luzlab / ajv-formats-draft2019 Goto Github PK
View Code? Open in Web Editor NEWPlugin for AJV that adds support for some of string formats adding in the draft2019 JSON Schema.
License: MIT License
Plugin for AJV that adds support for some of string formats adding in the draft2019 JSON Schema.
License: MIT License
Hey @luzlab,
Would it be possible for you to release a new version of this package that includes the most recent bug fixes?
It would be nice if this package had typescript types so that I could use it more easily in my typescript project (and have the typescript compiler check that I'm using it correctly).
I'm also using ajv-formats, which does include a index.d.ts
in the package.
AJV removed uuid
from the stock distribution. This library should include the formatter for uuid since it's a part of the draft2019 spec.
Is this compatible with latest versions of AJV?
The following simple script does not work:
const Ajv = require('ajv');
const apply = require('ajv-formats-draft2019');
const ajv = new Ajv();
apply(ajv); // returns ajv instance, allowing chaining
let schema = {
type: 'string',
format: 'iri-reference'
};
let result = ajv.validate(schema, 'mailto:[email protected]');
console.log (result)
With @FadySalama, we have dug deeper into the issue and find the following problems:
ajv-formats-draft2019/index.test.js
Line 283 in 465607e
"addressParser is not a function"
at validate of
const AddressParser = require('smtp-address-parser').parse;
, everything worksHi,
sorry to open another one about the scheme validation.
We're generating our bill of material with CycloneDX. The generated json files contain repository links that look like this:
{ "type": "vcs", "url": "git+https://github.com/Alex-D/check-disk-space.git" }
or
{ "type": "vcs", "url": "git+ssh://[email protected]/estools/escodegen.git" }
The validation of the json (using ajv) against the schema (also provided by CycloneDX) fails with dozens of errors:
{
instancePath: '/components/1/externalReferences/2/url',
schemaPath: '#/properties/url/format',
keyword: 'format',
params: { format: 'iri-reference' },
message: 'must match format "iri-reference"'
}
According to your comment in #11 the strange git+
scheme seems to be valid but not in any of the lists you're validating against.
I honestly don't know where these references come from, but apparently they seem to be in a few package.json files on github (e.g. https://github.com/Alex-D/check-disk-space/blob/main/package.json)
I can work around the problem by wrapping the format validator and cutting off the git+
prefix, but that's not how it should be.
const validate = ajv.formats['iri-reference'] as FormatValidator<string>;
ajv.formats['iri-reference'] = (value) => {
if (value && value.startsWith('git+')) {
value = value.substring(4);
}
return validate(value);
};
What's your opinion on this?
Are git+https
or git+ssh
valid schemes or not?
Can they be supported?
See example and fix in the next pull request...
After merging the smtp-address-parser
PR, the tests failed on Node 10.
@gene-hightower Can you please fix this in your module? Otherwise, I'm going to revert the changes. Sorry I should have setup the GH action to run the tests BEFORE I merged the PR...
The IETF specification does not specify that the URI scheme in an iri
should be checked. After quickly checking with the JSON Schema community, this seems to be a bug. Why was this implemented explicitly and can it be simply removed?
The function validate
is not defined in iri-references.js
This causes a problem when a mailto:
-iri is being validated
检测到 luzlab/ajv-formats-draft2019 一共引入了94个开源组件,存在1个漏洞
漏洞标题:ansi-regex 安全漏洞
缺陷组件:[email protected]
漏洞编号:CVE-2021-3807
漏洞描述:Ansi-Regex是用于匹配ANSI 转义码的正则表达式。
ansi-regex 存在安全漏洞,该漏洞源于易受低效正则表达式复杂性的影响。
影响范围:(2.1.1, 5.0.1)
最小修复版本:5.0.1
缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=i0adfd
I have a valid S3 bucket URI: s3://cbers-pds/CBERS4/MUX/177/106/CBERS_4_MUX_20181029_177_106_L4/CBERS_4_MUX_20181029_177_106_L4_BAND5.tif
Unfortunately, it is rejected by this library.
I guess it's due to the fact that schemes on npm is outdated. Is there a way to disabled the schemes check?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.