Gathering detailed insights and metrics for postman-collection-transformer
Gathering detailed insights and metrics for postman-collection-transformer
Perform rapid conversion and validation of JSON structure between Postman Collection Format v1 and v2.
Installations
npm install postman-collection-transformerDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=10
Node Version
20.19.1
NPM Version
10.8.2
Score
98.1
Supply Chain
100
Quality
85.9
Maintenance
100
Vulnerability
99.6
License
Releases
1
Languages
1
JavaScript
JavaScript (100%)
Developer
postmanlabs
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
89 Stars
1,351 Commits
48 Forks
15 Watchers
22 Branches
51 Contributors
Updated on Jun 18, 2025
Maintainers
5
Package Meta Information
Latest Version
4.1.11
Package Id
postman-collection-transformer@4.1.11
Unpacked Size
188.37 kB
Size
39.01 kB
File Count
19
NPM Version
10.8.2
Node Version
20.19.1
Published on
May 30, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
28
@postman/shipitasyncbrowserifychaichalkeslinteslint-plugin-jsdoceslint-plugin-lodasheslint-plugin-mochaeslint-plugin-securityjs-yamlkarmakarma-browserifykarma-chrome-launcherkarma-mochakarma-mocha-reportermochanycpackityparse-gitignorepretty-msrecursive-readdirrequire-allshelljssuperagenttv4watchifyyankee
Postman Collection Transformer 
Perform rapid conversion of JSON structure between Postman Collection Format v1 and v2.
The formats are documented at https://schema.postman.com
Installation
For CLI usage:
$ npm install -g postman-collection-transformer
As a library:
$ npm install --save postman-collection-transformer
Usage
Converting Entire Collections
The transformer provides a Command line API to convert collections.
Example:
$ postman-collection-transformer convert \
--input ./v1-collection.json \
--input-version 2.0.0 \
--output ./v2-collection.json \
--output-version 1.0.0 \
--pretty \
--overwrite
All options:
$ postman-collection-transformer convert -h
Usage: convert [options]
Convert Postman Collection from one format to another
Options:
-h, --help output usage information
-i, --input <path> path to the input postman collection file
-j, --input-version [version] the version of the input collection format standard (v1 or v2)
-o, --output <path> target file path where the converted collection will be written
-p, --output-version [version] required version to which the collection is needed to be converted to
-P, --pretty Pretty print the output
--retain-ids Retain the request and folder IDs during conversion (collection ID is always retained)
-w, --overwrite Overwrite the output file if it exists
If you'd rather use the transformer as a library:
1 var transformer = require('postman-collection-transformer'), 2 collection = require('./path/to/collection.json'), 3 inspect = require('util').inspect, 4 5 options = { 6 inputVersion: '1.0.0', 7 outputVersion: '2.0.0', 8 retainIds: true // the transformer strips request-ids etc by default. 9 }; 10 11 transformer.convert(collection, options, function (error, result) { 12 if (error) { 13 return console.error(error); 14 } 15 16 // result <== the converted collection as a raw Javascript object 17 console.log(inspect(result, {colors: true, depth: 10000})); 18 });
Converting Individual Requests
The transformer also allows you to convert individual requests (only supported when used as a library):
Example
1 2 var transformer = require('postman-collection-transformer'), 3 4 objectToConvert = { /* A valid collection v1 Request or a collection v2 Item */ }, 5 6 options = { 7 inputVersion: '1.0.0', 8 outputVersion: '2.0.0', 9 retainIds: true // the transformer strips request-ids etc by default. 10 }; 11 12 transformer.convertSingle(objectToConvert, options, function (err, converted) { 13 console.log(converted); 14 });
Converting Individual Responses
You can convert individual responses too if needed:
Example
1 2 var transformer = require('postman-collection-transformer'), 3 4 objectToConvert = { /* A v1 Response or a v2 Response */ }, 5 6 options = { 7 inputVersion: '1.0.0', 8 outputVersion: '2.0.0', 9 retainIds: true // the transformer strips request-ids etc by default. 10 }; 11 12 transformer.convertResponse(objectToConvert, options, function (err, converted) { 13 console.log(converted); 14 });
Normalizing v1 collections
The transformer also provides a Command line API to normalize collections for full forward compatibility.
Example:
$ postman-collection-transformer normalize \
--input ./v1-collection.json \
--normalize-version 1.0.0 \
--output ./v1-norm-collection.json \
--pretty \
--overwrite
All options:
$ postman-collection-transformer normalize -h
Usage: normalize [options]
Normalizes a postman collection according to the provided version
Options:
-i, --input <path> Path to the collection JSON file to be normalized
-n, --normalize-version <version> The version to normalizers the provided collection on
-o, --output <path> Path to the target file, where the normalized collection will be written
-P, --pretty Pretty print the output
--retain-ids Retain the request and folder IDs during conversion (collection ID is always retained)
-w, --overwrite Overwrite the output file if it exists
-h, --help Output usage information
If you'd rather use the transformer as a library:
1 var transformer = require('postman-collection-transformer'), 2 collection = require('./path/to/collection.json'), 3 inspect = require('util').inspect, 4 5 options = { 6 normalizeVersion: '1.0.0', 7 mutate: false, // performs in-place normalization, false by default. 8 noDefaults: false, // when set to true, sensible defaults for missing properties are skipped. Default: false 9 prioritizeV2: false, // when set to true, v2 attributes are used as the source of truth for normalization. 10 retainEmptyValues: false, // when set to true, empty values are set to '', not removed. False by default. 11 retainIds: true // the transformer strips request-ids etc by default. 12 }; 13 14 transformer.normalize(collection, options, function (error, result) { 15 if (error) { 16 return console.error(error); 17 } 18 19 // result <== the converted collection as a raw Javascript object 20 console.log(inspect(result, {colors: true, depth: 10000})); 21 });
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection-transformer/ci.yml/develop?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 5/20 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 15 are checked with a SAST tool
Reason
26 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-cwcx-rxgc-cmw3
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More