npmpackage.info

Gathering detailed insights and metrics for @stoplight/prism-cli

@stoplight/prism-cli

Turn any OpenAPI2/3 and Postman Collection file into an API server with mocking, transformations and validations.

5.12.0

4,341

Apache-2.0

TypeScript

9,453,139 4.8

Installations

npm install @stoplight/prism-cli

Pull Requests

Open

7

Total

1,844

Closed

462

Merged

1,375

Issues

Open

83

Total

709

Closed

626

Releases

195

v5.12.1

Published on 13 Nov 2024

v5.12.0

Published on 13 Nov 2024

v5.11.2

Published on 16 Sept 2024

v5.11.1

Published on 09 Aug 2024

v5.11.0

Published on 19 Jul 2024

v5.8.2

Published on 02 Jul 2024

View all 195 releases

Developer

stoplightio

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=18.20.1

Typescript Support

Yes

Node Version

18.20.5

NPM Version

lerna/8.1.5/node@v18.20.5+x64 (linux)

Statistics

4,341 Stars

2,026 Commits

349 Forks

55 Watching

30 Branches

142 Contributors

Updated on 27 Nov 2024

Languages

TypeScript (98.89%)

Dockerfile (0.53%)

JavaScript (0.45%)

Shell (0.13%)

Total Downloads

Cumulative downloads

Total Downloads

9,453,139

Last day

-16.4%

13,890

Compared to previous day

Last week

4.5%

77,162

Compared to previous week

Last month

5.9%

335,558

Compared to previous month

Last year

32.4%

3,297,346

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@stoplight/json @stoplight/json-schema-ref-parser @stoplight/prism-core @stoplight/prism-http @stoplight/prism-http-server @stoplight/types chalk chokidar fp-ts json-schema-faker lodash node-fetch pino signale split2 tslib uri-template-lite urijs yargs

Versions

Prism Overview

Prism is a set of packages for API mocking and contract testing with OpenAPI v2 (formerly known as Swagger) and OpenAPI v3.x.

Prism provides:

Mock Servers: Life-like mock servers from any API specification document.
Validation Proxy: Contract Testing for API consumers and developers.
Comprehensive API Specification Support: OpenAPI v3.1, OpenAPI v3.0, OpenAPI v2.0 (formerly Swagger) and Postman Collections.

Ways to Use Prism

Hosted Prism

Stoplight provides hosted mock servers for convenience so that API consumers can experiment with an API without the need for backend code.

Use one of these options for instant, hosted mock servers:

Stoplight Platform: Collaborative API Design Platform for designing, developing and documenting APIs with hosted mocking powered by Prism.
Stoplight Studio: Free visual OpenAPI designer that comes integrated with mocking powered by Prism.

Learn more in the hosted Prism documentation.

Self-hosted Prism

Prism is an open-source HTTP server run from the command-line. It provides mocking, request validation, and content negotiation. Use it standalone tool or in continuous integration.

Demo of Prism Mock Server being called with curl from the CLI

Installation and Usage

This information refers to Open Source Prism 3.x, which is the current version most likely you will use. If you're looking for the 2.x version, look at the 2.x branch

Install Self-hosted Prism

Prism requires

NodeJS >= 18.20.1
for NodeJS 18.x, >= 18.16 is required

1npm install -g @stoplight/prism-cli
2
3# OR
4
5yarn global add @stoplight/prism-cli

For more installation options, see our installation documentation.

Mocking

Prism can help you create a fake "mock" based off an OpenAPI document, which helps people see how your API will work before you even have it built. Run it locally with the prism mock command to run your API on a HTTP server you can interact with.

1prism mock https://raw.githack.com/OAI/OpenAPI-Specification/master/examples/v3.0/petstore-expanded.yaml

Learn more about how the mock server works.

Validation Proxy

Prism can help you check for discrepencies between your API implementation and the OpenAPI document that describes, letting you funnel HTTP traffic through it with the prism proxy command.

1prism proxy examples/petstore.oas2.yaml https://petstore.swagger.io/v2

Learn more about how the validation proxy works.

📖 Documentation and Community

❓ FAQs

Cannot access mock server when using Docker?

Prism uses localhost by default, which usually means 127.0.0.1. When using docker the mock server will be unreachable outside of the container unless you run the mock command with -h 0.0.0.0.

Why am I getting 404 errors when I include my basePath?

OpenAPI v2.0 had a concept called "basePath", which was essentially part of the HTTP path the stuff after host name and protocol, and before query string. Unlike the paths in your paths object, this basePath was applied to every single URL, so Prism v2.x used to do the same. In OpenAPI v3.0 they merged the basePath concept in with the server.url, and Prism v3 has done the same.

We treat OAS2 host + basePath the same as OAS3 server.url, so we do not require them to go in the URL. If you have a base path of api/v1 and your path is defined as hello, then a request to http://localhost:4010/hello would work, but http://localhost:4010/api/v1/hello will fail. This confuses some, but the other way was confusing to others. Check the default output of Prism CLI to see what URLs you have available.

🚧 Roadmap

Content Negotiation
Security Validation
Validation Proxy
Recording/Learning Mode (create OpenAPI from HTTP traffic)
Data Persistence (allow Prism act like a sandbox)

Submit your ideas for new functionality on the Stoplight Roadmap.

🏁 Help Others Utilize Prism

If you're using Prism for an interesting use case, contact us for a case study. We'll add it to a list here. Spread the goodness 🎉

👏 Contributing

If you are interested in contributing to Prism itself, check out our contributing docs ⇗ and code of conduct ⇗ to get started.

🎉 Thanks

Prism is built on top of lots of excellent packages, and here are a few we'd like to say a special thanks to.

Check these projects out!

🌲 Sponsor Prism by Planting a Tree

If you would like to thank us for creating Prism, we ask that you buy the world a tree.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

9

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

Security-Policy

Determines if the project has published a security policy.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/auto-approve.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-merge-dependabot.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/auto-merge-dependabot.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/markdown-links.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/markdown-links.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/pr-title.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/prism/release.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:11
Warn: containerImage not pinned by hash: Dockerfile:37: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
Warn: downloadThenRun not pinned by hash: Dockerfile:33
Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned

0

SAST

Determines if the project uses static code analysis.

Score

4.8

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More