Gathering detailed insights and metrics for swagger-spec-validator
Gathering detailed insights and metrics for swagger-spec-validator
Validate an OpenAPI/Swagger API specification using the swagger.io online validator.
Installations
npm install swagger-spec-validatorDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, ESM
Min. Node Version
^14.18 || >=16
Node Version
18.10.0
NPM Version
9.1.1
Score
75.4
Supply Chain
96.4
Quality
75.7
Maintenance
100
Vulnerability
100
License
Releases
11
Languages
5
JavaScript
HTML
Shell
Objective-J
Yacc
JavaScript (89.36%)
HTML (4.14%)
Shell (2.87%)
Objective-J (2.04%)
Yacc (1.6%)
Developer
kevinoid
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
9 Stars
626 Commits
1 Forks
2 Watchers
4 Branches
1 Contributors
Updated on Jun 13, 2025
Maintainers
1
Package Meta Information
Latest Version
5.0.0
Package Id
swagger-spec-validator@5.0.0
Unpacked Size
27.14 kB
Size
8.97 kB
File Count
6
NPM Version
9.1.1
Node Version
18.10.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
OpenAPI/Swagger Specification Validator
Validate an OpenAPI/Swagger v2 or v3 API specification against the OpenAPI Specification using the swagger.io online validator.
The validation performed by this module differs from the validation performed
by swagger-cli.
swagger-cli uses
swagger-parser for
validation, which is a pure JavaScript implementation that can be used
offline. This module relies on the validator hosted at swagger.io which uses
Java-based parser and validator implementations. Therefore, it requires
Internet access to use and requires significantly less code to be installed as
a result.
Introductory Example
To use swagger-spec-validator from the command line, simply invoke it with
the specification files to validate as arguments:
1$ swagger-spec-validator swagger.yaml
If no arguments are given, the specification will be read from stdin.
swagger-spec-validator can be used as a library as follows:
1const swaggerSpecValidator = require('swagger-spec-validator'); 2swaggerSpecValidator.validateFile('swagger.yaml') 3 .then((result) => { 4 if (Object.keys(result).length > 0) { 5 console.log('Invalid.'); 6 } else { 7 console.log('Valid!'); 8 } 9 }) 10 .catch(err => console.error('Unable to validate: ' + err));
Installation
This package can be installed using npm, either globally or locally, by running:
1npm install swagger-spec-validator
Recipes
More examples can be found in the test specifications.
API Docs
To use this module as a library, see the API Documentation.
Contributing
Contributions are appreciated. Contributors agree to abide by the Contributor Covenant Code of Conduct. If this is your first time contributing to a Free and Open Source Software project, consider reading How to Contribute to Open Source in the Open Source Guides.
If the desired change is large, complex, backwards-incompatible, can have significantly differing implementations, or may not be in scope for this project, opening an issue before writing the code can avoid frustration and save a lot of time and effort.
License
This project is available under the terms of the MIT License. See the summary at TLDRLegal.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0
Reason
0 existing vulnerabilities detected
Reason
8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Reason
Found 0/15 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kevinoid/swagger-spec-validator/node.js.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:52
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:108
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 15 are checked with a SAST tool
Score
4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More