Gathering detailed insights and metrics for ibm-openapi-validator
Gathering detailed insights and metrics for ibm-openapi-validator
Configurable and extensible validator/linter for OpenAPI documents
Installations
npm install ibm-openapi-validatorDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>=16.0.0
Node Version
20.19.1
NPM Version
9.9.4
Releases
446
ibm-openapi-validator@1.35.2
ibm-openapi-validator@1.35.2
Updated on May 05, 2025
ibm-openapi-validator@1.35.1
ibm-openapi-validator@1.35.1
Updated on May 02, 2025
@ibm-cloud/openapi-ruleset@1.31.1
@ibm-cloud/openapi-ruleset@1.31.1
Updated on May 02, 2025
ibm-openapi-validator@1.35.0
ibm-openapi-validator@1.35.0
Updated on Apr 23, 2025
@ibm-cloud/openapi-ruleset@1.31.0
@ibm-cloud/openapi-ruleset@1.31.0
Updated on Apr 23, 2025
@ibm-cloud/openapi-ruleset-utilities@1.9.0
@ibm-cloud/openapi-ruleset-utilities@1.9.0
Updated on Apr 23, 2025
Languages
4
JavaScript
Shell
Dockerfile
Mustache
JavaScript (99.77%)
Shell (0.13%)
Dockerfile (0.07%)
Mustache (0.03%)
Developer
IBM
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
560 Stars
1,471 Commits
92 Forks
21 Watchers
10 Branches
57 Contributors
Updated on Jul 17, 2025
Maintainers
2
Package Meta Information
Latest Version
1.35.2
Package Id
ibm-openapi-validator@1.35.2
Unpacked Size
339.84 kB
Size
65.45 kB
File Count
110
NPM Version
9.9.4
Node Version
20.19.1
Published on
May 05, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
18
Dev Dependencies
3
OpenAPI Validator
The IBM OpenAPI Validator lets you validate OpenAPI 3.0.x and OpenAPI 3.1.x documents for compliance with the OpenAPI specifications, as well as IBM-defined best practices.
Note: this page displays abbreviated usage info for getting started. Visit this page for the full documentation.
Installation
npm install -g ibm-openapi-validator
The -g flag installs the tool globally so that the validator can be run from anywhere in the file system. Alternatively, you can pass no flag or the --save-dev flag to add the validator as a dependency to your project and run it from your NPM scripts or JavaScript code.
Usage
Command Syntax
1Usage: lint-openapi [options] [file...] 2 3Run the validator on one or more OpenAPI 3.x documents 4 5Options: 6 -c, --config <file> use configuration stored in <file> (*.json, *.yaml, *.js) 7 -e, --errors-only include only errors in the output and skip warnings (default is false) 8 -i, --ignore <file> avoid validating <file> (e.g. -i /dir1/ignore-file1.json --ignore /dir2/ignore-file2.yaml ...) (default is []) (default: []) 9 -j, --json produce JSON output (default is text) 10 -l, --log-level <loglevel> set the log level for one or more loggers (e.g. -l root=info -l ibm-schema-description-exists=debug ...) (default: []) 11 -n, --no-colors disable colorizing of the output (default is false) 12 -r, --ruleset <file> use Spectral ruleset contained in `<file>` ("default" forces use of default IBM Cloud Validation Ruleset) 13 -s, --summary-only include only the summary information and skip individual errors and warnings (default is false) 14 -q, --impact-score compute scores representing the API impact of rule violations and include with the results (default is false) 15 -m, --markdown-report generate a Markdown file with a report on all validator results (default is false) 16 -w, --warnings-limit <number> set warnings limit to <number> (default is -1) 17 --version output the version number 18 -h, --help display help for command
where [file...] is a space-separated list containing the filenames of one or more OpenAPI 3.x documents to be validated.
Further Reading
Again, this page displays abbreviated information. The following links may be helpful:
No vulnerabilities found.
Reason
17 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-22r3-9w55-cj54
Reason
Found 12/26 approved changesets -- score normalized to 4
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/docker.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/IBM/openapi-validator/docker.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e
- Warn: pipCommand not pinned by hash: .github/workflows/build.yaml:41
- Warn: npmCommand not pinned by hash: .github/workflows/build.yaml:93
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 2 out of 3 npmCommand dependencies pinned
- Info: 0 out of 1 pipCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yaml:1
- Warn: no topLevel permission defined: .github/workflows/docker.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact ibm-openapi-validator@1.35.2 not signed: https://api.github.com/repos/IBM/openapi-validator/releases/216537157
- Warn: release artifact ibm-openapi-validator@1.35.1 not signed: https://api.github.com/repos/IBM/openapi-validator/releases/216195805
- Warn: release artifact ibm-openapi-validator@1.35.0 not signed: https://api.github.com/repos/IBM/openapi-validator/releases/214317164
- Warn: release artifact ibm-openapi-validator@1.35.2 does not have provenance: https://api.github.com/repos/IBM/openapi-validator/releases/216537157
- Warn: release artifact ibm-openapi-validator@1.35.1 does not have provenance: https://api.github.com/repos/IBM/openapi-validator/releases/216195805
- Warn: release artifact ibm-openapi-validator@1.35.0 does not have provenance: https://api.github.com/repos/IBM/openapi-validator/releases/214317164
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Score
4.6
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More