← Home

@aahoughton/oav

npm Repository Homepage

HTTP-aware OpenAPI request/response validator. Batteries-included distribution: re-exports @aahoughton/oav-core, adds YAML readers, ships the `oav` CLI. For a zero-runtime-dep install, use @aahoughton/oav-core directly.

6
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

aahoughton

Keywords

clihttpjson-schemajson-schema-2020-12openapiopenapi-3.0openapi-3.1openapi-3.2openapi3schemavalidationvalidatoryaml

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:koa AI (typosquat): oav is an OpenAPI validator acronym, not a typosquat of koa; scoped package with legitimate purpose. ai
typosquat typosquat.levenshtein:ajv AI (typosquat): oav is an OpenAPI validator acronym, not a typosquat of ajv; scoped package with legitimate purpose. ai

Versions (showing 6 of 6)

Version Deps Published
2.2.0 4 / 10
2.1.0 4 / 9
2.0.0 4 / 9
1.1.1 4 / 9
1.1.0 4 / 9
1.0.0 4 / 9

v2.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.