npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@zapier/spectral-api-ruleset

v2.2.0

Published

Spectral ruleset for Zapier API Guidelines.

Downloads

41,468

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

zapier-engineeringzapier-engineering

Keywords

Readme

Ownership

#team-staff-engineering owns the API Design Guidelines and these spectral rules that help teams align with them.

MRs are always welcome!

Versioning Philosophy

This ruleset ships in two major version lines:

1.x — Leveling up existing APIs

The 1.x series (latest: 1.9.0) was designed to help existing API services incrementally improve their alignment with Zapier's API Design Guidelines. Rules used warn and info severities to surface issues without blocking CI pipelines, giving teams time to address them.

Existing services can stay on 1.x. There is no requirement to upgrade — 1.x will continue to receive backported rule additions where appropriate.

2.x — Strict standards for new APIs

The 2.x series is for new API services that should come out of the box fully aligned with all key API Design Guidelines. All rules are elevated to error severity (except rate-limit/503 rules which remain info since those concerns may be handled upstream by a proxy, load balancer, or WAF).

Key differences from 1.x:

  • All rules are errors — linting violations fail CI by default
  • Auth schemes tightened — only anonymousServiceJwt, serviceAndUserJwt, and OAuth are allowed (legacy schemes like userJwt, apiKey, zapierSession require an exemption)
  • Public API gateway requirement — APIs must pass the 2.x ruleset to be promoted to public status via api.zapier.com

New services should adopt 2.x. Zapier's API service templates will ship with 2.x lint rules configured.

Which version should I use?

| Scenario | Version | |----------|---------| | Existing service, already linting with 1.x | Stay on 1.9.0 (upgrade when ready) | | New API service | Use 2.x | | API being promoted to public via api.zapier.com | Must pass 2.x rules |

Features

Provides a Spectral linting ruleset to lint OpenAPI schemas against Zapier's API Design Guidelines.

Installation

pnpm add -D @stoplight/spectral-cli
pnpm add -D @zapier/spectral-api-ruleset

For some reason, installing the CLI globally and running spectral lint or npx spectral lint always fails to find the package. Adding the CLI as a local dependency and then running pnpm exec spectral lint does work.

Usage

CLI

There are a few ways you can use this ruleset in your projects.

You can load the ruleset in a few different ways with Spectral.

They support direct http access, via NPM, and via the local file system.

If you'd like to extend the ruleset and and even more specific rules for your API service, you can create a local spectral.yaml that extends the ruleset:

extends:
  - '@zapier/spectral-api-ruleset'

Then run:

spectral lint your-schema.yaml --ruleset .spectral.yaml

or

pnpm exec spectral lint your-schema.yaml --ruleset .spectral.yaml

or

spectral lint your-schema.yaml --ruleset https://unpkg.com/@zapier/spectral-api-ruleset@{VERSION}/.spectral.yaml

depending on whether you installed the CLI locally or globally.

See the Spectral CLI docs for more details.

CI

Use a GitLab job like the following:

openapi:lint:
  stage: validate
  before_script:
    - mkdir spectral
  script:
    - pnpm exec spectral lint your-schema.yaml -o spectral/junit.xml -f junit
  artifacts:
    when: always
    paths:
      - spectral
    reports:
      junit: spectral/junit.xml

For non-TypeScript projects, you can use the spectral docker image to avoid installing additional dependencies.

openapi:lint:
  stage: test
  image:
    name: stoplight/spectral:6.11.0
    entrypoint: [""]
  script:
    - spectral lint openapi.yaml
  only:
    - merge_requests

See Continuous Integration docs and our own openapi:lint guideance in the Engineering Index for more details.

Exemptions

Some rules in this ruleset can be exempted on a case-by-case basis with approval from #team-staff-engineering. Below are the available exemptions and how to use them.

Sorting Parameter Exemption

The zapier-sorting-parameter rule requires using order_by instead of sort_by or ordering for sorting parameters. If you need to use an alternative parameter name, you can request an exemption.

paths:
  /test:
    get:
      parameters:
        - name: sort_by
          in: query
          x-zapier-sorting-parameter-exempt: true
          description: Field to sort by

Version in Paths Exemption

The zapier-single-major-version-in-paths rule requires all paths to contain a major version (e.g., /v1/). If you need paths without versioning, you can request an exemption.

paths:
  /no-version-but-exempt:
    x-zapier-version-in-paths-exempt: true
    get:
      description: This path is exempt from versioning requirement

Auth Scheme Exemption

The zapier-allowed-auth-schemes rule requires using one of the allowed authentication schemes for new APIs (anonymousServiceJwt, serviceAndUserJwt, or OAuth). If you need to use a different scheme (e.g., legacy userJwt, apiKey, or custom HMAC signatures), you can request an exemption.

components:
  securitySchemes:
    hmacSignature:
      type: apiKey
      in: header
      name: X-Signature
      x-zapier-auth-scheme-exempt: true
      description: Legacy HMAC signature scheme

Development

Setup

  1. Install dependencies:
pnpm install
  1. Run tests:
pnpm test
  1. Build the package:
pnpm run build
  1. Validate the package:
pnpm run validate

Adding Rules

You can add rules to .spectral.yaml. See the Rules docs for details.

  • Provide the correct severity. In 2.x, all rules should be error unless the rule covers something that may be handled upstream (e.g., rate limiting, service unavailability), in which case use info.
  • Provide a clear description, as well as a documentationUrl that points to the relevant guide or guide section.
  • Provide a message, which in most cases should just be {{error}}.
  • Prefer Core Functions over Custom Functions.
  • Include unit test(s) in tests/spectral.test.ts for all new rules.

Testing

This project uses Vitest for testing. To run the tests:

pnpm test

Publishing

GitLab CI will automatically publish the package to NPM when a merge request is merged into the main branch. Be sure to update the package version in package.json accordingly before merging.