{"id":13808966,"url":"https://github.com/daveshanley/vacuum","last_synced_at":"2026-06-03T21:00:37.085Z","repository":{"id":37041504,"uuid":"415667153","full_name":"daveshanley/vacuum","owner":"daveshanley","description":"vacuum is the worlds fastest and most versatile OpenAPI \u0026 JSON Schema linter, docs generator and toolkit. It tears through API specs at light speed. 100% compatible with Spectral rulesets, and OpenAPI 3.0, 3.1 and 3.2","archived":false,"fork":false,"pushed_at":"2026-06-02T21:39:28.000Z","size":41021,"stargazers_count":1070,"open_issues_count":16,"forks_count":84,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-06-02T23:20:50.077Z","etag":null,"topics":["go","golang","json-schema","json-schema-validator","lint","linter","linters","linting","oas","openapi","openapi-spec","openapi-specification","openapi3","openapi3-1","openapi3-validation","openapi31","owasp","spectral","stoplight","swagger-spec"],"latest_commit_sha":null,"homepage":"https://quobix.com/vacuum","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daveshanley.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yaml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":"daveshanley"}},"created_at":"2021-10-10T18:24:19.000Z","updated_at":"2026-06-02T21:37:19.000Z","dependencies_parsed_at":"2023-07-12T19:17:14.229Z","dependency_job_id":"c7cfe19f-f88e-47bd-b967-5b880af70348","html_url":"https://github.com/daveshanley/vacuum","commit_stats":{"total_commits":966,"total_committers":32,"mean_commits":30.1875,"dds":"0.22256728778467905","last_synced_commit":"902e846b6cd1422cbc5ac9d5520cb8e1efbbd5de"},"previous_names":["daveshanley/vaccum"],"tags_count":257,"template":false,"template_full_name":null,"purl":"pkg:github/daveshanley/vacuum","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daveshanley%2Fvacuum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daveshanley%2Fvacuum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daveshanley%2Fvacuum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daveshanley%2Fvacuum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daveshanley","download_url":"https://codeload.github.com/daveshanley/vacuum/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daveshanley%2Fvacuum/sbom","scorecard":{"id":325646,"data":{"date":"2025-08-11","repo":{"name":"github.com/daveshanley/vacuum","commit":"0a43495bb6db701bb1485f9cba07ebd7928d21a9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Code-Review","score":5,"reason":"Found 5/9 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yaml:81","Warn: no topLevel permission defined: .github/workflows/build.yaml:1","Warn: no topLevel permission defined: .github/workflows/label-check.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/tag.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.17.8 not signed: https://api.github.com/repos/daveshanley/vacuum/releases/237786624","Warn: release artifact v0.17.7 not signed: https://api.github.com/repos/daveshanley/vacuum/releases/236748707","Warn: release artifact v0.17.6 not signed: https://api.github.com/repos/daveshanley/vacuum/releases/233217970","Warn: release artifact v0.17.5 not signed: https://api.github.com/repos/daveshanley/vacuum/releases/231209506","Warn: release artifact v0.17.4 not signed: https://api.github.com/repos/daveshanley/vacuum/releases/231158965","Warn: release artifact v0.17.8 does not have provenance: https://api.github.com/repos/daveshanley/vacuum/releases/237786624","Warn: release artifact v0.17.7 does not have provenance: https://api.github.com/repos/daveshanley/vacuum/releases/236748707","Warn: release artifact v0.17.6 does not have provenance: https://api.github.com/repos/daveshanley/vacuum/releases/233217970","Warn: release artifact v0.17.5 does not have provenance: https://api.github.com/repos/daveshanley/vacuum/releases/231209506","Warn: release artifact v0.17.4 does not have provenance: https://api.github.com/repos/daveshanley/vacuum/releases/231158965"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/build.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-check.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/label-check.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/daveshanley/vacuum/tag.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:19: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:b1a741487078b369e78119849663d7f1a5341ef2768798f7b7406c4240f86aef","Warn: downloadThenRun not pinned by hash: .github/workflows/build.yaml:36","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yaml:76"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":7,"reason":"SAST tool is not run on all commits -- score normalized to 7","details":["Warn: 21 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"40 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m","Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v","Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-vp56-6g26-6827","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T02:26:05.254Z","repository_id":37041504,"created_at":"2025-08-18T02:26:05.255Z","updated_at":"2025-08-18T02:26:05.255Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33878990,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","json-schema","json-schema-validator","lint","linter","linters","linting","oas","openapi","openapi-spec","openapi-specification","openapi3","openapi3-1","openapi3-validation","openapi31","owasp","spectral","stoplight","swagger-spec"],"created_at":"2024-08-04T01:01:56.490Z","updated_at":"2026-06-03T21:00:37.078Z","avatar_url":"https://github.com/daveshanley.png","language":"Go","funding_links":["https://github.com/sponsors/daveshanley"],"categories":["Code Analysis","Go","API tools","golang","代码分析","Projects"],"sub_categories":["Routers","Threat modelling","路由器","API Design"],"readme":"![logo](.github/assets/logo.png)\n\n# vacuum - The world's fastest OpenAPI, AsyncAPI and JSON Schema linter.\n\n![build](https://github.com/daveshanley/vacuum/workflows/Build/badge.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/daveshanley/vacuum)](https://goreportcard.com/report/github.com/daveshanley/vacuum)\n[![discord](https://img.shields.io/discord/923258363540815912)](https://discord.gg/UAcUF78MQN)\n[![Docs](https://img.shields.io/badge/godoc-reference-5fafd7)](https://pkg.go.dev/github.com/daveshanley/vacuum)\n[![npm](https://img.shields.io/npm/dm/@quobix/vacuum?style=flat-square\u0026label=npm%20downloads)](https://www.npmjs.com/package/@quobix/vacuum)\n[![Docker Pulls](https://img.shields.io/docker/pulls/dshanley/vacuum?style=flat-square)](https://hub.docker.com/r/dshanley/vacuum)\n[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge-flat.svg)](https://github.com/avelino/awesome-go)\n\nAn **ultra-super-fast**, lightweight OpenAPI, AsyncAPI and JSON Schema linter and quality checking tool, written in golang and inspired by [Spectral](https://github.com/stoplightio/spectral).\n\nIt's **fully compatible** with existing [Spectral](https://github.com/stoplightio/spectral) rulesets.\n\n## Install using [homebrew](https://brew.sh) tap\n\n```\nbrew install daveshanley/vacuum/vacuum\n```\n\n## Install using [npm](https://npmjs.com)\n\n```\nnpm i -g @quobix/vacuum\n```\n\n## Install using [yarn](https://yarnpkg.com/)\n\n```\nyarn global add @quobix/vacuum\n```\n\n## Install using curl\n\n```bash\ncurl -fsSL https://quobix.com/scripts/install_vacuum.sh | sh\n```\n\n### For CI/CD environments \n\nTo avoid GitHub API rate limiting in automated environments, set a GitHub token:\n\n```bash\n# Using repository token (GitHub Actions)\nGITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} curl -fsSL https://quobix.com/scripts/install_vacuum.sh | sh\n\n# Using personal access token\nGITHUB_TOKEN=your_github_token curl -fsSL https://quobix.com/scripts/install_vacuum.sh | sh\n```\n\n#### GitHub Actions example\n\n```yaml\n- name: Install vacuum\n  env:\n    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Increases rate limit from 60 to 5000 requests/hour\n  run: |\n    curl -fsSL https://quobix.com/scripts/install_vacuum.sh | sh\n```\n\n\u003e **Note**: The GitHub token prevents intermittent installation failures in CI/CD environments caused by API rate limiting. \n\u003e No additional permissions are required, the token only accesses public repository information.\n\n## Install using [Docker](https://hub.docker.com/r/dshanley/vacuum)\n\nThe image is available at: https://hub.docker.com/r/dshanley/vacuum\n\n```\ndocker pull dshanley/vacuum\n```\n\n\u003e **Multi-platform support**: Docker images are available for both `linux/amd64` and `linux/arm64` architectures, including native ARM64 support for Apple Silicon Macs.\n\nTo run, mount the current working dir to the container and use a relative path to your spec, like so\n\n```\ndocker run --rm -v $PWD:/work:ro dshanley/vacuum lint \u003cyour-openapi-spec.yaml\u003e\n```\nAlternatively, you can pull it from\n[GitHub packages](https://github.com/daveshanley/vacuum/pkgs/container/vacuum).\nTo do that, replace `dshanley/vacuum` with `ghcr.io/daveshanley/vacuum` in the above commands.\n\n## Run with Go\n\nIf you have Go 1.25 or newer installed, you can use `go run` to build and run it:\n\n```\ngo run github.com/daveshanley/vacuum@latest lint \u003cyour-openapi-spec.yaml\u003e\n```\n\n## Upgrade vacuum\n\nIf vacuum was installed with Homebrew, npm, or the shell installer, run:\n\n```bash\nvacuum upgrade\n```\n\nvacuum will detect the install path and use the matching upgrade mechanism when it can. Normal commands may also show an\nupdate notice when a newer stable release is available. The passive check keeps only a small temporary cache in the OS temp\ndirectory, refreshed at most every 12 hours. Use `--no-update-check` or `VACUUM_NO_UPDATE_CHECK=true` to skip that check.\n\n---\n\n## Sponsors\nIf your company is using `vacuum`, please consider [supporting this project](https://github.com/sponsors/daveshanley),\nlike our _very kind_ sponsors, past and present:\n\n\n\u003ca href=\"https://scalar.com\"\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\".github/sponsors/scalar-dark.png\"\u003e\n  \u003cimg alt=\"scalar\" src=\".github/sponsors/scalar-light.png\"\u003e\n\u003c/picture\u003e\n\u003c/a\u003e\n\n[scalar](https://scalar.com)\n\n\u003ca href=\"https://apideck.com\"\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\".github/sponsors/apideck-dark.png\"\u003e\n  \u003cimg alt=\"apideck'\" src=\".github/sponsors/apideck-light.png\"\u003e\n\u003c/picture\u003e\n\u003c/a\u003e\n\n[apideck](https://apideck.com)\n\n---\n\n## Come chat with us\n\nNeed help? Have a question? Want to share your work? [Join our discord](https://discord.gg/UAcUF78MQN) and\ncome say hi!\n\n## Documentation\n\n🔥 **New in** `v0.29` 🔥: **Lint AsyncAPI 3 documents in vacuum**\n\n[AsyncAPI](https://www.asyncapi.com) is now a first-class document type in vacuum, alongside OpenAPI and JSON Schema.\nUse the normal `lint` command and vacuum will detect AsyncAPI 3 documents automatically.\n\n- [Read more about AsyncAPI linting in vacuum](https://quobix.com/vacuum/asyncapi/)\n- [See the default AsyncAPI ruleset](https://quobix.com/vacuum/rulesets/asyncapi-recommended/)\n- [See every built-in AsyncAPI rule](https://quobix.com/vacuum/rulesets/asyncapi/)\n- [Generate an AsyncAPI ruleset](https://quobix.com/vacuum/commands/generate-ruleset/)\n- [See the AsyncAPI functions](https://quobix.com/vacuum/functions/asyncapi/)\n\n---\n\n🔥 **New in** `v0.28` 🔥: **Lint JSON Schema documents in vacuum**\n\nA new `schema` command has been added that opens up vacuum to JSON Schema specific linting rules and checks! \nWith a whole new set of functions and rules, specifically for JSON Schema documents. \n\nTry it out on your own JSON Schema docs! with `vacuum schema`\n\n- [Read more about JSON Schema linting in vacuum](https://quobix.com/vacuum/json-schema/)\n- [Read the available `schema` command options](https://quobix.com/vacuum/commands/schema/)\n- [See the new recommended JSON Schema ruleset](https://quobix.com/vacuum/rulesets/json-schema-recommended/)\n\n---\n\n`v0.27`: **Generate OpenAPI Documentation in vacuum**\n\nA new `docs` command will generate the **best OpenAPI Documentation you ever saw**! Now vacuum has \nintegrated with [the printing press](https://github.com/pb33f/printing-press), it means\ngenerating documentation with built-in linting results is available _right inside vacuum_.\n\nTry it out! instead of the `lint` command try the `docs` command instead.\n\n- [Read more about API Docs in vacuum](https://quobix.com/vacuum/api-docs/)\n- [Read the `docs` command reference](https://quobix.com/vacuum/commands/docs/)\n- [Read more about the printing press](https://pb33f.io/printing-press/)\n- [Learn about rendering modes](https://pb33f.io/printing-press/rendering-modes/)\n- [Learn about diagnostics mode](https://pb33f.io/printing-press/diagnostics-mode/)\n- [Learn about API catalogs](https://pb33f.io/printing-press/api-catalog/)\n- [Learn about agentic AI output](https://pb33f.io/printing-press/agentic-ai/)\n- [Learn about generated outputs](https://pb33f.io/printing-press/outputs/)\n\n---\n\n`v0.25`: **Generate Open Collections from OpenAPI files**\n\nA new `open-collection` command will generate an [Open Collection](https://www.opencollection.com/) Workflow folder\n(or bundled file)\n\nOpen Collection is a new standard for defining and sharing API collections. vacuum supports it natively.\n\n[Read More](https://quobix.com/vacuum/commands/open-collection/)\n\n---\n\n\n`v0.24`: **TURBO MODE**\n\nA huge tune up of hundreds of systems across the stack has resulted in significant speed boosts and improved memory performance.\n\n| Spec | Size | v0.23 | Turbo | Speedup |\n|------|------|-------|-------|-----|\n| petstore.yaml | 21KB | 0.03s | 0.02s | 33% |\n| mistral.yaml | 292KB | 0.17s | 0.10s | 41% |\n| neon.yaml | 370KB | 0.21s | 0.08s | 62% |\n| ld.yaml | 1.9MB | 0.93s | 0.31s | 67% |\n| plaid.yml | 2.9MB | 1.39s | 0.53s | 62% |\n| stripe.yaml | 6.1MB | 3.11s | 0.85s | 73% |\n\nThe bigger the spec, the faster vacuum runs!\n\nNew `-T` flag will enable **turbo mode**. Go ultra-fast!\n\n---\n\n`v0.23`: **OpenAPI Overlay Support**\n\nEver needed to tweak an OpenAPI spec for different environments without maintaining multiple copies? \n\nMaybe swap out server URLs between dev, staging, and production? Or perhaps strip out internal endpoints before publishing the API docs?\n\nOpenAPI Overlays are the answer. They let us make non-destructive modifications to specs using JSONPath expressions to \ntarget exactly what we want to change. vacuum now supports a new `apply-overlay` command.\n\n- [Learn more about the apply-overlay command](https://quobix.com/vacuum/commands/apply-overlay)\n\n---\n\n\n`v0.22`: **Async Functions / Promises, Fetch \u0026 Batch mode in Custom JS Functions**\n\nDo you want to call remote APIs in your vacuum javascript functions? What about async processing or the ability to use Promises?\n\nvacuum now has its own event loop and will happily support `async` and `await`. Combined with a full implementation of [Fetch](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API).\n\nAlso added **Batch Mode**. This allows custom functions to receive the entire list of nodes, instead of firing the function \nfor each result, so you can send all your data off to an API or an LLM, and have the ability parse and process everything at once\nvs individually. \n\n- [Read all about async JS functions in vacuum](https://quobix.com/vacuum/api/custom-javascript-functions/#async-functions--promises)\n- [Learn about using fetch in vacuum](https://quobix.com/vacuum/api/custom-javascript-functions/#fetch-api)\n- [find out how batch mode works](https://quobix.com/vacuum/api/custom-javascript-functions/#batch-mode-processing)\n\n---\n\n### [Quick Start Guide 🚀](https://quobix.com/vacuum/start)\n\nSee all the documentation at https://quobix.com/vacuum\n\n- [Installing vacuum](https://quobix.com/vacuum/installing/)\n- [About vacuum](https://quobix.com/vacuum/about/)\n- [Why should you care?](https://quobix.com/vacuum/why/)\n- [Concepts](https://quobix.com/vacuum/concepts/)\n- [FAQ](https://quobix.com/vacuum/faq/)\n- [Linting AsyncAPI](https://quobix.com/vacuum/asyncapi/)\n- [Ignoring lint results](https://quobix.com/vacuum/ignoring/)\n- [Generate API Docs](https://quobix.com/vacuum/api-docs/)\n- [Linting JSON Schema](https://quobix.com/vacuum/json-schema/)\n- [CLI Commands](https://quobix.com/vacuum/commands/)\n  - [lint](https://quobix.com/vacuum/commands/lint/)\n  - [vacuum report](https://quobix.com/vacuum/commands/report/)\n  - [docs](https://quobix.com/vacuum/commands/docs/)\n  - [dashboard](https://quobix.com/vacuum/commands/dashboard/)\n  - [html-report](https://quobix.com/vacuum/commands/html-report/)\n  - [bundle](https://quobix.com/vacuum/commands/bundle/)\n  - [spectral-report](https://quobix.com/vacuum/commands/spectral-report/)\n  - [language-server](https://quobix.com/vacuum/commands/language-server/)\n  - [upgrade](https://quobix.com/vacuum/commands/upgrade/)\n  - [apply-overlay](https://quobix.com/vacuum/commands/apply-overlay/)\n  - [schema](https://quobix.com/vacuum/commands/schema/)\n  - [Change Detection](https://quobix.com/vacuum/commands/change-detection/)\n  - [open-collection](https://quobix.com/vacuum/commands/open-collection/)\n  - [generate-ruleset](https://quobix.com/vacuum/commands/generate-ruleset/)\n  - [version](https://quobix.com/vacuum/commands/version/)\n  - [External References](https://quobix.com/vacuum/commands/external-references/)\n  - [Exit Codes](https://quobix.com/vacuum/commands/exit-codes/)\n- [Developer API](https://quobix.com/vacuum/api/getting-started/)\n  - [Using The Index](https://quobix.com/vacuum/api/spec-index/)\n  - [RuleResultSet](https://quobix.com/vacuum/api/rule-resultset/)\n  - [Loading a RuleSet](https://quobix.com/vacuum/api/loading-ruleset/)\n  - [Linting Non-OpenAPI Files](https://quobix.com/vacuum/api/non-openapi/)\n  - [Custom Golang Functions](https://quobix.com/vacuum/api/custom-functions/)\n  - [Custom JavaScript Functions](https://quobix.com/vacuum/api/custom-javascript-functions/)\n- [Rules](https://quobix.com/vacuum/rules/)\n  - [Examples](https://quobix.com/vacuum/rules/examples/)\n  - [Tags](https://quobix.com/vacuum/rules/tags/)\n  - [Descriptions](https://quobix.com/vacuum/rules/descriptions/)\n  - [Schemas](https://quobix.com/vacuum/rules/schemas/)\n  - [Spec Information](https://quobix.com/vacuum/rules/information/)\n  - [Operations \u0026 Paths](https://quobix.com/vacuum/rules/operations/)\n  - [Channels](https://quobix.com/vacuum/rules/channels/)\n  - [Messages](https://quobix.com/vacuum/rules/messages/)\n  - [Servers](https://quobix.com/vacuum/rules/servers/)\n  - [Validation](https://quobix.com/vacuum/rules/validation/)\n  - [Security](https://quobix.com/vacuum/rules/security/)\n  - [OWASP](https://quobix.com/vacuum/rules/owasp/)\n- [Functions](https://quobix.com/vacuum/functions/)\n  - [Core Functions](https://quobix.com/vacuum/functions/core/) \n  - [OpenAPI Functions](https://quobix.com/vacuum/functions/openapi/)\n  - [OWASP Functions](https://quobix.com/vacuum/functions/owasp/)\n  - [AsyncAPI Functions](https://quobix.com/vacuum/functions/asyncapi/)\n- [Understanding RuleSets](https://quobix.com/vacuum/rulesets/understanding/)\n  - [Sharing RuleSets](https://quobix.com/vacuum/rulesets/sharing/)\n  - [All Rules](https://quobix.com/vacuum/rulesets/all/)\n  - [No Rules](https://quobix.com/vacuum/rulesets/no-rules/)\n  - [Recommended Rules](https://quobix.com/vacuum/rulesets/recommended/)\n  - [AsyncAPI Default Rules](https://quobix.com/vacuum/rulesets/asyncapi-recommended/)\n  - [AsyncAPI All Rules](https://quobix.com/vacuum/rulesets/asyncapi/)\n  - [Custom Rules](https://quobix.com/vacuum/rulesets/custom-rulesets/)\n\n---\n\n\u003e **vacuum can suck all the lint of a 5mb API description in milliseconds.**\n\nDesigned to reliably lint API descriptions, **very, very quickly**. Including _very large_ ones. Spectral can be quite slow\nwhen used as an API and does not scale for enterprise applications.\n\nvacuum will tell you what is wrong with your spec, why, where, and how to fix it. \n\nvacuum will work at scale and is designed as a CLI (with a web or console UI) and a library to be consumed in other applications.\n\n### Dashboard\n\nvacuum comes with an interactive dashboard (`vacuum dashboard \u003cyour-openapi-spec.yaml\u003e`) allowing you to explore\nrules and violations in a console, without having to scroll through thousands of results.\n\n\u003ca href=\"https://quobix.com/vacuum/commands/dashboard/\"\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\".github/assets/dashboard.gif\"\u003e\n  \u003cimg alt=\"dashboard\" src=\".github/assets/dashboard.gif\"\u003e\n\u003c/picture\u003e\n\u003c/a\u003e\n\nTo read about the dashboard, see the [dashboard command docs](https://quobix.com/vacuum/commands/dashboard/).\n\n### HTML Report\n\nvacuum can generate an easy to navigate and understand HTML report. Like the dashboard\nyou can explore broken rules and violations, but in your browser.\n\nNo external dependencies, the HTML report will run completely offline.\n\n![vacuum html-report](.github/assets/html-report-screenshot.png)\n\n---\n\n\u003e **_Supports OpenAPI Version 2, OpenAPI Version 3+, AsyncAPI 3, and JSON Schema documents_**\n\nYou can use either **YAML** or **JSON**, vacuum supports both formats.\n\n## Using vacuum with pre-commit\n\nVacuum can be used with [pre-commit](https://pre-commit.com).\n\nTo do that, add to your `.pre-commit-config.yaml`:\n\n```yaml\nrepos:\n  - repo: https://github.com/daveshanley/vacuum\n    rev: # a tag or a commit hash from this repo, see https://github.com/daveshanley/vacuum/releases\n    hooks:\n      - id: vacuum\n```\n\nSee the [hook definition](./.pre-commit-hooks.yaml) here for details on what options the hook uses and what files it checks by default.\n\nIf no filenames or more than one filename in your repository matches the default `files` pattern in the hook definition,\nthe pattern needs to be overridden in your config so that it matches exactly one filename to lint at a time.\nTo lint multiple files, specify the hook multiple times with the appropriate overrides.\n\n## Build an interactive HTML report \n\n`vacuum html-report` is included in official release binaries. If you install via `go install github.com/daveshanley/vacuum@\u003cversion\u003e`, the command is compiled without the HTML report UI bundles. To enable it from source, run `./scripts/build-ui-assets.sh` and build with `-tags html_report_ui`.\n\n```\n./vacuum html-report \u003cyour-openapi-spec.yaml | vacuum-report.json.gz\u003e \u003creport-name.html\u003e\n```\n\nYou can replace `report-name.html` with your own choice of filename. Open the report\nin your favorite browser and explore the results. \n\n\n## See full linting report \n\n```\n./vacuum lint -d \u003cyour-openapi-spec.yaml\u003e\n```\n\n\n## Lint multiple files at once\n\n```\n./vacuum lint -d \u003cspec1.yaml\u003e \u003cspec2.yaml\u003e \u003cspec3.yaml\u003e\n```\n\n## Lint multiple files using a glob pattern\n\n```\n./vacuum lint -d some/path/**/*.yaml\n```\n\n## See full linting report with inline code snippets\n\n```\n./vacuum lint -d -s \u003cyour-openapi-spec.yaml\u003e\n```\n\n## See just the linting errors\n\n```\n./vacuum lint -d -e \u003cyour-openapi-spec.yaml\u003e\n```\n\n## See just a specific category of report\n\n\n```\n./vacuum lint -d -c schemas \u003cyour-openapi-spec.yaml\u003e\n```\n\nThe options here are:\n\n- `examples`\n- `operations`\n- `information`\n- `descriptions`\n- `schemas`\n- `security`\n- `tags`\n- `validation`\n- `owasp`\n\n## Generate a Spectral compatible report\n\nIf you're already using Spectral JSON reports, and you want to use vacuum instead, use the `spectral-report` command\n\n```\n./vacuum spectral-report \u003cyour-openapi-spec.yaml\u003e \u003creport-output-name.json\u003e\n```\n\nThe report file name is _optional_. The default report output name is `vacuum-spectral-report.json`\n\n\n## Generate a `vacuum report`\n\nVacuum reports are complete snapshots in time of a linting report for a specification. These reports can be 'replayed' \nback through vacuum. Use the `dashboard` or the `html-report` commands to 'replay' the report and explore the results\nas they were when the report was generated.\n\n```\n./vacuum report -c \u003cyour-openapi-spec.yaml\u003e \u003creport-prefix\u003e\n```\n\nThe default name of the report will be `vacuum-report-MM-DD-YY-HH_MM_SS.json`. You can change the prefix by supplying\nit as the second argument to the `report` command. \n\nIdeally, **you should compress the report using `-c`**. This shrinks down the size significantly. vacuum automatically\nrecognizes a compressed report file and will deal with it automatically when reading.\n\n\u003e When using compression, the file name will be `vacuum-report-MM-DD-YY-HH_MM_SS.json.gz`. vacuum uses gzip internally.\n\n## Ignoring specific linting errors\n\nYou can ignore specific linting errors by providing an `--ignore-file` argument to commands that run or replay lint results, including `lint`, `report`, `spectral-report`, `html-report`, `dashboard`, and `docs`.\n\n```\n./vacuum lint --ignore-file \u003cpath-to-ignore-file.yaml\u003e -d \u003cyour-openapi-spec.yaml\u003e\n```\n\n```\n./vacuum report --ignore-file \u003cpath-to-ignore-file.yaml\u003e -c \u003cyour-openapi-spec.yaml\u003e \u003creport-prefix\u003e\n```\n\nThe ignore-file should point to a `.yaml` file that contains exact result paths or JSONPath expressions to be ignored by vacuum. The structure of the YAML file is as follows:\n\n```\n\u003crule-id-1\u003e:\n  - \u003cjson_path_to_error_or_warning_1\u003e\n  - \u003cjson_path_to_error_or_warning_2\u003e\n\u003crule-id-2\u003e:\n  - \u003cjson_path_to_error_or_warning_1\u003e\n  - \u003cjson_path_to_error_or_warning_2\u003e\n  ...\n```\n\nIgnoring errors is useful for when you want to implement new rules to existing production APIs. In some cases, \ncorrecting the lint errors would result in a breaking change. Having a way to ignore these errors allows you to implement\nthe new rules for new APIs while maintaining backwards compatibility for existing ones.\n\n---\n\n## Try out the dashboard\n\nThis is an early, but working console UI for vacuum. The code isn't great, it needs a lot of clean up, but\nif you're interested in seeing how things are progressing, it's available.\n\n```\n./vacuum dashboard \u003cyour-openapi-spec.yaml | vacuum-report.json.gz\u003e\n```\n\n---\n## Supply your own Spectral compatible ruleset\n\nIf you're already using Spectral and you have your own [custom ruleset](https://meta.stoplight.io/docs/spectral/e5b9616d6d50c-custom-rulesets#custom-rulesets),\nthen you can use it with vacuum! \n\nThe `lint`, `dashboard`, `docs`, `html-report`, `report`, and `spectral-report` commands all accept a `-r` or `--ruleset` flag, defining the path to your ruleset file.\n\n### Here are some examples you can try\n\n**_All rules turned off_**\n```\n./vacuum lint -r rulesets/examples/norules-ruleset.yaml \u003cyour-openapi-spec.yaml\u003e\n```\n\n**_Only recommended rules_**\n```\n./vacuum lint -r rulesets/examples/recommended-ruleset.yaml \u003cyour-openapi-spec.yaml\u003e\n```\n\n**_Enable specific rules only_**\n```\n./vacuum lint -r rulesets/examples/specific-ruleset.yaml \u003cyour-openapi-spec.yaml\u003e\n```\n\n**_Custom rules_**\n```\n./vacuum lint -r rulesets/examples/custom-ruleset.yaml \u003cyour-openapi-spec.yaml\u003e\n```\n\n**_All rules, all of them!_**\n```\n./vacuum lint -r rulesets/examples/all-ruleset.yaml \u003cyour-openapi-spec.yaml\u003e\n```\n\n---\n\n## Reference resolution in rules\n\nvacuum has two resolved-execution controls:\n\n- Per rule: `resolved`\n- Per run: `--resolve-all-refs` or `motor.ExecutionOptions{ResolveAllRefs: true}`\n\nIn YAML/JSON rulesets, `resolved` defaults to `true`. In that mode, `given`, matched nodes, `Index`, and `SpecInfo` come from the dereferenced document, but `context.Document` stays unresolved for compatibility.\n\nSet `resolved: false` when a rule needs the raw document, for example to inspect `$ref` directly. If you build `model.Rule` values in Go, set `Resolved` explicitly.\n\n```yaml\nrules:\n  response-has-content:\n    given: \"$.paths[*][*].responses['404']\"\n    resolved: false\n    then:\n      field: content\n      function: defined\n```\n\n`--resolve-all-refs` forces every rule into resolved execution, overrides `resolved: false`, and also supplies resolved `context.Document` to rule functions.\n\nUse `--nested-refs-doc-context` or `motor.ExecutionOptions{NestedRefsDocContext: true}` for split specs where an external file contains another relative `$ref`. That makes nested relative refs resolve from the referenced document instead of the root document. It only affects resolved execution, including runs forced by `--resolve-all-refs`.\n\n---\n\n## Configuration\n\n### File\nYou can configure vacuum using a configuration file named `vacuum.conf.yaml`\n\nBy default, vacuum searches for this file in the following locations:\n1. Working directory\n2. `$XDG_CONFIG_HOME`, when set\n3. `${HOME}/.config`, when `$XDG_CONFIG_HOME` is not set\n\nYou can also specify a path to a file using the `--config` flag\n\nGlobal flags are configured as top level nodes\n```yaml\ntime: true\nbase: 'http://example.com'\n...\n```\nCommand specific flags are configured under a node with the commands name\n```yaml\n...\nlint:\n  silent: true\n  ...\n```\n\n### Environment variables\n\nYou can configure global vacuum flags using environment variables in the form of: `VACUUM_\u003cflag\u003e`\n\nIf a flag, has a `-` in it, replace with `_`\n\n\n## Auto-fixing rule violations\n\nIf you have a rule that doesn't need a human to look at it, and the change can be reliably automated you can configure an `AutoFixFunction` on the rule. When you then run the `lint` command you can pass the `--fix` flag and the violation will be automatically fixed.\n\n### Set up\n\n1. Define a rule that has an `autoFixFunction`, e.g.:\n```yaml\nrules:\n  use-compatible-extensions:\n    autoFixFunction: useExtensibleEnum\n    description: Prefer compatible extensions\n    id: use-compatible-extensions\n    given: \"$.components.schemas[?@.enum]\"\n    severity: warn\n    message: Use x-extensible-enum instead of enum for better compatibility\n    then:\n      field: enum\n      function: falsy\n```\n\nThis rule flags any usage of `enum` and recommends they are updated to `x-extensible-enum`.\nA simple change which can be easily auto fixed!\n\n2. Create a function which performs the auto-fix.\n```go\nfunc useExtensibleEnum(\n\tnode *yaml.Node,\n\tdocument *yaml.Node,\n\tcontext *model.RuleFunctionContext,\n) (*yaml.Node, error) {\n\tif node.Kind != yaml.MappingNode {\n\t\treturn node, nil\n\t}\n\n\tfor i := 0; i \u003c len(node.Content); i += 2 {\n\t\tif i+1 \u003e= len(node.Content) {\n\t\t\tbreak\n\t\t}\n\n\t\tkeyNode := node.Content[i]\n\n\t\tif keyNode.Value == \"enum\" {\n\t\t\tkeyNode.Value = \"x-extensible-enum\"\n\n\t\t\treturn node, nil\n\t\t}\n\t}\n\n\treturn node, nil\n}\n```\n\n\u003e [!NOTE]\n\u003e The auto fix function must satisfy the `AutoFixFunction` type.\n\u003e It should take in the `*yaml.Node` of the violation, the root `*yaml.Node` of the document and the `RuleFunctionContext`.\n\u003e It should return the fixed `*yaml.Node` and an error.\n\n3. Configure your `RuleSetExecution` to use the auto fix function.\n```go\nfunc Lint(rulesFile string, specFile string) error {\n\trules, err := rulesets.LoadLocalRuleSet(ctx, rulesFile)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"error loading ruleset: %w\", err)\n\t}\n\n\trs := rulesets.BuildDefaultRuleSetsWithLogger(slog.Logger).\n\t\tGenerateRuleSetFromSuppliedRuleSet(rules)\n\n\t// NOTE: only showing the fields on the RuleSetExecution relevant to auto-fixing.\n\tresults := motor.ApplyRulesToRuleSet(\u0026motor.RuleSetExecution{\n\t\tAutoFixFunctions: map[string]model.AutoFixFunction{\n\t\t\t\"useExtensibleEnum\": useExtensibleEnum,\n\t\t},\n\t\tApplyAutoFixes:         true,\n\t\tRuleSet:                rs,\n\t})\n\n\t// Write back to file if fixes were applied\n\tif len(lintResults.FixedResults) \u003e 0 \u0026\u0026 autoFix {\n\t\tfileInfo, _ := os.Stat(specFile)\n\n\t\terr = os.WriteFile(specFile, result.ModifiedSpec, fileInfo.Mode())\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to write file %s: %w\", c.file, err)\n\t\t}\n\t}\n\n\treturn nil\n}\n```\n\nWhen the auto fix function runs, if it returns an error the fix will not be applied, the error will be logged, and the violation will be reported in the standard results.\n\nIf the auto fix function succeeds the yaml node flagged by the violation will be replaced with the transformed version returned by the auto fix function.\n\n\u003e [!TIP]\n\u003e When using `vacuum` as a library You can access the fixed yaml content in the `RuleSetExecutionResult.ModifiedSpec`, and choose where to write the file.\n\u003e \n\u003e When using `vacuum` as a cli, the `--fix` flag will overwrite the spec file in place, and `--fix-file` flag lets you specify an alternative file to write the content to, if you want to compare the outputs.\n\n### Usage\n\n\n\u003e Logo gopher is modified, originally from [egonelbre](https://github.com/egonelbre/gophers)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaveshanley%2Fvacuum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaveshanley%2Fvacuum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaveshanley%2Fvacuum/lists"}