Gathering detailed insights and metrics for openapi-to-postmanv2
Gathering detailed insights and metrics for openapi-to-postmanv2
Installations
npm install openapi-to-postmanv2Developer
postmanlabs
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=8
Typescript Support
No
Node Version
16.10.0
NPM Version
7.24.0
Statistics
930 Stars
2,472 Commits
200 Forks
22 Watching
223 Branches
79 Contributors
Updated on 27 Nov 2024
Bundle Size
2.04 MB
Minified
661.80 kB
Minified + Gzipped
Languages
JavaScript (99.75%)
Shell (0.25%)
Total Downloads
Cumulative downloads
Total Downloads
7,014,701
Last day
-7.2%
10,244
Compared to previous day
Last week
2.3%
57,768
Compared to previous week
Last month
13.5%
267,180
Compared to previous month
Last year
65.4%
3,207,464
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
17
Versions
Supercharge your API workflow. Modern software is built on APIs. Postman helps you develop APIs faster.
OpenAPI 3.0, 3.1 and Swagger 2.0 to Postman Collection
Contents
🚀 We now also support OpenAPI 3.1 and Swagger 2.0 along with OpenAPI 3.0.
💠Getting Started
To use the converter as a Node module, you need to have a copy of the NodeJS runtime. The easiest way to do this is through npm. If you have NodeJS installed you have npm installed as well.
1$ npm install openapi-to-postmanv2
If you want to use the converter in the CLI, install it globally with NPM:
1$ npm i -g openapi-to-postmanv2
📖 Command Line Interface
The converter can be used as a CLI tool as well. The following command line options are available.
openapi2postmanv2 [options]
Options
-
-s <source>,--spec <source>Used to specify the OpenAPI specification (file path) which is to be converted -
-o <destination>,--output <destination>Used to specify the destination file in which the collection is to be written -
-p,--prettyUsed to pretty print the collection object while writing to a file -
-i,--interface-versionSpecifies the interface version of the converter to be used. Value can be 'v2' or 'v1'. Default is 'v2'. -
-O,--optionsUsed to supply options to the converter, for complete options details see here -
-c,--options-configUsed to supply options to the converter through config file, for complete options details see here -
-t,--testUsed to test the collection with an in-built sample specification -
-v,--versionSpecifies the version of the converter -
-h,--helpSpecifies all the options along with a few usage examples on the terminal
Usage
- Takes a specification (spec.yaml) as an input and writes to a file (collection.json) with pretty printing and using provided options
1$ openapi2postmanv2 -s spec.yaml -o collection.json -p -O folderStrategy=Tags,includeAuthInfoInExample=false
- Takes a specification (spec.yaml) as an input and writes to a file (collection.json) with pretty printing and using provided options via config file
1$ openapi2postmanv2 -s spec.yaml -o collection.json -p -c ./examples/cli-options-config.json
- Takes a specification (spec.yaml) as an input and writes to a file (collection.json) with pretty printing and using provided options (Also avoids any
"<Error: Too many levels of nesting to fake this schema>"kind of errors present in converted collection)
1$ openapi2postmanv2 -s spec.yaml -o collection.json -p -O folderStrategy=Tags,requestParametersResolution=Example,optimizeConversion=false,stackLimit=50
- Testing the converter
1$ openapi2postmanv2 --test
🛠Using the converter as a NodeJS module
In order to use the convert in your node application, you need to import the package using require.
1var Converter = require('openapi-to-postmanv2')
The converter provides the following functions:
Convert
The convert function takes in your OpenAPI 3.0, 3.1 and Swagger 2.0 specification ( YAML / JSON ) and converts it to a Postman collection.
Signature: convert (data, options, callback);
data:
1{ type: 'file', data: 'filepath' } 2OR 3{ type: 'string', data: '<entire OpenAPI string - JSON or YAML>' } 4OR 5{ type: 'json', data: OpenAPI-JS-object }
options:
1{ 2 schemaFaker: true, 3 requestNameSource: 'fallback', 4 indentCharacter: ' ' 5} 6/* 7All three properties are optional. Check the options section below for possible values for each option. 8*/
Note: All possible values of options and their usage can be found over here: OPTIONS.md
callback:
1function (err, result) { 2 /* 3 result = { 4 result: true, 5 output: [ 6 { 7 type: 'collection', 8 data: {..collection object..} 9 } 10 ] 11 } 12 */ 13}
Options
Check out complete list of options and their usage at OPTIONS.md
ConversionResult
-
result- Flag responsible for providing a status whether the conversion was successful or not. -
reason- Provides the reason for an unsuccessful conversion, defined only if result iffalse. -
output- Contains an array of Postman objects, each one with atypeanddata. The only type currently supported iscollection.
Sample Usage
1const fs = require('fs'), 2 Converter = require('openapi-to-postmanv2'), 3 openapiData = fs.readFileSync('sample-spec.yaml', {encoding: 'UTF8'}); 4 5Converter.convert({ type: 'string', data: openapiData }, 6 {}, (err, conversionResult) => { 7 if (!conversionResult.result) { 8 console.log('Could not convert', conversionResult.reason); 9 } 10 else { 11 console.log('The collection object is: ', conversionResult.output[0].data); 12 } 13 } 14);
Validate Function
The validate function is meant to ensure that the data that is being passed to the convert function is a valid JSON object or a valid (YAML/JSON) string.
The validate function is synchronous and returns a status object which conforms to the following schema
Validation object schema
1{ 2 type: 'object', 3 properties: { 4 result: { type: 'boolean'}, 5 reason: { type: 'string' } 6 }, 7 required: ['result'] 8}
Validation object explanation
-
result- true if the data looks like OpenAPI and can be passed to the convert function -
reason- Provides a reason for an unsuccessful validation of the specification
🧠Conversion Schema
| postman | openapi | related options |
|---|---|---|
| collectionName | info.title | - |
| description | info.description + info.contact | - |
| collectionVariables | server.variables + pathVariables | - |
| folderName | paths.path / tags.name | folderStrategy |
| requestName | operationItem(method).summary / operationItem(method).operationId / url | requestNameSource |
| request.method | path.method | - |
| request.headers | parameter (in = header) | - |
| request.body | operationItem(method).requestBody | requestParametersResolution, exampleParametersResolution |
| request.url.raw | server.url (path level server >> openapi server) + path | - |
| request.url.variables | parameter (in = path) | - |
| request.url.params | parameter (in = query) | - |
| api_key in (query or header) | components.securitySchemes.api_key | includeAuthInfoInExample |
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
Found 4/6 approved changesets -- score normalized to 6
Reason
4 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/integration.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/integration.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/integration.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/integration.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/openapi-to-postman/publish-new-release.yml/develop?enable=pin
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/publish-new-release.yml:23
- Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/publish-new-release.yml:31
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/draft-new-release.yml:17
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-new-release.yml:18
- Warn: no topLevel permission defined: .github/workflows/draft-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/integration.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-new-release.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More