npmpackage.info

Gathering detailed insights and metrics for swagger-ui

swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

5.18.2

26,642

Apache-2.0

JavaScript

413.96 kB

33,636,023 6.5

Installations

npm install swagger-ui

Pull Requests

Open

80

Total

4,309

Closed

1,056

Merged

3,173

Issues

Open

1,144

Total

5,524

Closed

4,380

Releases

349

Swagger UI v5.18.2 Released!

v5.18.2

Published on 07 Nov 2024

Swagger UI v5.18.1 Released!

v5.18.1

Published on 05 Nov 2024

Swagger UI v5.18.0 Released!

v5.18.0

Published on 05 Nov 2024

Swagger UI v5.17.14 Released!

v5.17.14

Published on 28 May 2024

Swagger UI v5.17.13 Released!

v5.17.13

Published on 27 May 2024

Swagger UI v5.17.12 Released!

v5.17.12

Published on 21 May 2024

View all 349 releases

Developer

swagger-api

Developer Guide

BETA

Module System

CommonJS, ESM

Min. Node Version

Typescript Support

No

Node Version

18.17.1

NPM Version

9.6.7 Statistics

26,642 Stars

6,578 Commits

8,966 Forks

648 Watching

51 Branches

535 Contributors

Updated on 28 Nov 2024

Bundle Size

1.54 MB

Minified

413.96 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (94.91%)

SCSS (3.75%)

HTML (0.96%)

Shell (0.28%)

Dockerfile (0.07%)

CSS (0.02%)

Total Downloads

Cumulative downloads

Total Downloads

33,636,023

Last day

-22.1%

26,877

Compared to previous day

Last week

-20.3%

165,814

Compared to previous week

Last month

92.5%

911,794

Compared to previous month

Last year

14.5%

5,810,313

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

@babel/cli @babel/core @babel/eslint-parser @babel/plugin-transform-runtime @babel/preset-env @babel/preset-react @babel/register @cfaester/enzyme-adapter-react-18 @commitlint/cli @commitlint/config-conventional @jest/globals @pmmmwh/react-refresh-webpack-plugin @release-it/conventional-changelog @svgr/webpack autoprefixer babel-loader babel-plugin-lodash babel-plugin-module-resolver babel-plugin-transform-react-remove-prop-types body-parser buffer cors cross-env css-loader cssnano cypress dedent deepmerge enzyme eslint eslint-plugin-import eslint-plugin-jest eslint-plugin-react esm expect express git-describe html-webpack-plugin html-webpack-skip-assets-plugin husky inspectpack jest jest-environment-jsdom jest-transform-stub jsdom json-loader json-merger json-server less license-checker lint-staged local-web-server mini-css-extract-plugin npm-audit-ci-wrapper npm-run-all oauth2-server open postcss postcss-loader postcss-preset-env prettier process react-refresh react-test-renderer release-it rimraf sass sass-loader shx sinon source-map-support start-server-and-test stream-browserify tachyons-sass terser-webpack-plugin webpack webpack-bundle-size-analyzer webpack-cli webpack-dev-server webpack-node-externals webpack-stats-plugin

Versions

total GitHub contributors

monthly npm installs total docker pulls monthly packagist installs gzip size

Introduction

Swagger UI allows anyone — be it your development team or your end consumers — to visualize and interact with the API’s resources without having any of the implementation logic in place. It’s automatically generated from your OpenAPI (formerly known as Swagger) Specification, with the visual documentation making it easy for back end implementation and client side consumption.

General

👉🏼 Want to score an easy open-source contribution? Check out our Good first issue label.

🕰️ Looking for the older version of Swagger UI? Refer to the 2.x branch.

This repository publishes three different NPM modules:

swagger-ui is a traditional npm module intended for use in single-page applications that are capable of resolving dependencies (via Webpack, Browserify, etc.).
swagger-ui-dist is a dependency-free module that includes everything you need to serve Swagger UI in a server-side project, or a single-page application that can't resolve npm module dependencies.
swagger-ui-react is Swagger UI packaged as a React component for use in React applications.

We strongly suggest that you use swagger-ui instead of swagger-ui-dist if you're building a single-page application, since swagger-ui-dist is significantly larger.

If you are looking for plain ol' HTML/JS/CSS, download the latest release and copy the contents of the /dist folder to your server.

Compatibility

The OpenAPI Specification has undergone 5 revisions since initial creation in 2010. Compatibility between Swagger UI and the OpenAPI Specification is as follows:

Swagger UI Version	Release Date	OpenAPI Spec compatibility	Notes
5.0.0	2023-06-12	2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0	tag v5.0.0
4.0.0	2021-11-03	2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3	tag v4.0.0
3.18.3	2018-08-03	2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3	tag v3.18.3
3.0.21	2017-07-26	2.0	tag v3.0.21
2.2.10	2017-01-04	1.1, 1.2, 2.0	tag v2.2.10
2.1.5	2016-07-20	1.1, 1.2, 2.0	tag v2.1.5
2.0.24	2014-09-12	1.1, 1.2	tag v2.0.24
1.0.13	2013-03-08	1.1, 1.2	tag v1.0.13
1.0.1	2011-10-11	1.0, 1.1	tag v1.0.1

Anonymized analytics

SwaggerUI uses Scarf to collect anonymized installation analytics. These analytics help support the maintainers of this library and ONLY run during installation. To opt out, you can set the scarfSettings.enabled field to false in your project's package.json:

// package.json
{
  // ...
  "scarfSettings": {
    "enabled": false
  }
  // ...
}

Alternatively, you can set the environment variable SCARF_ANALYTICS to false as part of the environment that installs your npm packages, e.g., SCARF_ANALYTICS=false npm install.

Documentation

Usage

Customization

Development

Contributing

Contributing

Integration Tests

You will need JDK of version 7 or higher as instructed here https://nightwatchjs.org/guide/getting-started/installation.html#install-selenium-server

Integration tests can be run locally with npm run e2e - be sure you aren't running a dev server when testing!

Browser support

Swagger UI works in the latest versions of Chrome, Safari, Firefox, and Edge.

Known Issues

To help with the migration, here are the currently known issues with 3.X. This list will update regularly, and will not include features that were not implemented in previous versions.

Only part of the parameters previously supported are available.
The JSON Form Editor is not implemented.
Support for collectionFormat is partial.
l10n (translations) is not implemented.
Relative path support for external files is not implemented.

Security contact

Please disclose any security-related issues or vulnerabilities by emailing security@swagger.io, instead of using the public issue tracker.

License

SwaggerUI is licensed under Apache 2.0 license. SwaggerUI comes with an explicit NOTICE file containing additional legal notices and information.

Stable Version

The latest stable version of the package.

Stable Version

5.18.2

CRITICAL

9.8/10

Summary

Cross-site scripting in Swagger-UI

Affected Versions

< 3.23.11

Patched Versions

3.23.11

CRITICAL

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

CRITICAL

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

<= 2.2.0

Patched Versions

2.2.1

CRITICAL

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

HIGH

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

MODERATE

4.3/10

Summary

Spoofing attack in swagger-ui

Affected Versions

< 4.1.3

Patched Versions

4.1.3

MODERATE

6.5/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 3.20.9

Patched Versions

3.20.9

MODERATE

6.1/10

Summary

Improper Neutralization of Input During Web Page Generation in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

MODERATE

0/10

Summary

Server side request forgery in SwaggerUI

Affected Versions

< 4.1.3

Patched Versions

4.1.3

MODERATE

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

MODERATE

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

MODERATE

0/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 2.2.1

Patched Versions

2.2.1

MODERATE

6.5/10

Summary

Cross-Site Scripting in swagger-ui

Affected Versions

< 3.0.13

Patched Versions

3.0.13

MODERATE

4.3/10

Summary

Reverse Tabnapping in swagger-ui

Affected Versions

< 3.18.0

Patched Versions

3.18.0

10

Security-Policy

Determines if the project has published a security policy.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-image-check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:5: pin your Docker image by updating nginx:1.27.2-alpine to nginx:1.27.2-alpine@sha256:74175cf34632e88c6cfe206897cbfe2d2fecf9bf033c40e7f9775a3689e8adc7
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 11 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.5

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More