UNPKG

next-api-analyzer

Version:

Minimal, efficient Next.js API analyzer with Postman-ready testing guides for security, performance, and maintainability

github.com/pranshu05/next-api-analyzer

pranshu05/next-api-analyzer

272 lines (206 loc) โ€ข 6.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
# Next.js API Route Analyzer A minimal, efficient analyzer for Next.js API routes focusing on security, performance, and maintainability analysis. [![npm version](https://badge.fury.io/js/next-api-analyzer.svg)](https://www.npmjs.com/package/next-api-analyzer) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) ## โœจ Features ### ๐ŸŽฏ Perfect for API Testing - ๐Ÿงช **Postman-Ready Testing Guide** - Test APIs without reading backend code! - ๐Ÿ“‹ **Complete Parameter Documentation** - Path params, query params, body params, headers - ๐Ÿ”’ **Auth Requirements** - Know exactly what authentication is needed - ๐Ÿ“ **Ready-to-Use JSON** - Copy-paste request body structures - ๐Ÿ“Š **Quick Reference Table** - All endpoints at a glance for Postman collections ### ๐Ÿ” Analysis Capabilities - **Security Analysis** - Detects 7 vulnerability types (SQL injection, XSS, hardcoded secrets, etc.) - **Performance Metrics** - Complexity analysis and optimization recommendations - **Auth Detection** - Identifies 7 authentication methods (JWT, NextAuth.js, Bearer Token, etc.) - **Smart Route Discovery** - Automatically finds and analyzes App Router & Pages Router ### ๐Ÿ’Ž Developer Experience - **Minimal Dependencies** - Only 4 runtime packages for fast installation - **Clear Reports** - Markdown & JSON formats - **Actionable Recommendations** - Get specific guidance to improve your APIs - **CI/CD Ready** - JSON output for automation ## ๐Ÿš€ Installation ```bash npm install --save-dev next-api-analyzer # or yarn add --dev next-api-analyzer # or pnpm add -D next-api-analyzer ``` ## ๐Ÿ“– Quick Start ### CLI Usage ```bash # Analyze your API routes npx next-api-analyzer analyze # Analyze specific directory npx next-api-analyzer analyze --dir src/app/api # Output as JSON npx next-api-analyzer analyze --json # Security-focused analysis npx next-api-analyzer analyze --security # Performance-focused analysis npx next-api-analyzer analyze --performance # Initialize configuration file npx next-api-analyzer init ``` ### Programmatic Usage ```typescript import { NextApiAnalyzer } from 'next-api-analyzer' const analyzer = new NextApiAnalyzer({ apiDir: 'src/app/api', outputDir: './reports' }) const analysis = await analyzer.analyzeRoutes() const report = analyzer.generateReport(analysis) console.log(`Security Score: ${analysis.summary.securityScore}%`) console.log(`Performance Score: ${analysis.summary.performanceScore}%`) console.log(`Recommendations: ${analysis.recommendations.length}`) ``` ## ๐Ÿ“ Configuration Create a `api-analyzer.config.json` file: ```json { "apiDir": "src/app/api", "outputDir": "./api-analysis", "enableSecurityAnalysis": true, "enablePerformanceAnalysis": true, "thresholds": { "security": 80, "performance": 70, "maintainability": 75, "complexity": 10 } } ``` ## ๐Ÿงช Perfect for API Testers ### What You Get for Each Endpoint: โœ… **Authentication Status** - ๐Ÿ”’ Required or ๐Ÿ”“ Public โœ… **Auth Type** - JWT, Bearer Token, NextAuth.js, etc. โœ… **Required Headers** - `authorization`, `content-type`, etc. โœ… **Path Parameters** - Dynamic route segments with types โœ… **Query Parameters** - URL query strings with types โœ… **Request Body** - JSON structure ready to copy-paste โœ… **Response Codes** - All possible HTTP status codes โœ… **Security Features** - Rate limiting, CORS, validation โœ… **Risk Level** - Know which endpoints need extra testing ### Example Output: ```markdown ### POST /api/users/:id ๐Ÿ”’ Authentication Required: Yes Auth Type: JWT, Bearer Token Required Headers: - authorization - content-type Path Parameters: - id (string, required) Request Body: { "name": "<string>", "email": "<string>" } Expected Response Codes: 200, 400, 401, 404 Risk Level: MEDIUM | Complexity: 8 ``` ## ๐Ÿ“Š What It Analyzes ### Security (7 Vulnerability Types) - SQL injection patterns - XSS vulnerabilities - Hardcoded secrets - Weak cryptography - CORS misconfigurations - Path traversal - Command injection ### Authentication (7 Methods Detected) - NextAuth.js - JWT tokens - Bearer Token - API Key - Session-based - Firebase Auth - Supabase Auth ### Performance - Cyclomatic complexity - Code size metrics - Blocking operations - Dependencies analysis ### API Information - HTTP methods - Parameters (path, query, body) - Headers accessed - Response status codes - Middleware usage ## ๐Ÿ“‹ Report Sections Generated reports include: 1. **๐Ÿ“Š Summary** - Overall metrics and scores 2. **๐ŸŽฏ Risk Distribution** - Count by risk level 3. **๐Ÿ”— HTTP Methods Breakdown** - API surface area 4. **๐Ÿ’ก Recommendations** - Security and performance issues 5. **๐Ÿงช API Testing Guide** - Detailed endpoint documentation โญ 6. **๐Ÿ“‹ Quick Reference Table** - All endpoints at a glance โญ ## ๐Ÿ”ง API ### NextApiAnalyzer ```typescript class NextApiAnalyzer { constructor(config?: Partial<AnalyzerConfig>) async analyzeRoutes(): Promise<ApiAnalysisResult> generateReport(analysis: ApiAnalysisResult): string } ``` ### Configuration Types ```typescript interface AnalyzerConfig { apiDir: string outputDir: string includePatterns: string[] excludePatterns: string[] enablePerformanceAnalysis: boolean enableSecurityAnalysis: boolean thresholds: { security: number performance: number maintainability: number complexity: number } } ``` ## ๐Ÿ’ป Development ```bash # Install dependencies npm install # Build npm run build # Dev mode npm run dev ``` ## ๐Ÿ“ฆ Package Stats - **Total Source Code**: ~1,400 lines - **Runtime Dependencies**: 4 packages - **Dev Dependencies**: 2 packages - **Build Output**: ~24 KB (minified) - **Installation Time**: ~15 seconds ## ๐ŸŽฏ Use Cases ### For QA/Testers: โœ… Test APIs without backend access โœ… Create Postman Collections quickly โœ… Prioritize testing by risk level โœ… Write comprehensive test cases ### For Developers: โœ… Auto-generated API documentation โœ… Security vulnerability detection โœ… Code complexity analysis โœ… Refactoring guidance ### For DevOps/CI/CD: โœ… Automated quality checks โœ… JSON output for scripting โœ… Enforce security standards โœ… Documentation pipeline ## ๐Ÿค Contributing Contributions are welcome! Please feel free to submit a Pull Request. ## ๐Ÿ“„ License MIT ยฉ [Pranshu Patel](https://github.com/pranshu05) ## ๐Ÿ”— Links - [GitHub Repository](https://github.com/pranshu05/next-api-analyzer) - [npm Package](https://www.npmjs.com/package/next-api-analyzer) - [Issues](https://github.com/pranshu05/next-api-analyzer/issues) --- **Made with โค๏ธ for the Next.js community**