation & Usage
Command Line:
uv pip install schemathesis
schemathesis run https://your-api.com/openapi.json
Python Tests:
import schemathesis
schema = schemathesis.openapi.from_url("https://your-api.com/openapi.json")
@schema.parametrize()
def test_api(case):
# Tests with random data, edge cases, and invalid inputs
case.call_and_validate()
# Stateful testing: Tests workflows like: create user -> get user -> delete user
APIWorkflow = schema.as_state_machine()
# Creates a test class for pytest/unittest
TestAPI = APIWorkflow.TestCase
CI/CD:
- uses: schemathesis/action@v2
with:
schema: "https://your-api.com/openapi.json"
Who uses it
Used by teams at Spotify, WordPress, JetBrains, Red Hat, and dozens of other companies.
"Schemathesis is the best tool for fuzz testing of REST APIs on the market. We at Red Hat use it for examining our applications in functional and integration testing levels." - Dmitry Misharov, RedHat
See it in action
π¬ Live Benchmarks showing continuous testing results from real-world APIs:
- Code & API schema coverage achieved
- Issues found with detailed categorization
- Performance across different fuzzing strategies
Documentation
π Documentation with guides, examples, and API reference.
Get Help
- π¬ Discord community
- π GitHub issues
Contributing
We welcome contributions! See our contributing guidelines and join discussions in issues or Discord.
Acknowledgements
Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.
License
This project is licensed under the terms of the MIT license.
Keywords
FAQs
Property-based testing framework for Open API and GraphQL based apps
We found that schemathesis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: whatβs affected and how to update safely.
By Sarah GoodingΒ - Β Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah GoodingΒ - Β Dec 11, 2025