Gathering detailed insights and metrics for express-oas-validator
Gathering detailed insights and metrics for express-oas-validator
Express OpenAPI Specification (OAS) middleware validator
Installations
npm install express-oas-validatorDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
12.22.12
NPM Version
6.14.16
Releases
10
Languages
1
JavaScript
JavaScript (100%)
Developer
BRIKEV
Download Statistics
Total Downloads
72,003
Last Day
117
Last Week
717
Last Month
3,020
Last Year
34,633
GitHub Statistics
MIT License
13 Stars
32 Commits
2 Watchers
2 Branches
3 Contributors
Updated on Jan 15, 2025
Maintainers
1
Package Meta Information
Latest Version
3.0.1
Package Id
express-oas-validator@3.0.1
Unpacked Size
30.68 kB
Size
10.68 kB
File Count
19
NPM Version
6.14.16
Node Version
12.22.12
Total Downloads
Cumulative downloads
Total Downloads
72,003
Last Day
138.8%
117
Compared to previous day
Last Week
27.8%
717
Compared to previous week
Last Month
12.1%
3,020
Compared to previous month
Last Year
106.6%
34,633
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
express-oas-validator
Express OpenAPI Specification (OAS) middleware validator and response validator.
This package will expose an express middleware that will validate your endpoint based on your OpenAPI docs, and a response validator to do the same with your responses payload.
Installation
Install using the node package registry:
1npm install --save express-oas-validator
Usage
This is a basic usage of this package.
1const express = require('express'); 2// We recommed to install "body-parser" to validate request body 3const bodyParser = require('body-parser'); 4const { init } = require('express-oas-validator'); 5const swaggerDefinition = require('./swaggerDefinition.json'); 6 7const app = express(); 8 9// Each instance of the validator will provide two methods to perform validation 10const { validateRequest, validateResponse } = init(swaggerDefinition); 11 12app.use(bodyParser.urlencoded({ extended: true })); 13app.use(bodyParser.json()); 14 15// Middleware validator 16app.post('/api/v1/songs', validateRequest(), (req, res) => res.send('You save a song!')); 17 18// Middleware validator with custom configuration 19app.get('/api/v1/albums/:id', validateRequest({ headers: false }), (req, res) => ( 20 res.json([{ 21 title: 'abum 1', 22 }]) 23)); 24 25// Middleware validator with custom configuration 26app.get('/api/v1/authors', validateRequest({ body: false, query: false }), (req, res) => ( 27 res.json([{ 28 title: 'abum 1', 29 }]) 30)); 31 32// Response validator 33app.post('/api/v1/name', (req, res, next) => { 34 try { 35 validateResponse('Error string', req, 200); 36 return res.send('Hello World!'); 37 } catch (error) { 38 return next(error); 39 } 40}); 41 42// Express default error handler 43app.use((err, req, res, next) => { 44 res.status(err.status).json(err); 45});
Methods
init(openApiDef, options)
This method generates a new instance of the validator, which will provide us with the validateRequest and validateResponse methods that we can use to validate the input and output of our endpoints.
It's possible to generate multiple instances using different API definitions and / or configuration.
Parameters
| Name | Type | Description |
|---|---|---|
| openApiDef | object | OpenAPI definition |
| options | object | Options to extend the errorHandler or Ajv configuration |
Example
1const swaggerDefinition = require('./swaggerDefinition.json'); 2 3// Each instance of the validator will provide two methods to perform validation 4const { validateRequest, validateResponse } = init(swaggerDefinition);
validateRequest(config)
Express middleware that validates the input of the endpoint based on its definition. This includes the request body, headers, path params and query params.
Optionally, the method can receive a parameter with a configuration object to override the defaults and determine which of these inputs we want the middleware to validate.
Parameters
| Name | Type | Description |
|---|---|---|
| config | object | Options to override the default configuration |
Configuration options
| Name | Type | Description | Default value |
|---|---|---|---|
| body | boolean | Indicates if request body will be validated | true |
| params | boolean | Indicates if path params will be validated | true |
| headers | boolean | Indicates if request headers will be validated | true |
| query | boolean | Indicates if query params will be validated | true |
| required | boolean | Indicates if required fields will be validated | true |
| errorStatusCode | number | HTTP code that will be returned in case the input validation fails | 400 |
Example
1// Use middleware with default settings 2app.get('/api/v1/albums/:id', validateRequest(), (req, res) => ( 3 res.json([{ 4 title: 'abum 1', 5 }]) 6)); 7 8// Use middleware with custom settings 9app.get('/api/v1/albums/:id', validateRequest({ headers: false }), (req, res) => ( 10 res.json([{ 11 title: 'abum 1', 12 }]) 13));
validateResponse(payload, req, status)
Method to validate response payload based on the docs and the status we want to validate.
Parameters
| Name | Type | Description |
|---|---|---|
| payload | * | Response we want to validate |
| req | object | Options to extend the errorHandler or Ajv configuration |
| status | number | Response status we want to validate |
Example
1validateResponse('Error string', req, 200);
Example with express-jsdoc-swagger
This is an example that uses this library together with express-jsdoc-swagger.
1const express = require('express'); 2const expressJSDocSwagger = require('express-jsdoc-swagger'); 3const { init } = require('express-oas-validator'); 4 5const options = { 6 info: { 7 version: '1.0.0', 8 title: 'Albums store', 9 license: { 10 name: 'MIT', 11 }, 12 }, 13 filesPattern: './fake-server.js', 14 baseDir: __dirname, 15}; 16 17const app = express(); 18const instance = expressJSDocSwagger(app)(options); 19 20const serverApp = () => new Promise(resolve => { 21 instance.on('finish', data => { 22 const { validateRequest, validateResponse } = init(data); 23 24 /** 25 * A song 26 * @typedef {object} Song 27 * @property {string} title.required - The title 28 * @property {string} artist - The artist 29 * @property {integer} year - The year 30 */ 31 32 /** 33 * POST /api/v1/songs 34 * @param {Song} request.body.required - song info 35 * @return {object} 200 - song response 36 */ 37 app.post('/api/v1/songs', validateRequest(), (req, res) => res.send('You save a song!')); 38 39 /** 40 * POST /api/v1/name 41 * @param {string} request.body.required - name body description 42 * @return {object} 200 - song response 43 */ 44 app.post('/api/v1/name', (req, res, next) => { 45 try { 46 validateResponse('Error string', req); 47 return res.send('Hello World!'); 48 } catch (error) { 49 return next(error); 50 } 51 }); 52 53 /** 54 * GET /api/v1/authors 55 * @summary This is the summary or description of the endpoint 56 * @param {string} name.query.required - name param description - enum:type1,type2 57 * @param {array<string>} license.query - name param description 58 * @return {object} 200 - success response - application/json 59 */ 60 app.get('/api/v1/authors', validateRequest({ headers: false }), (req, res) => ( 61 res.json([{ 62 title: 'abum 1', 63 }]) 64 )); 65 66 // eslint-disable-next-line no-unused-vars 67 app.use((err, req, res, next) => { 68 res.status(err.status).json(err); 69 }); 70 71 resolve(app); 72 }); 73 74 app.use(express.urlencoded({ extended: true })); 75 app.use(express.json()); 76}); 77 78module.exports = serverApp;
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runTests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/runTests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runTests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/runTests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/runTests.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/runTests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runTests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/runTests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runTests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/BRIKEV/express-oas-validator/runTests.yml/main?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
Found 9/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/runTests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.5
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More