Dependency evaluation for json schema validation

Created on 28 March 2023, about 1 year ago
Updated 28 May 2024, 19 days ago

Problem/Motivation

JSON:API uses justinrainbow/json-schema to validate that the responses conform to the {JSON:API} specification. For this to happen:

  • You need core-dev installed.
  • You need assertions enabled (typically via local.settings.php).

The Single Directory Components module, being proposed in ✨ Add Single Directory Components as a new experimental module Fixed , makes further use of this dependencies in the same scenario. In this case it validates the data a component receives, against the schema the component author has written.

Proposed resolution

We want to evaluate adding justinrainbow/json-schema as a dependency of drupal/core. This way we'll be able to do the validation by only enabling assertions.

Additional references:

  1. https://git.drupalcode.org/project/drupal/-/merge_requests/3432#note_160873
  2. https://git.drupalcode.org/project/drupal/-/merge_requests/3432#note_157176
  3. Composer also depends on this package.
πŸ“Œ Task
Status

Active

Version

11.0 πŸ”₯

Component
ComposerΒ  β†’

Last updated 1 day ago

No maintainer
Created by

e0ipso Can Picafort

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Issue created by @e0ipso
  • Status changed to Active 8 months ago
  • πŸ‡ΊπŸ‡ΈUnited States bradjones1 Digital Nomad Life

    SDC is in.

    Here because I'm working on ✨ Generate JSON schema for content entity types Needs review which also needs schema validation.

    Unfortunately, this library appears to be very much in maintenance mode and is not getting updates that will be important, e.g. support for vocabularies, which was introduced in draft 2019-09. While it has maintainers and is getting commits, it only officially supports up through draft-04. SDC uses draft-04 as its schema, however OpenAPI 3.1 uses 2020-12.

    Alternatives would perhaps include opis/json-schema however it's in that place where it hasn't seen a commit to trunk in 2 years and not a release in almost as long - and a big open issue queue. So I doubt this would pass muster on security review even if it "works."

    Then there's swaggest/php-json-schema but it has the same contributor bandwidth problem.

    So we're kind of in a tough spot where I think justinrainbow/json-schema is a good foundation and does what we need it to do for the code that exists in core today, but it's likely not really up to snuff as a full core dependency. It's also lacking in its ability to support our future direction.

  • πŸ‡ΊπŸ‡ΈUnited States bradjones1 Digital Nomad Life

    I've used ajv on the client side and it's really amazing, well documented and supported by big players (e.g., browser vendors) but... it's in JavaScript. https://ajv.js.org/

  • πŸ‡ΊπŸ‡ΈUnited States bradjones1 Digital Nomad Life

    OK, rubber-ducking here: I think it would be stupid to hold ourselves back on adopting modern standards (especially for greenfield functionality to Drupal core) on account of test tooling. Drupal core is moving to GitLab CI, which would in theory allow us to do things like use a node container to run ajv to validate generated schema or... whatever. Same can be said for projects like openapi that want to target OpenAPI 3.1, for instance.

    I will need to check with core committers on this approach more broadly, but it is an idea for the test pipeline. As for runtime validation (which it sounds like SDC wanted this in core to perform) then we still have the question of whether the justinrainbow package passes the gates for inclusion... but it need not hold back other JSON schema type functionality in core.

  • e0ipso Can Picafort

    For clarity, this issue focuses on inclusion for runtime tasks. We have this package in core in require-dev already.

  • πŸ‡ΊπŸ‡ΈUnited States dafeder Philadelphia, PA

    Would just like to point out that there has been significant progress in resurrecting justinrainbow/json-schema as a community-supported project, though the future is still uncertain: https://github.com/justinrainbow/json-schema/issues/658

    There is a tentative pseudo-roadmap that includes support for recent drafts of the spec.

  • e0ipso Can Picafort

    Thanks for helping move the conversation forward @dafeder!

    I am adding a note to the IS to note that Composer also depends on this package. This might add some additional confidence in adding this as a runtime dependency for Drupal.

  • πŸ‡ΊπŸ‡ΈUnited States bradjones1 Digital Nomad Life

    The validation library is now on a new jsonrainbow (love that name) org and there is active development. https://github.com/jsonrainbow/json-schema

Production build 0.69.0 2024