Package Health Score

89 / 100

security
No known security issues
popularity
Popular
maintenance
Healthy
community
Active

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
1.5.0	\|	12/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.4.5	\|	02/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.3.34	\|	04/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.9	\|	10/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.1.1	\|	08/2018		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (36,480)

GitHub Stars: 29.23K
Forks: 4.66K
Contributors: 410

Direct Usage Popularity

The npm package @expo/schemer receives a total of 36,480 downloads a week. As such, we scored @expo/schemer popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package @expo/schemer, we found that it has been starred 29,227 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 410
Funding: No

A good and healthy external contribution signal for @expo/schemer project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like @expo/schemer is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 392
Open PR: 259
Last Release: 5 months ago
Last Commit: 2 hours ago

Further analysis of the maintenance status of @expo/schemer based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that @expo/schemer demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 7 years
Dependencies: 4 Direct
Versions: 116
Install Size: 31.7 kB
Dist-tags: 5
# of Files: 12
Maintainers: 27
TS Typings: No

@expo/schemer has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use @expo/schemer?

To help you get started, we've collected the most common ways that @expo/schemer is being used within popular public projects.

expo / expo-cli / packages / xdl / src / project / Doctor.ts View on Github

export async function validateWithSchema(
  projectRoot: string,
  exp: any,
  schema: any,
  configName: string,
  sdkVersion: string,
  validateAssets: boolean
): Promise&lt;{ schemaErrorMessage: string | undefined; assetsErrorMessage: string | undefined }&gt; {
  let schemaErrorMessage;
  let assetsErrorMessage;
  let validator = new Schemer(schema, { rootDir: projectRoot });

  // Validate the schema itself
  try {
    await validator.validateSchemaAsync(exp);
  } catch (e) {
    if (e instanceof SchemerError) {
      schemaErrorMessage = `Error: Problem${
        e.errors.length &gt; 1 ? 's' : ''
      } validating fields in ${configName}. See https://docs.expo.io/versions/v${sdkVersion}/workflow/configuration/`;
      schemaErrorMessage += e.errors.map(formatValidationError).join('');
    }
  }

  if (validateAssets) {
    try {
      await validator.validateAssetsAsync(exp);

View more ways to use @expo/schemer

👋 Welcome to
`@expo/schemer`

A Schema validation library for Expo.

Details can be found here:

https://paper.dropbox.com/doc/Expo-Schema-Validation-Library-mQU07rRejSnEe4Vf5dkcS

Usage

Usage with XDL

import { getConfig } from '@expo/config';
import Schemer from '@expo/schemer';

const { exp } = getConfig(projectRoot);
const schema = await getSchemaAsync(exp.sdkVersion);
const validator = new Schemer(require('schema.json'));

validator.validateName('Wilson Zhao');
validator.validateAssets(exp);

Schema-only validation

const validator = new Schemer(require('schema.json'));
try {
  await validator.validateSchemaAsync(require('data.json'));
} catch (e) {
  console.error(e);
}

Validating a property

const validator = new Schemer(require('schema.json'));
await validator.validateName('Wilson Zhao');

Description

Schemer takes in a custom JSON Schema and uses it to validate various data.

Under the hood, it uses Ajv (https://github.com/epoberezkin/ajv) as the Javascript engine for basic schema validation. However, each subschema also contains a custom meta tag, which can be parsed for further "manual" validation. As of now, Schemer supports manual validation for assets:

{
  meta:
  {
    asset,
    contentType, //mime type
    dimensions: {width, height},
    square,

    // For custom error messages and docs
    regexHuman,
    autogenerated,
    notHuman
  }
}

All errors can be accessed in this.errors, which has a getter function that combines Ajv JSON Schema errors with custom meta/asset validation errors into a unified array of ValidationErrors. If they exist, the errors are thrown at the end of each public-facing function.

All public-facing functions are async functions because asset validation has to be async (accessing the file-system or making a web request).

API

new Schemer(Object JSON Schema, Object options) -> Object

.validateSchemaAsync(Object data) -> Promise

Returns a promise that resolve to true if the data is conforms to the schema. Otherwise, it rejects and throws an array of ValidationErrors.

.validateAssetsAsync(Object data) -> Promise

Returns a promise that resolve to true if the data is conforms to the additional validation steps found in each meta tag. For example, it will download an asset and read the header of the file to see if it is a certain content type. Otherwise, it rejects and throws an array of ValidationErrors.

.validateAll(Object data) -> Promise

Runs both .validateSchemaAsync and .validateAssetsAsync. Returns a promise that resolve to true if the data passes both functions. Otherwise, it rejects and throws an array of ValidationErrors.

.validateProperty(String fieldPath, Object data) -> Promise

Extracts the subSchema for the given field path and validates the data against it. Also checks for the meta tag. Returns a promise that resolve to true if the data conforms to the subschema. Otherwise, it rejects and throws an array of ValidationErrors.

.errors

Contains an array of ValidationErrors

new ValidationError({errorCode, fieldPath, message, data, meta}) -> Object

@expo/schemer dependencies

ajv ajv-formats json-schema-traverse probe-image-size

@expo/schemer development dependencies

@types/probe-image-size expo-module-scripts

FAQs

What is @expo/schemer?

Centralized scheme validation library for Expo. Visit Snyk Advisor to see a full health score report for @expo/schemer, including popularity, security, maintenance & community analysis.

Is @expo/schemer popular?

The npm package @expo/schemer receives a total of 36,480 weekly downloads. As such, @expo/schemer popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @expo/schemer well maintained?

We found that @expo/schemer demonstrated a healthy version release cadence and project activity. It has a community of 410 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is @expo/schemer safe to use?

The npm package @expo/schemer was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 5 May-2024, at 22:55 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP