npmpackage.info

Gathering detailed insights and metrics for @apidevtools/json-schema-ref-parser

Gathering detailed insights and metrics for @apidevtools/json-schema-ref-parser

@apidevtools/json-schema-ref-parser - 14.1.0 | npmpackage.info

@apidevtools/json-schema-ref-parser

Parse, Resolve, and Dereference JSON Schema $ref pointers in Node and browsers

14.1.0

1,035

MIT

TypeScript

23.10 kB

521,623,552 5.4

Installations

npm install @apidevtools/json-schema-ref-parser

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, UMD

Min. Node Version

>= 20

Node Version

22.16.0

NPM Version

10.9.3

Score

99.1

Supply Chain

100

Quality

95.7

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

0

Total

145

Closed

55

Merged

90

Issues

Open

18

Total

245

Closed

227

Releases

57

v14.1.0

Updated on Jul 07, 2025

v14.0.3

Updated on Jun 30, 2025

v14.0.2

Updated on Jun 18, 2025

v14.0.1

Updated on Jun 16, 2025

v14.0.0

Updated on Jun 16, 2025

v13.0.5

Updated on Jun 10, 2025

View All 57 releases

Languages

4

TypeScript

JavaScript

HTML

CSS

TypeScript (99.64%)

JavaScript (0.32%)

HTML (0.03%)

CSS (0.01%)

Developer

Download Statistics

Total Downloads

521,623,552

Last Day

268,389

Last Week

5,221,277

Last Month

22,330,164

Last Year

211,703,542

GitHub Statistics

MIT License

1,035 Stars

745 Commits

236 Forks

8 Watchers

14 Branches

51 Contributors

Updated on Jul 07, 2025

Bundle Size

79.31 kB

Minified

23.10 kB

Minified + Gzipped

Bundlephobia

Sponsor this package

https://github.com/sponsors/philsturgeon

Maintainers

2

View All 51 Contributors

Package Meta Information

Latest Version

14.1.0

Package Id

@apidevtools/json-schema-ref-parser@14.1.0

Unpacked Size

336.76 kB

Size

70.36 kB

File Count

75

NPM Version

10.9.3

Node Version

22.16.0

Published on

Jul 07, 2025

Total Downloads

Cumulative downloads

Total Downloads

521,623,552

Last Day

5.3%

268,389

Compared to previous day

Last Week

-5.9%

5,221,277

Compared to previous week

Last Month

2.8%

22,330,164

Compared to previous month

Last Year

55.4%

211,703,542

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

JSON Schema $Ref Parser

Parse, Resolve, and Dereference JSON Schema $ref pointers

Installation

Install using npm:

1npm install @apidevtools/json-schema-ref-parser
2yarn add @apidevtools/json-schema-ref-parser
3bun add @apidevtools/json-schema-ref-parser

The Problem:

You've got a JSON Schema with $ref pointers to other files and/or URLs. Maybe you know all the referenced files ahead of time. Maybe you don't. Maybe some are local files, and others are remote URLs. Maybe they are a mix of JSON and YAML format. Maybe some of the files contain cross-references to each other.

1{
2  "definitions": {
3    "person": {
4      // references an external file
5      "$ref": "schemas/people/Bruce-Wayne.json"
6    },
7    "place": {
8      // references a sub-schema in an external file
9      "$ref": "schemas/places.yaml#/definitions/Gotham-City"
10    },
11    "thing": {
12      // references a URL
13      "$ref": "http://wayne-enterprises.com/things/batmobile"
14    },
15    "color": {
16      // references a value in an external file via an internal reference
17      "$ref": "#/definitions/thing/properties/colors/black-as-the-night"
18    }
19  }
20}

The Solution:

JSON Schema $Ref Parser is a full JSON Reference and JSON Pointer implementation that crawls even the most complex JSON Schemas and gives you simple, straightforward JavaScript objects.

Use JSON or YAML schemas — or even a mix of both!
Supports $ref pointers to external files and URLs, as well as custom sources such as databases
Can bundle multiple files into a single schema that only has internal $ref pointers
Can dereference your schema, producing a plain-old JavaScript object that's easy to work with
Supports circular references, nested references, back-references, and cross-references between files
Maintains object reference equality — $ref pointers to the same value always resolve to the same object instance
Compatible with Node LTS and beyond, and all major web browsers on Windows, Mac, and Linux

Example

1import $RefParser from "@apidevtools/json-schema-ref-parser";
2
3try {
4  await $RefParser.dereference(mySchema);
5  // note - by default, mySchema is modified in place, and the returned value is a reference to the same object
6  console.log(mySchema.definitions.person.properties.firstName);
7
8  // if you want to avoid modifying the original schema, you can disable the `mutateInputSchema` option
9  let clonedSchema = await $RefParser.dereference(mySchema, { mutateInputSchema: false });
10  console.log(clonedSchema.definitions.person.properties.firstName);
11} catch (err) {
12  console.error(err);
13}

For more detailed examples, please see the API Documentation

Polyfills

If you are using Node.js < 18, you'll need a polyfill for fetch, like node-fetch:

1import fetch from "node-fetch";
2
3globalThis.fetch = fetch;

Browser support

JSON Schema $Ref Parser supports recent versions of every major web browser. Older browsers may require Babel and/or polyfills.

To use JSON Schema $Ref Parser in a browser, you'll need to use a bundling tool such as Webpack, Rollup, Parcel, or Browserify. Some bundlers may require a bit of configuration, such as setting browser: true in rollup-plugin-resolve.

Webpack 5

Webpack 5 has dropped the default export of node core modules in favour of polyfills, you'll need to set them up yourself ( after npm-installing them ) Edit your webpack.config.js :

1config.resolve.fallback = {
2  path: require.resolve("path-browserify"),
3  fs: require.resolve("browserify-fs"),
4};
5
6config.plugins.push(
7  new webpack.ProvidePlugin({
8    Buffer: ["buffer", "Buffer"],
9  }),
10);

API Documentation

Full API documentation is available right here

Contributing

I welcome any contributions, enhancements, and bug-fixes. Open an issue on GitHub and submit a pull request.

Building/Testing

To build/test the project locally on your computer:

Clone this repo
git clone https://github.com/APIDevTools/json-schema-ref-parser.git
Install dependencies
yarn install
Run the tests
yarn test

License

JSON Schema $Ref Parser is 100% free and open-source, under the MIT license. Use it however you want.

Thanks

Thanks to these awesome contributors for their major support of this open-source project.

High

8.1/10

Summary

json-schema-ref-parser Prototype Pollution issue

Affected Versions

>= 11.0.0, <= 11.1.0

Patched Versions

11.2.0

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI-CD.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/APIDevTools/json-schema-ref-parser/CI-CD.yaml/main?enable=pin
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

5.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.