npmpackage.info

Gathering detailed insights and metrics for openapi-response-validator

openapi-response-validator

A Monorepo of various packages to power OpenAPI in node

12.1.3

895

MIT

JavaScript

20,409,925 3

Installations

npm install openapi-response-validator

Score

97.7

Supply Chain

100

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

28

Total

600

Closed

104

Merged

468

Issues

Open

114

Total

314

Closed

200

Releases

Version 0.9.1

v0.9.1

Published on 06 Feb 2016

Version 0.9.0

v0.9.0

Published on 05 Feb 2016

Version 0.8.0

v0.8.0

Published on 05 Feb 2016

Version 0.7.1

v0.7.1

Published on 05 Feb 2016

Version 0.7.0

v0.7.0

Published on 05 Feb 2016

Version 0.6.3

v0.6.3

Published on 05 Feb 2016

View all 8 releases

Developer

kogosoftwarellc

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

Yes

Node Version

16.18.0

NPM Version

lerna/3.22.1/node@v16.18.0+x64 (linux)

Statistics

895 Stars

1,373 Commits

237 Forks

13 Watching

228 Branches

115 Contributors

Updated on 20 Nov 2024

Languages

JavaScript (64.43%)

TypeScript (35.38%)

Shell (0.19%)

Total Downloads

Cumulative downloads

Total Downloads

20,409,925

Last day

-28.4%

16,923

Compared to previous day

Last week

-10.1%

104,007

Compared to previous week

Last month

9.1%

454,560

Compared to previous month

Last year

9.7%

4,592,004

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

ajv openapi-types

Versions

@open-api

A Monorepo of various packages to power OpenAPI in node.

Quick Start Express

See express-openapi

Quick Start Koa

See koa-openapi

Packages

Development

This monorepo uses lerna for development. See the root package.json for helpful scripts.

Typical Workflow for Contributors

Let's say you're working on a package under ./packages. Here's what you do:

cd open-api
npm run bootstrap
npm t
Make your changes.
Do not bump the version in package.json. A maintainer will handle that once your PR is merged.
Once you're satisfied with your changes:
Create a new branch git checkout -b my-branch (in case you haven't done so already).
./bin/commit packages/<package_you're_working_on> 'commit message describing your change. can be multi line here. just close with a single quote like so:'
Push your change to your fork
Open a PR.

bin

Several scripts have been created to aid in the development of this monorepo (see ./bin). They assume that your $PWD is the root of the repository. Here is a brief summary of common actions:

Commit changes to a package - ./bin/commit packages/<package_to_commit> 'Commit message' (the commit message will be prepended with the package name e.g. <package_to_commit>: Commit message
These reduce boilerplate and are called from npm scripts in leaf repos.
- nyc
- tsc
- mocha

LICENSE

The MIT License (MIT)

Copyright (c) 2018 Kogo Software LLC

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

4

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

3

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

40 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7

Score

3

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More