🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis β†’
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

schemathesis

Package Overview
Dependencies
Maintainers
1
Versions
412
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

schemathesis

Property-based testing framework for Open API and GraphQL based apps

pipPyPI
Version
4.7.5
Maintainers
1

Build Coverage Version Python versions Discord License

Schemathesis

Catch API bugs before your users do.

Schemathesis automatically generates thousands of test cases from your OpenAPI or GraphQL schema and finds edge cases that break your API.

Schemathesis automatically finding a server error
Finding bugs that manual testing missed

Try it now

# Test a demo API - finds real bugs in 30 seconds
uvx schemathesis run https://example.schemathesis.io/openapi.json

# Test your own API
uvx schemathesis run https://your-api.com/openapi.json

What problems does it solve?

  • πŸ’₯ 500 errors that crash your API on edge case inputs
  • πŸ“‹ Schema violations where your API returns different data than documented
  • πŸšͺ Validation bypasses where invalid data gets accepted
  • πŸ”— Integration failures when responses don't match client expectations
  • πŸ”„ Stateful bugs where operations work individually but fail in realistic workflows

⚠️ Upgrading from older versions? Check our Migration Guide for key changes.

Installation & Usage

Command Line:

uv pip install schemathesis
schemathesis run https://your-api.com/openapi.json

Python Tests:

import schemathesis

schema = schemathesis.openapi.from_url("https://your-api.com/openapi.json")

@schema.parametrize()
def test_api(case):
    # Tests with random data, edge cases, and invalid inputs
    case.call_and_validate()

# Stateful testing: Tests workflows like: create user -> get user -> delete user
APIWorkflow = schema.as_state_machine()
# Creates a test class for pytest/unittest
TestAPI = APIWorkflow.TestCase

CI/CD:

- uses: schemathesis/action@v2
  with:
    schema: "https://your-api.com/openapi.json"

Who uses it

Used by teams at Spotify, WordPress, JetBrains, Red Hat, and dozens of other companies.

"Schemathesis is the best tool for fuzz testing of REST APIs on the market. We at Red Hat use it for examining our applications in functional and integration testing levels." - Dmitry Misharov, RedHat

See it in action

πŸ”¬ Live Benchmarks showing continuous testing results from real-world APIs:

  • Code & API schema coverage achieved
  • Issues found with detailed categorization
  • Performance across different fuzzing strategies

Documentation

πŸ“š Documentation with guides, examples, and API reference.

Get Help

Contributing

We welcome contributions! See our contributing guidelines and join discussions in issues or Discord.

Acknowledgements

Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.

License

This project is licensed under the terms of the MIT license.

Keywords

graphql
hypothesis
openapi
pytest
testing

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk

Security News

Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk

Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.

By Sarah GoodingΒ  - Β Dec 11, 2025