Gathering detailed insights and metrics for swagger-ui-dist
Gathering detailed insights and metrics for swagger-ui-dist
Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Installations
npm install swagger-ui-distReleases
349
Swagger UI v5.18.2 Released!
v5.18.2
Published on 07 Nov 2024
Swagger UI v5.18.1 Released!
v5.18.1
Published on 05 Nov 2024
Swagger UI v5.18.0 Released!
v5.18.0
Published on 05 Nov 2024
Swagger UI v5.17.14 Released!
v5.17.14
Published on 28 May 2024
Swagger UI v5.17.13 Released!
v5.17.13
Published on 27 May 2024
Swagger UI v5.17.12 Released!
v5.17.12
Published on 21 May 2024
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
18.17.1
NPM Version
9.6.7
Statistics
26,636 Stars
6,578 Commits
8,964 Forks
648 Watching
51 Branches
535 Contributors
Updated on 27 Nov 2024
Bundle Size
1.44 MB
Minified
426.08 kB
Minified + Gzipped
Languages
JavaScript (94.91%)
SCSS (3.75%)
HTML (0.96%)
Shell (0.28%)
Dockerfile (0.07%)
CSS (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
442,519,954
Last day
-7.2%
777,107
Compared to previous day
Last week
2%
4,098,341
Compared to previous week
Last month
19.2%
16,887,170
Compared to previous month
Last year
32.3%
162,291,968
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Introduction
Swagger UI allows anyone — be it your development team or your end consumers — to visualize and interact with the API’s resources without having any of the implementation logic in place. It’s automatically generated from your OpenAPI (formerly known as Swagger) Specification, with the visual documentation making it easy for back end implementation and client side consumption.
General
👉🏼 Want to score an easy open-source contribution? Check out our Good first issue label.
🕰️ Looking for the older version of Swagger UI? Refer to the 2.x branch.
This repository publishes three different NPM modules:
- swagger-ui is a traditional npm module intended for use in single-page applications that are capable of resolving dependencies (via Webpack, Browserify, etc.).
- swagger-ui-dist is a dependency-free module that includes everything you need to serve Swagger UI in a server-side project, or a single-page application that can't resolve npm module dependencies.
- swagger-ui-react is Swagger UI packaged as a React component for use in React applications.
We strongly suggest that you use swagger-ui instead of swagger-ui-dist if you're building a single-page application, since swagger-ui-dist is significantly larger.
If you are looking for plain ol' HTML/JS/CSS, download the latest release and copy the contents of the /dist folder to your server.
Compatibility
The OpenAPI Specification has undergone 5 revisions since initial creation in 2010. Compatibility between Swagger UI and the OpenAPI Specification is as follows:
| Swagger UI Version | Release Date | OpenAPI Spec compatibility | Notes |
|---|---|---|---|
| 5.0.0 | 2023-06-12 | 2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0 | tag v5.0.0 |
| 4.0.0 | 2021-11-03 | 2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3 | tag v4.0.0 |
| 3.18.3 | 2018-08-03 | 2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3 | tag v3.18.3 |
| 3.0.21 | 2017-07-26 | 2.0 | tag v3.0.21 |
| 2.2.10 | 2017-01-04 | 1.1, 1.2, 2.0 | tag v2.2.10 |
| 2.1.5 | 2016-07-20 | 1.1, 1.2, 2.0 | tag v2.1.5 |
| 2.0.24 | 2014-09-12 | 1.1, 1.2 | tag v2.0.24 |
| 1.0.13 | 2013-03-08 | 1.1, 1.2 | tag v1.0.13 |
| 1.0.1 | 2011-10-11 | 1.0, 1.1 | tag v1.0.1 |
Anonymized analytics
SwaggerUI uses Scarf to collect anonymized installation analytics. These analytics help support the maintainers of this library and ONLY run during installation. To opt out, you can set the scarfSettings.enabled field to false in your project's package.json:
// package.json
{
// ...
"scarfSettings": {
"enabled": false
}
// ...
}
Alternatively, you can set the environment variable SCARF_ANALYTICS to false as part of the environment that installs your npm packages, e.g., SCARF_ANALYTICS=false npm install.
Documentation
Usage
Customization
Development
Contributing
Integration Tests
You will need JDK of version 7 or higher as instructed here https://nightwatchjs.org/guide/getting-started/installation.html#install-selenium-server
Integration tests can be run locally with npm run e2e - be sure you aren't running a dev server when testing!
Browser support
Swagger UI works in the latest versions of Chrome, Safari, Firefox, and Edge.
Known Issues
To help with the migration, here are the currently known issues with 3.X. This list will update regularly, and will not include features that were not implemented in previous versions.
- Only part of the parameters previously supported are available.
- The JSON Form Editor is not implemented.
- Support for
collectionFormatis partial. - l10n (translations) is not implemented.
- Relative path support for external files is not implemented.
Security contact
Please disclose any security-related issues or vulnerabilities by emailing security@swagger.io, instead of using the public issue tracker.
License
SwaggerUI is licensed under Apache 2.0 license. SwaggerUI comes with an explicit NOTICE file containing additional legal notices and information.
Stable Version
The latest stable version of the package.
Stable Version
5.18.2
MODERATE
2
MODERATE
6.1/10
Summary
Spoofing attack in swagger-ui-dist
Affected Versions
< 4.1.3
Patched Versions
4.1.3
MODERATE
0/10
Summary
Server side request forgery in SwaggerUI
Affected Versions
< 4.1.3
Patched Versions
4.1.3
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
24 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-build-push.yml:47
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (27) are checked with a SAST tool
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2fw4-mgq9-39cx
- Warn: Project is vulnerable to: GHSA-4rg6-fm25-gc34
Reason
badge detected: InProgress
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-image-check.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:5: pin your Docker image by updating nginx:1.27.2-alpine to nginx:1.27.2-alpine@sha256:74175cf34632e88c6cfe206897cbfe2d2fecf9bf033c40e7f9775a3689e8adc7
- Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 11 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 5 out of 5 npmCommand dependencies pinned
Reason
Found 1/10 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependabot-merge.yml:8
- Warn: no topLevel permission defined: .github/workflows/docker-build-push.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-image-check.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs.yml:16
- Warn: no topLevel permission defined: .github/workflows/release-swagger-ui-react.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-swagger-ui.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More