Add “offline” spec validations in the validate command (optional flag)

[paulRbr]

When using the bump validate command it could make sense to add a --strict flag to enable OpenAPI/AsyncAPI spec verification.

• For OpenAPI we could use
  • The Mermade developed/maintained oas-validator library
  • The AsyncAPI community maintained library @asyncapi/openapi-schema-parser
• For AsyncAPI we could use the “official” community developed library @asyncapi/parser

[paulRbr]

We should probably use https://github.com/stoplightio/spectral to delegate validation to the formal specs directly

[philsturgeon]

Spectral certainly has more rulesets built already, but Redocly CLI has an interesting approach which is easier to work with. Preview of a post I've done on the tool showing off a bit of the linting. https://apisyouwonthate.com/p/9cee6154-f443-4c4c-8163-b76be3c55d3f/

[philsturgeon]

Remember there's more than just "linting YAML" or "linting OpenAPI", using some of these rulesets moves you into API Security testing and compliance.

https://github.com/stoplightio/spectral-rulesets

And you move into API Governance if custom rulesets are being used:

https://apisyouwonthate.com/blog/automated-style-guides-for-rest-graphql-grpc/