bootprint / bootprint Goto Github PK

Converts json into a static html page using Handlebars and Bootstrap, this repository has moved to https://github.com/bootprint/bootprint-monorepo/tree/master/packages/bootprint

License: MIT License

JavaScript 37.26% HTML 62.74%

bootprint's Introduction

bootprint

Converts json and yaml into a static html page using Handlebars and Bootstrap

Bootprint is a tool for converting JSON-files into static HTML-pages using {less}, Bootstrap and Handlebars.

It is designed with flexibility in mind:

You can easily modify the styling by providing your own {less}-files.
You can easily replace the Handlebars template and any register partial
You can include custom handlebars-helpers or override existing ones.
You can create packages with default-configurations, publish them on npm and use them as base for further customizations.

Installation

npm install -g bootprint

Usage

After installing bootprint perform the following steps

# Install template module
npm install -g bootprint-openapi
# Run bootprint with the template
bootprint openapi http://petstore.swagger.io/v2/swagger.json target

The directory "target" should now contain a file index.html and main.css which contain a readable form of the Swagger-Petstore-Example.

Further documentation Documentation

Command line interface - How to use Bootprint from the command line.
JavaScript Usage - How to call Bootprint from JavaScript.
JavaScript API-Reference - How to call Bootprint from JavaScript.
Configuration Options - How to customize Bootprint for your own purposes.
Developing modules - How to create your own modules for bootprint
Release Notes

Available modules

base contains a basic template as a base for other modules.
json-schema creates readable docs from JSON-Schema-Definitions
swagger creates readable docs from Swagger definitions.

License

bootprint is published under the MIT-license.

See LICENSE for details.

Release-Notes

For release notes, see CHANGELOG.md

Contributing guidelines

See CONTRIBUTING.md.

bootprint's People

Contributors

Stargazers

Watchers

Forkers

stephank mrene aledbf geekjj transcovo hahalin larsbutler uhappylogic oleteacher kisapas kistapas42-gmail-com robinfit01

bootprint's Issues

Cannot overwrite main template or partials

First of all I love the tool and you have it very well documented :)

But I am struggling to overwrite the main template. It will always render the default template and will not use my partials.

var path = require('path');

var bootprint = require('bootprint')
    .load(require('bootprint-swagger'))
    .merge({
        handlebars: {
            partials: path.resolve('./stuff/3rdparty/bootprint/partials'),
            template: path.resolve('./stuff/3rdparty/bootprint/template.hbs')
        }
    })
    .build('http://www.foo.bar/swagger.json','target')
    .generate()
    .done(console.log);

First of all, there is no message shown if the template path leads to a file which does not exist.
And even when it exists, it seems to be ignored.

I have ./stuff/3rdparty/bootprint/partials

swagger/
    summary.hbs
    ...

./stuff/3rdparty/bootprint/template.hbs

{{!--
    @public
--}}
{{>base/header}}
<div class="container">
    {{>base/body}}
</div>
{{>base/footer}}

Or maybe I am just doing it wrong. Maybe you can help me with that :)

thank you.

Possible to override less main (to omit Bootstrap "print" styles)?

Say we only want to @include certain portions of bootstrap. For instance, I don't want to include bootstrap's print.less. How would I go about this? Everything I've tried still merges the original bootstrap.less which has everything.

OpenAPI V3 Support

Is there a possibility of this being updated to support OpenAPI v3?

Potential Security Risk

Hi I just wanted to note this as this project is using event-stream
dominictarr/event-stream#116

Warning: Cannot merge undefined 'config'

Occurs in [email protected]. Did not occur in 0.7.3

cli.js not found when installing from npm or master

Not sure if anyone else is experiencing this- but was not able install from master or npm.

Received the following error:

npm ERR! Darwin 13.4.0
npm ERR! argv "node" "~/.node/bin/npm" "install" "-g" "bootprint" (or "./bootprint-master")
npm ERR! node v0.10.31
npm ERR! npm v2.7.5
npm ERR! path ~/node_modules/bootprint/cli.js
npm ERR! code ENOENT
npm ERR! errno 34

Did install when using this: https://github.com/nknapp/bootprint/tree/7502e250a3706e68bd1c092c4ed6eee746bcf2f9

(where cli.js is present)

Support for JavaScript files

Some issues in bootprint-openapi (bootprint/bootprint-openapi#51, bootprint/bootprint-openapi#29) require in-browser JavaScript support which cannot be provided yet by bootprint.

Better error message needed when target-folder is not specified

An in-range update of q is breaking the build 🚨

Version 1.5.0 of q just got published.

Branch	Build failing 🚨
Dependency	q
Current Version	1.4.1
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

As q is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Status Details

❌ continuous-integration/travis-ci/push The Travis CI build failed Details
✅ coverage/coveralls First build on greenkeeper/q-1.5.0 at 61.765% Details

Commits

The new version differs by 46 commits .

4fecabe Update change log with version
0ba2b1b 1.5.0
9ede4c5 Merge pull request #803 from mariotsi/patch-1
db76578 Updating comment with correct method name.
3d648e4 More dashes for horizontal rule in design document
d8fd789 Merge pull request #791 from kriskowal/meh
14cd347 Merge pull request #799 from amZotti/v1
8b71d62 Merge pull request #792 from artemv/v1
c1f648e Docs: Update year in README and LICENSE
c0fdb66 Merge pull request #798 from kennynaoh/cdnjs-badge
c080f7f Add CDNJS badge in readme
7e4c79a Merge pull request #789 from jbunton-atlassian/long-stack-improvements
0cb4757 Added comment describing the long stack counter
d9652d7 docs: correct bower package version in README
5a5e64d Redact message about experimental branch

There are 46 commits in total. See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Adding npm package as project dependency fails due to trace dependency

Adding the npm package with node > 8 as local dependency fails with the following error:

yarn add --dev bootprint
yarn add v0.27.5
[1/4] Resolving packages...
warning bootprint > live-server > [email protected]: connect 2.x series is deprecated
[2/4] Fetching packages...
error [email protected]: The engine "node" is incompatible with this module. Expected version "^4.5 || ^6.0 || ^7.0".
error Found incompatible module

It still works fine, though, when adding it as global dependency which is our current workaround.

As stated on https://www.npmjs.com/package/trace, "Trace only works with node.js v8.x and newer. Use npm install trace@^2 for node.js v6 and v4". So, updating the trace dependency should solve this issue.

(The same issue appears with npm, we just like to use yarn)

Tests for the whole workflow needed

Right now, only parts of Bootprint are covered by unit tests. There should be at least one test that covers the whole workflow:
Templates, partials, helpers, preprocessor and a less-file should be provided and after calling Bootprint, the HTML and CSS output should be verified.

An in-range update of debug is breaking the build 🚨

Version 2.6.4 of debug just got published.

Branch	Build failing 🚨
Dependency	debug
Current Version	2.6.3
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

As debug is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Status Details

❌ continuous-integration/travis-ci/push The Travis CI build failed Details
✅ coverage/coveralls First build on greenkeeper/debug-2.6.4 at 61.765% Details

Commits

The new version differs by 6 commits .

f311b10 release 2.6.4
1f01b70 Fix bug that would occure if process.env.DEBUG is a non-string value. (#444)
2f3ebf4 Update CHANGELOG.md
f5ae332 Update CHANGELOG.md
9742c5f chore(): ignore bower.json in npm installations. (#437)
27d93a3 update "debug" to v0.7.3

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Code of Conduct, Contributing guidelines for Bootprint

The contributing-guide is not complete. I'm dumping new things here for discussion....

I have included thoughtful-release in every project of the bootprint-organization. I would like to encourage the "always work on a branch"-paradigm for every project. Even though I have not protected the master branches, but please don't directly to master. Make a PR from your feature-branch instead.

The main goal is to keep a clean history with many undos.
The secondary goal is, for the start, to define and discuss contributing rules while we move along.

About testing and documentation

Test coverage is not very high for some projects. Every new feature should have a test though.
I tried writing tests for the Handlebars-template and partials in bootprint-openapi. The other template modules don't have tests, some features are tested implicitly in bootprint-openapi. It would be great if the same mechanisms would be applied in bootprint-json-schema and bootprint-base to create a basis for unit tests. I don't know how to measure the coverage of these tests.
Less-definitions don't have tests. It would be great if they had.
The template-structure of bootprint-openapi is documented, generated with Thought. The other packages don't have that, but should have.
Unfortunately, Thought itself is not very well documented (I should do that soon). Have a look a the projects' (.thought) directories to see how to use Thought.

Although the test-coverage still has potential I would like to have tests for every new feature and every template change. I tried to do this in bootprint-openapi. Documentation for Less-styles and Handlebars-partials should be included as block comments like in the bootprint-openapi-project. That way, a reference documentation can be auto-generated later.

YAML-support

Moved here from bootprint-swagger.

@Otann: Is it possible to support yaml format for documentation?

It looks like now it is default format in Swagger Editor

ReferenceError: httpGet is not defined

Hi, I just ran the standard install:

npm install -g bootprint
npm install -g bootprint-swagger

and tested with

bootprint swagger http://petstore.swagger.io/v2/swagger.json target

and I got:

/usr/local/lib/node_modules/bootprint/index.js:60
    return httpGet(fileOrUrlOrData).then(function (result) {
           ^
ReferenceError: httpGet is not defined

I fixed it by adding this to index.js

var httpGet = require('get-promise');

Looks like it may have been missed out of the recent commit?

bootprint swagger cli command errors out with Engine 'uglify' not found

While running

bootprint swagger .\oas.json .

I encounter following exception : 'Error: Engine 'uglify' not found. Refusing to store configuration'

An in-range update of mocha is breaking the build 🚨

Version 3.3.0 of mocha just got published.

Branch	Build failing 🚨
Dependency	mocha
Current Version	3.2.0
Type	devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As mocha is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Status Details

- ✅ **coverage/coveralls** First build on greenkeeper/mocha-3.3.0 at 61.765% [Details](https://coveralls.io/builds/11209038),- ❌ **continuous-integration/travis-ci/push** The Travis CI build failed [Details](https://travis-ci.org/bootprint/bootprint/builds/225140270)

Release Notes

coverave

Thanks to all our contributors, maintainers, sponsors, and users! ❤️

As highlights:

We've got coverage now!
Testing is looking less flaky \o/.
No more nitpicking about "mocha.js" build on PRs.

🎉 Enhancements

#2659: Adds support for loading reporter from an absolute or relative path (@sul4bh)
#2769: Support --inspect-brk on command-line (@igwejk)

🐛 Fixes

#2662: Replace unicode chars w/ hex codes in HTML reporter (@rotemdan)

🔍 Coverage

#2672: Add coverage for node tests (@c089, @Munter)
#2680: Increase tests coverage for base reporter (@epallerols)
#2690: Increase tests coverage for doc reporter (@craigtaub)
#2701: Increase tests coverage for landing, min, tap and list reporters (@craigtaub)
#2691: Increase tests coverage for spec + dot reporters (@craigtaub)
#2698: Increase tests coverage for xunit reporter (@craigtaub)
#2699: Increase tests coverage for json-stream, markdown and progress reporters (@craigtaub)
#2703: Cover .some() function in utils.js with tests (@seppevs)
#2773: Add tests for loading reporters w/ relative/absolute paths (@sul4bh)

🔩 Other

Remove bin/.eslintrc; ensure execs are linted (@boneskull)
#2542: Expand CONTRIBUTING.md (@boneskull)
#2660: Double timeouts on integration tests (@Munter)
#2653: Update copyright year ([@Scottkao85], @Munter)
#2621: Update dependencies to enable Greenkeeper (@boneskull, @greenkeeper)
#2625: Use trusty container in travis-ci; use "artifacts" addon (@boneskull)
#2670: doc(CONTRIBUTING): fix link to org members (@coderbyheart)
Add Mocha propaganda to README.md (@boneskull)
#2470: Avoid test flake in "delay" test (@boneskull)
#2675: Limit browser concurrency on sauce (@boneskull)
#2669: Use temporary test-only build of mocha.js for browsers tests (@Munter)
Fix "projects" link in README.md (@boneskull)
#2678: Chore(Saucelabs): test on IE9, IE10 and IE11 (@coderbyheart)
#2648: Use semistandard directly (@kt3k)
#2727: Make the build reproducible (@lamby)

Commits

The new version differs by 89 commits0.

fb1687e :ship: Release v3.3.0
1943e02 Add Changelog for v3.3.0
861e968 Refactor literal play-icon hex code to a var
1d3c5bc Fix typo in karma.conf.js
9bd9389 Fix spec paths in test HTML files
0a93024 Adds tests for loading reporters w/ relative/absolute paths (#2773)
73929ad Comment special treatment of '+' in URL query parsing
e2c9514 Merge pull request #2769 from igwejk/support_inspect_break_in_opts
038c636 Support --inspect-brk on command-line
b4ebabd Merge pull request #2727 from lamby/reproducible-build
882347b Please make the build reproducible.
a2fc76c Merge pull request #2703 from seppevs/cover_utils_some_fn_with_tests
ed61cd0 cover .some() function in utils.js with tests
f42cbf4 Merge pull request #2701 from craigtaub/landingSpec
6065242 use stubbed symbol

There are 89 commits in total.

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Problem with gulp-watch

I am really glad, I found this lib to build static HTML for my swagger.json. Now, I'd like to automatically build an api documentation using gulp. The following configuration works so far:

var gulp = require('gulp');

gulp.task('default', [
    'bootprint-swagger',
    'watch'
], function () {
});

gulp.task('bootprint-swagger', [], function () {
    require('bootprint')
      .load(require('bootprint-swagger'))
      .build('public/doc/swagger.json', 'public/doc/')
      .generate()
      .done(console.log);
});

gulp.task('watch', function() {
  gulp.watch([
      'public/doc/swagger.json'
  ], ['bootprint-swagger']);
});

On start of the default task, everything is built fine:

[13:35:33] Starting 'bootprint-swagger'...
Loading bootprint-swagger 0.13.1
Loading bootprint-json-schema 0.8.4
Loading bootprint-base 0.6.3
[13:35:33] Finished 'bootprint-swagger' after 66 ms
[13:35:33] Starting 'watch'...
[13:35:33] Finished 'watch' after 8.35 ms

As soon as I change the swagger.json, I get the following logs:

[13:35:51] Starting 'bootprint-swagger'...
Loading bootprint-swagger 0.13.1
Loading bootprint-json-schema 0.8.4
Loading bootprint-base 0.6.3
[13:35:51] Finished 'bootprint-swagger' after 19 ms
[ 'public/doc/index.html',
  'public/doc/main.css',
  'public/doc/main.css.map' ]

So far, it seems ok. But there are no changes in the HTML-Output, just the timestamp is new. It seems, it uses the old unchanged swagger.json. Is there perhaps a global cache for the used json file or something like this?

An in-range update of commander is breaking the build 🚨

Version 2.10.0 of commander just got published.

Branch	Build failing 🚨
Dependency	commander
Current Version	2.9.0
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

commander is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Status Details

✅ coverage/coveralls First build on greenkeeper/commander-2.10.0 at 61.765% Details
❌ continuous-integration/travis-ci/push The Travis CI build failed Details

Release Notes

Release V2.10.0

Update .travis.yml. drop support for older node.js versions.
Fix require arguments in README.md
On SemVer you do not start from 0.0.1
Add missing semi colon in readme
Add save param to npm install
node v6 travis test
Update Readme_zh-CN.md
Allow literal '--' to be passed-through as an argument
Test subcommand alias help
link build badge to master branch
Support the alias of Git style sub-command
added keyword commander for better search result on npm
Fix Sub-Subcommands
test node.js stable
Fixes TypeError when a command has an option called --description
Update README.md to make it beginner friendly and elaborate on the difference between angled and square brackets.
Add chinese Readme file

Commits

The new version differs by 50 commits.

8870675 version bump 2.10.0
98e66bc #330 make .option defaultValue and fn and .version flag optional
d674384 Merge pull request #639 from abetomo/update_version_to_be_tested
45ce032 Remove io.js
b888282 Add version 5
5ac0439 Do not test older versions
579f670 Do not test older versions
4c7c1cf Add new version
8049258 Do not test older versions
9bfc4eb Merge pull request #610 from xcatliu/patch-1
648629f Merge pull request #619 from Nepomuceno/patch-1
20493bb On SemVer you do not start from 0.0.1
8a4f1ad Fix require arguments in README.md
3367806 Merge pull request #585 from simeg/simeg-patch-1
ff501a1 Merge pull request #593 from junajan/patch-1

There are 50 commits in total.

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

An in-range update of get-promise is breaking the build 🚨

Version 1.4.0 of get-promise just got published.

Branch	Build failing 🚨
Dependency	get-promise
Current Version	1.3.1
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

get-promise is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Status Details

❌ coverage/coveralls Coverage pending from Coveralls.io Details
❌ continuous-integration/travis-ci/push The Travis CI build failed Details

Commits

The new version differs by 1 commits.

00068b2 Disable redirecting by default

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Newlines (\n) in example filed are output verbatim

When a property of a data object has the field example, \n in this field are output verbatim instead of producing a newline. This makes it hard to output formatted JSON examples.

Command line does not work for YAML or JSON

Hi there,

As per the instructions, I installed
npm install -g bootprint
npm install -g bootprint-swagger

Both of the above step completed without errors.

Ran below command, petstore.yaml and petstore.json are downloaded to the current directory. temp folder is in place.
bootprint swagger petstore.yaml temp
below outputs the following

Loading bootprint-swagger 0.13.1
Loading bootprint-json-schema 0.8.4
Loading bootprint-base 0.6.3

No errors in the -l mode as well. But the temp folder is empty. I'm running Ubuntu within VirtualBox running on Windows and no internet connection? Anything I'm missing or is it is a bug?

Thanks,
Vinoth

Broken Documentation

Javascript usage documentation seems to be broken. I am not able to move forward with the sample example added to the respective ReadMe.md

It starts with

require(...).load is not a function.

An in-range update of js-yaml is breaking the build 🚨

Version 3.8.3 of js-yaml just got published.

Branch	Build failing 🚨
Dependency	js-yaml
Current Version	3.8.2
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

As js-yaml is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Status Details

❌ continuous-integration/travis-ci/push The Travis CI build failed Details
✅ coverage/coveralls First build on greenkeeper/js-yaml-3.8.3 at 61.765% Details

Commits

The new version differs by 7 commits .

db20313 3.8.3 released
98c2166 Browser files rebuild
0ad532e Should not allow numbers to begin and end with underscore, #335
aa3d9e2 Merge pull request #337 from feserafim/patch-1
7fda73a Update sample_document.yml
76975e4 Merge pull request #334 from CharlesWall/master
158771f minor grammatical changes to the README.md

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

22 Security Vulnerabilities on Fresh Checkout

It looks like this package has fallen a bit out of date and the security alerts have piled up. Many of the dependencies need to be updated to more recent versions to resolve these alerts.

From a fresh checkout:

git clone https://github.com/bootprint/bootprint.git
cd bootprint
npm audit

                       === npm audit security report ===

# Run  npm install [email protected]  to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-handlebars                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-handlebars > lodash                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-handlebars                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-handlebars > handlebars                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/61                        │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Incorrect Handling of Non-Boolean Comparisons During         │
│               │ Minification                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ uglify-js                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-handlebars                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-handlebars > handlebars > uglify-js         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/39                        │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ uglify-js                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-handlebars                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-handlebars > handlebars > uglify-js         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/48                        │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install [email protected]  to resolve 4 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ live-server                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ live-server > connect > debug                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ live-server                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ live-server > connect > finalhandler > debug                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Cryptographically Weak PRNG                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ live-server                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ live-server > chokidar > anymatch > micromatch > braces >    │
│               │ expand-range > fill-range > randomatic                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/157                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Code Injection                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ morgan                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ live-server                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ live-server > morgan                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/736                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install --save-dev [email protected]  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > debug                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > growl                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/146                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install [email protected]  to resolve 3 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > lodash                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ sshpk                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > http-signature >    │
│               │ sshpk                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/606                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Out-of-bounds Read                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ stringstream                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > stringstream        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/664                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update fill-range --depth 7  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Cryptographically Weak PRNG                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-watch                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-watch > chokidar > anymatch > micromatch > braces  │
│               │ > expand-range > fill-range > randomatic                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/157                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-uglify                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-uglify > lodash                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-watch                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-watch > customize > lodash                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-watch                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-watch > lodash                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ get-promise                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ get-promise > lodash                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > hawk > boom > hoek  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > hawk > cryptiles >  │
│               │ boom > hoek                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > hawk > hoek         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ customize-engine-less                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ customize-engine-less > less > request > hawk > sntp > hoek  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 22 vulnerabilities (13 low, 6 moderate, 2 high, 1 critical) in 764 scanned packages
  run `npm audit fix` to fix 5 of them.
  9 vulnerabilities require semver-major dependency updates.
  8 vulnerabilities require manual review. See the full report for details.

An in-range update of js-yaml is breaking the build 🚨

Version 3.8.2 of js-yaml just got published.

Branch	Build failing 🚨
Dependency	js-yaml
Current Version	3.8.1
Type	dependency

This version is covered by your current version range and after updating it in your project the build failed.

Status Details

❌ coverage/coveralls Coverage pending from Coveralls.io Details
❌ continuous-integration/travis-ci/push The Travis CI build could not complete due to an error Details

Commits

The new version differs by 5 commits .

7dd7254 3.8.2 released
1bc4b80 browser files rebuild
1ee4191 floats: should allow cast integers, close #333
2d571c4 floats: restrict allowed leading zeroes
33d66a3 floats: should allow positive exponent without sign

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Better error message needed when source file cannot be found

Syntax highlighting not working

When adding code examples I noticed that the generated html page has hljs- attributes, but the syntax isn't highlighted. Example:

In api.yaml (some parts edited for the sake of brevity):

  paths:
    /:
      get:
        responses:
          200:
            examples:
              application/json:
                error: false
                code: 200
                message: OK
                data: "N/A"

I see this snippet in the generated html:

{
    "code": 200,
    "data": "N/A",
    "error": false,
    "message": "OK"
}

but I was expecting to see some syntax highlighted, something like this:

{
    "code": 200,
    "data": "N/A",
    "error": false,
    "message": "OK"
}

Perhaps I'm missing something here.

Documentation for including JavaScript files in the output

It must still be documented, how JavaScript can be included into the bootprint output.
Pointers are in the customize-engine-uglify project, especially the example

merge({
    uglify: {
      files: {
        'a-browser-lib.js': require.resolve('./module1/a-browser-lib.js'),
        'another-browser-lib.js': require.resolve('./module1/another-browser-lib.js')
      },
      dependencies: {
        'a-browser-lib.js': [ 'another-browser-lib.js' ]
      }
    }
  })

and the configuration schema for this engine

support requesting through proxies

Right now there's no support for using a proxy at all.

The underlying reason is that 'get-promise' uses the core 'http' and 'https', which require a bit of effort to use with proxies.
And the package doesn't even try.
Also doesn't seem to be actively maintained or used by much of anything I've seen (though I'm a relative newbie in Node-land)

I suspect it might be better to move to a different way of making the requests entirely, if proxies should be supported (and I'd like it to be).

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.