Perform rapid conversion and validation of JSON structure between Postman Collection Format v1 and v2.
Installations
npm install postman-collection-transformerScore
97.4
Supply Chain
100
Quality
81.7
Maintenance
100
Vulnerability
99.6
License
Developer
postmanlabs
Developer Guide
Module System
CommonJS
Min. Node Version
>=10
Typescript Support
No
Node Version
18.11.0
NPM Version
8.19.2
Statistics
87 Stars
1,335 Commits
45 Forks
15 Watching
22 Branches
57 Contributors
Updated on 28 Oct 2024
Bundle Size
139.70 kB
Minified
44.03 kB
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
118,050,273
Last day
-3.5%
105,530
Compared to previous day
Last week
-1.1%
629,398
Compared to previous week
Last month
5.3%
2,803,228
Compared to previous month
Last year
4.2%
31,997,446
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
28
Postman Collection Transformer 
Perform rapid conversion of JSON structure between Postman Collection Format v1 and v2.
The formats are documented at https://schema.postman.com
Installation
For CLI usage:
$ npm install -g postman-collection-transformer
As a library:
$ npm install --save postman-collection-transformer
Usage
Converting Entire Collections
The transformer provides a Command line API to convert collections.
Example:
$ postman-collection-transformer convert \
--input ./v1-collection.json \
--input-version 2.0.0 \
--output ./v2-collection.json \
--output-version 1.0.0 \
--pretty \
--overwrite
All options:
$ postman-collection-transformer convert -h
Usage: convert [options]
Convert Postman Collection from one format to another
Options:
-h, --help output usage information
-i, --input <path> path to the input postman collection file
-j, --input-version [version] the version of the input collection format standard (v1 or v2)
-o, --output <path> target file path where the converted collection will be written
-p, --output-version [version] required version to which the collection is needed to be converted to
-P, --pretty Pretty print the output
--retain-ids Retain the request and folder IDs during conversion (collection ID is always retained)
-w, --overwrite Overwrite the output file if it exists
If you'd rather use the transformer as a library:
1 var transformer = require('postman-collection-transformer'), 2 collection = require('./path/to/collection.json'), 3 inspect = require('util').inspect, 4 5 options = { 6 inputVersion: '1.0.0', 7 outputVersion: '2.0.0', 8 retainIds: true // the transformer strips request-ids etc by default. 9 }; 10 11 transformer.convert(collection, options, function (error, result) { 12 if (error) { 13 return console.error(error); 14 } 15 16 // result <== the converted collection as a raw Javascript object 17 console.log(inspect(result, {colors: true, depth: 10000})); 18 });
Converting Individual Requests
The transformer also allows you to convert individual requests (only supported when used as a library):
Example
1 2 var transformer = require('postman-collection-transformer'), 3 4 objectToConvert = { /* A valid collection v1 Request or a collection v2 Item */ }, 5 6 options = { 7 inputVersion: '1.0.0', 8 outputVersion: '2.0.0', 9 retainIds: true // the transformer strips request-ids etc by default. 10 }; 11 12 transformer.convertSingle(objectToConvert, options, function (err, converted) { 13 console.log(converted); 14 });
Converting Individual Responses
You can convert individual responses too if needed:
Example
1 2 var transformer = require('postman-collection-transformer'), 3 4 objectToConvert = { /* A v1 Response or a v2 Response */ }, 5 6 options = { 7 inputVersion: '1.0.0', 8 outputVersion: '2.0.0', 9 retainIds: true // the transformer strips request-ids etc by default. 10 }; 11 12 transformer.convertResponse(objectToConvert, options, function (err, converted) { 13 console.log(converted); 14 });
Normalizing v1 collections
The transformer also provides a Command line API to normalize collections for full forward compatibility.
Example:
$ postman-collection-transformer normalize \
--input ./v1-collection.json \
--normalize-version 1.0.0 \
--output ./v1-norm-collection.json \
--pretty \
--overwrite
All options:
$ postman-collection-transformer normalize -h
Usage: normalize [options]
Normalizes a postman collection according to the provided version
Options:
-i, --input <path> Path to the collection JSON file to be normalized
-n, --normalize-version <version> The version to normalizers the provided collection on
-o, --output <path> Path to the target file, where the normalized collection will be written
-P, --pretty Pretty print the output
--retain-ids Retain the request and folder IDs during conversion (collection ID is always retained)
-w, --overwrite Overwrite the output file if it exists
-h, --help Output usage information
If you'd rather use the transformer as a library:
1 var transformer = require('postman-collection-transformer'), 2 collection = require('./path/to/collection.json'), 3 inspect = require('util').inspect, 4 5 options = { 6 normalizeVersion: '1.0.0', 7 mutate: false, // performs in-place normalization, false by default. 8 noDefaults: false, // when set to true, sensible defaults for missing properties are skipped. Default: false 9 prioritizeV2: false, // when set to true, v2 attributes are used as the source of truth for normalization. 10 retainEmptyValues: false, // when set to true, empty values are set to '', not removed. False by default. 11 retainIds: true // the transformer strips request-ids etc by default. 12 }; 13 14 transformer.normalize(collection, options, function (error, result) { 15 if (error) { 16 return console.error(error); 17 } 18 19 // result <== the converted collection as a raw Javascript object 20 console.log(inspect(result, {colors: true, depth: 10000})); 21 });
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 1/7 approved changesets -- score normalized to 1
Reason
0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Reason
18 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-cwcx-rxgc-cmw3
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More