Package Health Score

75 / 100

security
Security review needed
popularity
Small
maintenance
Healthy
community
Active

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
3.3.4	\|	03/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.2.13	\|	10/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.12.2	\|	05/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.12.1	\|	04/2022	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.23.2	\|	04/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Small

Weekly Downloads (5,379)

GitHub Stars: 84
Forks: 51
Contributors: 40

Direct Usage Popularity

The npm package oav receives a total of 5,379 downloads a week. As such, we scored oav popularity level to be Small.

Based on project statistics from the GitHub repository for the npm package oav, we found that it has been starred 84 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: Yes
Contributors: 40
Funding: No

With more than 10 contributors for the oav repository, this is possibly a sign for a growing and inviting community.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 93
Open PR: 3
Last Release: 1 month ago
Last Commit: 1 month ago

Further analysis of the maintenance status of oav based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that oav demonstrates a positive version release cadence with at least one new version released in the past 3 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=12.0.0

Age: 7 years
Dependencies: 36 Direct
Versions: 340
Install Size: 2.99 MB
Dist-tags: 2
# of Files: 659
Maintainers: 1
TS Typings: Yes

oav has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use oav?

To help you get started, we've collected the most common ways that oav is being used within popular public projects.

Azure / azure-rest-api-specs / test / semantic.js View on Github

it(swagger + ' should be semantically valid.', function (done) {
      oav.validateSpec(swagger, {consoleLogLevel: 'error'}).then(function (validationResult) {
        //console.dir(validationResult, {depth: null, colors: true});
        done(assert(validationResult.validateSpec && validationResult.validateSpec.errors && validationResult.validateSpec.errors.length === 0, 
        `swagger "${swagger}" contains semantic validation errors.`));
      }).catch(function (err) {
        console.dir(err, {depth: null, colors: true});
        done(err);
      });
    });
  }).value();

View more ways to use oav

openapi-validation-tools [oav]

Regression: How to fix this

Tools for validating OpenAPI (Swagger) files.

Requirements

node.js version > 10.x

You can install the latest stable release of node.js from here. For a machine with a linux flavored OS, please follow the node.js installation instructions over here

How to install the tool

npm install -g oav@latest

Command usage:

$ oav -h    Commands:
  analyze-dependency                        analyze swagger resource type
                                            dependency.
  analyze-report        analyze report. default format:
                                            newman json report
  example-quality                Performs example quality validation
                                            of x-ms-examples and examples
                                            present in the spec.
  extract-xmsexamples            Extracts the x-ms-examples for a
                                given swagger from the .NET session
                                            recordings and saves them in a file.
  generate-collection                       Generate postman collection file
                                            from API scenario.
  generate-examples [spec-path]             Generate swagger examples from real
                                            payload records.
  generate-report [raw-report-path]         Generate report from postman report.
  generate-api-scenario                     Generate swagger examples from real
                                            payload records.
  generate-static-api-scenario              Generate API-scenario from swagger.
  run-api-scenario            newman runner run API scenario
                                            file.                 [aliases: run]
  validate-example               Performs validation of x-ms-examples
                                            and examples present in the spec.
  validate-spec                  Performs semantic validation of the
                                            spec.
  validate-traffic            Validate traffic payload against the
                                 spec.
  traffic-convert                Showcase what it would look like to 
                                transform a directory full of 
                                            [azure-sdk/test-proxy](https://github.com/Azure/azure-sdk-tools/tree/main/tools/test-proxy/Azure.Sdk.Tools.TestProxy) 
                                            recordings files into traffic payloads 
                                            consumable by traffic validation command in oav
  

Options:
  --version          Show version number                               [boolean]
  -l, --logLevel     Set the logging level for console.
  [choices: "off", "json", "error", "warn", "info", "verbose", "debug", "silly"]
                                                               [default: "info"]
  -f, --logFilepath  Set the log file path. It must be an absolute filepath. By
                     default the logs will stored in a timestamp based log file
                     at "/home/ruowan/oav_output".
  -p, --pretty       Pretty print
  -h, --help         Show help                                         [boolean]

What does the tool do? What issues does the tool catch?

Semantic validation Semantic validation enforces correctness on the swagger specific elements. Such as paths and operations. Ensure the element definition meet the OpenApi 2.0 specification.
Model validation Model validation enforces correctness between example and swagger. It checks whether definitions for request parameters and responses, match an expected input/output payload of the service.

Examples of issues detected:
- Required properties not sent in requests or responses
- Defined types not matching the value provided in the payload
- Constraints on properties not met
- Enumeration values that don’t match the value used by the service.
Model validation requires example payloads (request/response) of the service, so the data can be matched with the defined models. See x-ms-examples extension on how to specify the examples/payloads. Swagger “examples” is also supported and data included there is validated as well. To get the most benefit from this tool, make sure to have the simplest and most complex examples possible as part of x-ms-examples.
- Please take a look at the redis-cache swagger spec as an example for providing "x-ms-examples" over here.
- The examples need to be provided in a separate file in the examples directory under the api-version directory azure-rest-api-specs/arm-//examples/.json. You can take a look over here for the structure of examples.
- We require you to provide us a minimum (just required properties/parameters of the request/response) and a maximum (full blown) example. Feel free to provide more examples as deemed necessary.
- We have provided schemas for examples to be provided in the examples directory. It can be found over here. This will help you with intellisense and validation.
- If you are using vscode to edit your swaggers in the azure-rest-api-specs repo then everything should work out of the box as the schemas have been added in the .vscode/settings.json file over here.
- If you are using Visual Studio then you can use the urls provided in the settings.json file and put them in the drop down list at the top of a json file when the file is opened in VS.

How does this tool fit with others

Swagger specs validation could be split in the following:

Schema validation
Semantic validation
Model definition validation
Swagger operations execution (against mocked data or live tests)
Human-eye review to complement the above

In the context of “azure-rest-api-specs” repo:

#1 is being performed on every PR as part of CI.
#2 and #3 are performed by the tool currently in openapi-validation-tools repo and by AutoRest linter. We’re working towards integrating them into CI for “azure-rest-api-specs” repo.
#4 is not available yet, though we’re starting to work on it.
#5 will be done by the approvers of PRs in “azure-rest-api-specs”, as this won’t be automated.

Run API test

OAV support run API test against Azure and validate request and response. You could define API scenario file which compose with several swagger example files and then use oav to execute it. For more details about API test, please refer to this API scenario documentation.

Live Validation Mode

A Live Validation mode has been added to OAV with the purpose of enabling validation of live traffic.
Usage (here is a sample of a request-response pair):

const liveValidatorOptions = {
  git: {
    url: "https://github.com/Azure/azure-rest-api-specs.git",
    shouldClone: true,
  },
  directory: path.resolve(os.homedir(), "cloneRepo"),
  swaggerPathsPattern: "/specification/**/resource-manager/**/*.json",
  isPathCaseSensitive: false,
  shouldModelImplicitDefaultResponse: true,
};

const apiValidator = new oav.LiveValidator(liveValidatorOptions);
await apiValidator.initialize(); // Note that for a large number of specs this can take some time.

// After `initialize()` finishes we are ready to validate
const validationResult = apiValidator.validateLiveRequestResponse(requestResponsePair);

Regression testing

Output of the OAV tool has been snapshotted and committed to the repo. The regression test may be run on a sample or all of https://github.com/azure/azure-rest-api-specs. If there are changes to the snapshots the build produces a git patch file as an artifact which may be used to update the snapshots.

Fast Regression (~10mins) is used for merge validation

Slow Regression (~1 hour) is run after merge and should be fixed if it fails

Fixing regression builds

Go to the failed build
Download the artifact patch file
In the OAV directory run `git apply

FAQs

What is oav?

Validate Azure REST API Specifications. Visit Snyk Advisor to see a full health score report for oav, including popularity, security, maintenance & community analysis.

Is oav popular?

The npm package oav receives a total of 5,379 weekly downloads. As such, oav popularity was classified as small. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is oav well maintained?

We found that oav demonstrated a healthy version release cadence and project activity. It has a community of 40 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is oav safe to use?

While scanning the latest version of oav, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 4 May-2024, at 12:21 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP