Gathering detailed insights and metrics for swagger-client
Gathering detailed insights and metrics for swagger-client
Javascript library to connect to swagger-enabled APIs via browser or nodejs
Installations
npm install swagger-clientDeveloper
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
Typescript Support
No
Node Version
20.13.1
NPM Version
10.5.2
Statistics
2,626 Stars
4,266 Commits
761 Forks
95 Watching
7 Branches
237 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
74,758,679
Last day
-3.6%
118,789
Compared to previous day
Last week
-3%
571,014
Compared to previous week
Last month
18.3%
2,475,712
Compared to previous month
Last year
58%
23,361,102
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
18
@babel/runtime-corejs3@scarf/scarf@swagger-api/apidom-core@swagger-api/apidom-error@swagger-api/apidom-json-pointer@swagger-api/apidom-ns-openapi-3-1@swagger-api/apidom-referencecookiedeepmergefast-json-patchjs-yamlneotraversenode-abort-controllernode-fetch-commonjsopenapi-path-templatingopenapi-server-url-templatingramdaramda-adjunct
Dev Dependencies
36
@babel/cli@babel/core@babel/eslint-parser@babel/plugin-transform-runtime@babel/preset-env@babel/register@commitlint/cli@commitlint/config-conventionalbabel-loadercross-enveslinteslint-config-airbnb-baseeslint-config-prettiereslint-plugin-importeslint-plugin-prettierexpectglobhuskyinspectpackinstalljestjest-environment-jsdomjson-loaderlicense-checkerlint-stagedlodashnpm-run-allprettierrimrafsource-map-explorerterser-webpack-pluginundiciwebpackwebpack-bundle-size-analyzerwebpack-cliwebpack-stats-plugin
Versions
Swagger Client 
Swagger Client is a JavaScript module that allows you to fetch, resolve, and interact with Swagger/OpenAPI documents.
New!
This is the new version of swagger-js, 3.x. The new version supports Swagger 2.0 as well as OpenAPI 3.
Want to learn more? Check out our FAQ.
For features known to be missing from 3.x please see the Graveyard.
For the older version of swagger-js, refer to the 2.x branch.
The npm package is called
swagger-clientand the GitHub repository isswagger-js. We'll be consolidating that soon. Just giving you the heads-up. You may see references to both names.
Compatibility
The OpenAPI Specification has undergone multiple revisions since initial creation in 2010. Compatibility between Swagger Client and the OpenAPI Specification is as follows:
| Swagger Client Version | Release Date | OpenAPI Spec compatibility | Notes |
|---|---|---|---|
| 3.19.x | 2023-01-23 | 2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0 | tag v3.19.0-alpha.3 |
| 3.10.x | 2020-01-17 | 2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3 | tag v3.10.0 |
| 2.1.32 | 2017-01-12 | 1.0, 1.1, 1.2 | tag v2.1.32. This release is only available on GitHub. |
Anonymized analytics
Swagger Client uses Scarf to collect anonymized installation analytics. These analytics help support the maintainers of this library and ONLY run during installation. To opt out, you can set the scarfSettings.enabled field to false in your project's package.json:
// package.json
{
// ...
"scarfSettings": {
"enabled": false
}
// ...
}
Alternatively, you can set the environment variable SCARF_ANALYTICS to false as part of the environment that installs your npm packages, e.g., SCARF_ANALYTICS=false npm install.
Documentation
Usage
- Installation
- Tags Interface
- HTTP client for OAS operations
- OpenAPI Definition Resolver
- HTTP Client
- Swagger Client API
Development
Migrations
Runtime
Node.js
swagger-client requires Node.js >=12.20.0 and uses different fetch implementation depending
on Node.js version.
>=12.20.0 <18- node-fetch@3>=18- native Node.js fetch
NOTE: swagger-client minimum Node.js runtime version aligns with Node.js Releases which means that we can drop support for EOL (End Of Life) Node.js versions without doing major version bump.
Browsers
swagger-client works in the latest versions of Chrome, Safari, Firefox, and Edge
and uses native fetch implementation
provided by each supported browser.
Security contact
Please disclose any security-related issues or vulnerabilities by emailing security@swagger.io, instead of using the public issue tracker.
No vulnerabilities found.
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (26) are checked with a SAST tool
Reason
0 existing vulnerabilities detected
Reason
Found 5/10 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/codeql.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/dependabot-merge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/dependabot-merge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-js/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:35
- Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 3 out of 4 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:37
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:40
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:41
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/dependabot-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More