The spectral-report command will generate a linting report that is the same as the Spectral JSON
output. It’s a drop-in replacement for any application using Spectral,
but wants to go much faster.
This will generate a report from your my-openapi-spec.yaml and will save the file as spectral.json
If you leave the optional second argument off, then the default file output of vacuum-spectral-report.json will be used.
Available Flags
spectral-report supports the following flags
| Short | Full | Input | Description |
|---|---|---|---|
| -h | –help | bool |
Show help screen and all flag details |
| -q | –no-style | bool |
Disable color and style console output (useful for CI/CD) |
| -i | –stdin | bool |
Use stdin instead of reading OpenAPI spec from a file |
| -o | –stdout | bool |
Use stdout instead of writing Spectral report to a file |
Global Flags
spectral-report supports the following global flags
| Short | Full | Input | Description |
|---|---|---|---|
| -r | –ruleset | string |
Use an existing ruleset file for linting |
| -f | –functions | string |
Path to custom function plugins |
| -t | –time | bool |
Show how long vacuum took to run (ms) |
| -p | –base | string |
Base URL or Base working directory to use for relative references |
| -u | –remote | bool |
Load remote references automatically if possible (default is true) |
| -k | –skip-check | bool |
Skip checking for a valid OpenAPI document, useful for linting fragments or non-OpenAPI documents |
| -g | –timeout | int |
How long (in seconds to wait) for a rule before it times out (default is 5 seconds) |
| -z | –hard-mode | bool |
Enable every single built-in rule (including OWASP). Only for adventurers and brave souls. |
| –ext-refs | bool |
Allow $ref pointers inside extension objects (x-) to be looked up |
|
| –cert-file | string |
Path to client certificate file for HTTPS requests that require custom certificates | |
| –key-file | string |
Path to client private key file for HTTPS requests that require custom certificates | |
| –ca-file | string |
Path to CA certificate file for HTTPS requests that require custom certificates | |
| –insecure | bool |
Skip TLS certificate verification (insecure) | |
| –allow-private-networks | bool |
Allow fetch() to access private/local networks (localhost, 10.x, 192.168.x) | |
| –allow-http | bool |
Allow fetch() to use HTTP (non-HTTPS) URLs in custom JavaScript functions | |
| –fetch-timeout | int |
Timeout for fetch() requests in seconds (default 30) | |
| –lookup-timeout | int |
Node lookup timeout value value in ms (default 500ms). | |
| –original | string |
Path to original/old spec file for inline comparison (filters results to changed areas) | |
| –changes | string |
Path to change report JSON file for filtering results to changed areas only | |
| –changes-summary | bool |
Show summary of what was filtered by --changes or --original |
|
| –breaking-config | string |
Path to breaking rules config file (default: ./changes-rules.yaml) |
|
| –warn-on-changes | bool |
Inject warning violations for each detected API change | |
| –error-on-breaking | bool |
Inject error violations for each breaking change |
Full flags begin with a double hyphen.
Change Detection
The spectral-report command supports change detection to filter results to changed areas only:
For comprehensive documentation on change detection features, see the Change Detection guide.
Examples
Use stdin and stdout
Here is an example of how to use stdin and stdout with the spectral-report command, and pipe
the output to jq