Gathering detailed insights and metrics for postman-collection
Gathering detailed insights and metrics for postman-collection
Javascript module that allows a developer to work with Postman Collections
Installations
npm install postman-collectionDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=18
Node Version
18.15.0
NPM Version
9.5.0
Releases
2
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
477 Stars
3,248 Commits
233 Forks
41 Watchers
21 Branches
68 Contributors
Updated on Jul 06, 2025
Maintainers
5
Package Meta Information
Latest Version
5.0.2
Package Id
postman-collection@5.0.2
Unpacked Size
498.83 kB
Size
118.07 kB
File Count
43
NPM Version
9.5.0
Node Version
18.15.0
Published on
Mar 27, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
11
Dev Dependencies
32
@postman/shipit@stylistic/eslint-plugin-jsasyncbipbipbrowserifybtoachaichalkdependency-checkeslinteslint-plugin-jsdoceslint-plugin-lodasheslint-plugin-mochaeslint-plugin-neslint-plugin-securityjs-yamljsdockarmakarma-browserifykarma-chrome-launcherkarma-mochakarma-mocha-reportermochanycparse-gitignorepostman-jsdoc-themepostman-requestrecursive-readdirrequire-allshelljsstrip-json-commentstsd-jsdoc
Postman Collection SDK 
Postman Collection SDK is a NodeJS module that allows a developer to work with Postman Collections. Using this module a developer can create collections, manipulate them and then export them in a format that the Postman Apps and Postman CLI Runtimes (such as Newman) can consume.
A collection lets you group individual requests together. These requests can be further organized into folders to accurately mirror your API. Requests can also store sample responses when saved in a collection. You can add metadata like name and description too so that all the information that a developer needs to use your API is available easily.
To know more about Postman Collections, visit the collection documentation section on Postman Website.
The new Collection Format v2 builds a stronger foundation for improving your productivity while working with APIs. We want your feedback and iron out issues before this goes into the Postman Apps.
Installing the SDK
Postman Collection SDK can be installed using NPM or directly from the git repository within your NodeJS projects. If
installing from NPM, the following command installs the SDK and saves in your package.json
1> npm install postman-collection --save
Getting Started
In this example snippet we will get started by loading a collection from a file and output the same in console.
1var fs = require('fs'), // needed to read JSON file from disk 2 Collection = require('postman-collection').Collection, 3 myCollection; 4 5// Load a collection to memory from a JSON file on disk (say, sample-collection.json) 6myCollection = new Collection(JSON.parse(fs.readFileSync('sample-collection.json').toString())); 7 8// log items at root level of the collection 9console.log(myCollection.toJSON());
After loading the collection from file, one can do a lot more using the functions that are available in the SDK. To know more about these functions, head over to Collection SDK Docs.
Postman Collection Schema
The collection schema outlines the JSON definition of data structure accepted by the constructor of each properties of this SDK. In other words, this SDK provides JavaScript level object manipulation for the JSON structure defined by Postman Collection Format in http://schema.postman.com/.
| Schema Version | Compatible SDK Versions |
|---|---|
| 1.0 | none |
| 2.0 | <3.0 |
| 2.1 | >= 3.0 |
Conceptually, a JSON input to the constructor of an SDK property should provide similar output when that property
instance's .toJSON() is called.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 12 commits out of 14 are checked with a SAST tool
Reason
Found 9/25 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/postmanlabs/postman-collection/codeql-analysis.yml/develop?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
24 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-cwcx-rxgc-cmw3
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
3.8
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More