Gathering detailed insights and metrics for @stoplight/spectral-formatters
Gathering detailed insights and metrics for @stoplight/spectral-formatters
A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
Installations
npm install @stoplight/spectral-formattersDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
^16.20 || ^18.18 || >= 20.17
Node Version
22.14.0
NPM Version
8.19.4
Score
90.5
Supply Chain
74.7
Quality
78.2
Maintenance
100
Vulnerability
99.3
License
Releases
107
Languages
5
TypeScript
JavaScript
HTML
Shell
Dockerfile
TypeScript (96.99%)
JavaScript (2.66%)
HTML (0.18%)
Shell (0.1%)
Dockerfile (0.07%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
2,775 Stars
2,126 Commits
259 Forks
33 Watchers
25 Branches
163 Contributors
Updated on Jul 16, 2025
Maintainers
1
Package Meta Information
Latest Version
1.5.0
Package Id
@stoplight/spectral-formatters@1.5.0
Unpacked Size
78.73 kB
Size
19.77 kB
File Count
78
NPM Version
8.19.4
Node Version
22.14.0
Published on
Apr 22, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
@stoplight/spectral-formatters
This project exposes the available formatters from the CLI for users that perform custom validation through Javascript.
Usage
1import { pretty } from "@stoplight/spectral-formatters"; 2 3const spectral = new Spectral(); 4// ... 5const result = await spectral.run(document); 6 7// You can also filter the results here. 8const output = pretty(result); 9 10console.error(output); 11// ...
Available formatters
Common (available both in the browser and Node.js)
- json
- stylish
- junit
- html
- text
- teamcity
- markdown (example: markdown_example.md)
Node.js only
- pretty
- github-actions
- sarif
- gitlab
- code-climate
No vulnerabilities found.
Reason
9 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
Found 7/27 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/jira-issue-label-added.yaml:1
- Warn: no topLevel permission defined: .github/workflows/markdown-links.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v6.15.0 not signed: https://api.github.com/repos/stoplightio/spectral/releases/213881708
- Warn: release artifact v6.14.3 not signed: https://api.github.com/repos/stoplightio/spectral/releases/203618541
- Warn: release artifact v6.14.2 not signed: https://api.github.com/repos/stoplightio/spectral/releases/186400741
- Warn: release artifact v6.14.1 not signed: https://api.github.com/repos/stoplightio/spectral/releases/185292905
- Warn: release artifact v6.14.0 not signed: https://api.github.com/repos/stoplightio/spectral/releases/184862357
- Warn: release artifact v6.15.0 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/213881708
- Warn: release artifact v6.14.3 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/203618541
- Warn: release artifact v6.14.2 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/186400741
- Warn: release artifact v6.14.1 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/185292905
- Warn: release artifact v6.14.0 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/184862357
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/jira-issue-label-added.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/spectral/jira-issue-label-added.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/spectral/markdown-links.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/spectral/markdown-links.yml/develop?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:8: pin your Docker image by updating mcr.microsoft.com/vscode/devcontainers/javascript-node:0-12 to mcr.microsoft.com/vscode/devcontainers/javascript-node:0-12@sha256:badcf848a77adb3ad67c8111e1418f2baff2b241be99d17eba5cccc25dc4a2d7
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More