Gathering detailed insights and metrics for @stoplight/spectral-ref-resolver
Gathering detailed insights and metrics for @stoplight/spectral-ref-resolver
A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
Installations
npm install @stoplight/spectral-ref-resolverDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^16.20 || ^18.18 || >= 20.17
Node Version
20.18.0
NPM Version
8.19.4
Score
96.4
Supply Chain
65.1
Quality
78.4
Maintenance
100
Vulnerability
99.6
License
Releases
107
Languages
5
TypeScript
JavaScript
HTML
Shell
Dockerfile
TypeScript (96.99%)
JavaScript (2.66%)
HTML (0.18%)
Shell (0.1%)
Dockerfile (0.07%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
2,772 Stars
2,126 Commits
259 Forks
33 Watchers
25 Branches
163 Contributors
Updated on Jul 11, 2025
Maintainers
2
Package Meta Information
Latest Version
1.0.5
Package Id
@stoplight/spectral-ref-resolver@1.0.5
Unpacked Size
14.87 kB
Size
5.46 kB
File Count
9
NPM Version
8.19.4
Node Version
20.18.0
Published on
Nov 13, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
@stoplight/spectral-ref-resolver
This package provides Spectral-compatible bindings for @stoplight/json-ref-resolver and @stoplight/json-ref-readers.
You shouldn't need to install this package directly unless you want to create a custom JSON refs resolver
Installation
1npm install --save @stoplight/spectral-ref-resolver 2 3# OR 4 5yarn add @stoplight/spectral-ref-resolver
Usage
An example usage of spectral-ref-resolver together with proxy-agent.
1import { createHttpAndFileResolver, Resolver } from '@stoplight/spectral-ref-resolver'; 2import ProxyAgent from import('proxy-agent'); 3 4module.exports = createHttpAndFileResolver({ agent: new ProxyAgent(process.env.PROXY) });
No vulnerabilities found.
Reason
9 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
Found 7/27 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/jira-issue-label-added.yaml:1
- Warn: no topLevel permission defined: .github/workflows/markdown-links.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v6.15.0 not signed: https://api.github.com/repos/stoplightio/spectral/releases/213881708
- Warn: release artifact v6.14.3 not signed: https://api.github.com/repos/stoplightio/spectral/releases/203618541
- Warn: release artifact v6.14.2 not signed: https://api.github.com/repos/stoplightio/spectral/releases/186400741
- Warn: release artifact v6.14.1 not signed: https://api.github.com/repos/stoplightio/spectral/releases/185292905
- Warn: release artifact v6.14.0 not signed: https://api.github.com/repos/stoplightio/spectral/releases/184862357
- Warn: release artifact v6.15.0 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/213881708
- Warn: release artifact v6.14.3 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/203618541
- Warn: release artifact v6.14.2 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/186400741
- Warn: release artifact v6.14.1 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/185292905
- Warn: release artifact v6.14.0 does not have provenance: https://api.github.com/repos/stoplightio/spectral/releases/184862357
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/spectral/markdown-links.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown-links.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/stoplightio/spectral/markdown-links.yml/develop?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:8: pin your Docker image by updating mcr.microsoft.com/vscode/devcontainers/javascript-node:0-12 to mcr.microsoft.com/vscode/devcontainers/javascript-node:0-12@sha256:badcf848a77adb3ad67c8111e1418f2baff2b241be99d17eba5cccc25dc4a2d7
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More