Ensures that every component specified in your API description is used at least once. In this context, "used" means that a component defined in the components object is referenced elsewhere in the API document with $ref.
| OAS | Compatibility |
|---|---|
| 2.0 | ❌ |
| 3.0 | ✅ |
| 3.1 | ✅ |
| 3.2 | ✅ |
This rule is intended to help security-focused enterprises prevent data leaks. Components can leak schemas, parameters, and other properties that may be unused in the exposed APIs, but used internally elsewhere.
However, your API document may contain common components used in other APIs. If that describes your use-case, turn this rule off.
| Option | Type | Description |
|---|---|---|
| severity | string | Possible values: off, warn, error. Default warn (in recommended configuration). |
An example configuration:
rules:
no-unused-components: errorGiven this configuration:
rules:
no-unused-components: errorExample of incorrect components:
openapi: 3.1.0
paths:
/customers:
$ref: '#/components/pathItems/customers'
components:
pathItems:
customers:
# ...
dealers:
# ...The dealers
PathItemis an unused component.
Example of correct components:
openapi: 3.1.0
paths:
/customers:
$ref: '#/components/pathItems/customers'
components:
pathItems:
customers:
# ...