All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Add
GET /v3/languages?resource=<resource>endpoint returning the languages supported by a resource. Each language carrieslang,name,status,usable_as_source,usable_as_target, and afeaturesobject keyed by feature name (matching the live API shape). Supported resources:translate_text,translate_document,glossary,voice,write,style_rules. - Add
GET /v3/languages/resourcesendpoint listing each resource and the features it supports, withneeds_source_support/needs_target_supportflags per feature. - Add
GET /v3/translation_memoriesendpoint for listing translation memories - Add support for
translation_memory_idandtranslation_memory_thresholdparameters in/v2/translate - Add opt-in response validation against the DeepL OpenAPI spec. Enable by
setting
VALIDATE_RESPONSES=1; every response body is then validated and schema mismatches surface as structured errors. Spec source defaults to the public DeepL spec on GitHub and can be overridden withDEEPL_MOCK_SPEC_URL(fetch from URL) orDEEPL_MOCK_SPEC_PATH(read from a local file). - Log a startup banner stating whether OpenAPI spec validation is active
(
VALIDATE_REQUESTS/VALIDATE_RESPONSES), which spec source it loaded from, and the spec version, so it is unambiguous from the logs that validation is actually running. - Add
mock-server-session-5xx-countsession header for simulating transient 5xx responses (mirror ofmock-server-session-429-count). The status code defaults to 503 and can be overridden withmock-server-session-5xx-status. Applies to every API endpoint so SDK retry-on-5xx behavior can be exercised on any request the test cares about. - Add
GET /__session__/last-requestendpoint returning the most recent request captured for the session (method, path, headers, query, body). Lets tests assert what the SDK actually sent — including param values that the mock does not otherwise reflect in its response — under mock CI. - Add opt-in request-shape validation against the DeepL OpenAPI spec. Enable
by setting
VALIDATE_REQUESTS=1(mirror ofVALIDATE_RESPONSES=1); each request body, query and path parameter is then validated and schema mismatches surface as structured 4xx errors. Tests that deliberately send non-spec-conforming bodies can opt out per-session via themock-server-session-allow-extra-bodysession header.
- Fix
GET /v3/style_rulesandGET /v3/translation_memorieshandlers to accept the coerced number/boolean query-parameter values thatVALIDATE_REQUESTS=1produces. TheallowedValuesarrays previously hard-coded strings only, so coerced typed values failed the strictincludes()check. - Fix the default translation memory to return lowercase language codes
(
source_language,target_languages), matching the OpenAPI spec'sTranslationMemorySourceLanguageandTranslationMemoryTargetLanguageenums. Without this,VALIDATE_RESPONSES=1rejected every/v3/translation_memoriesresponse with a strict enum-validation error. - Enable ajv
coerceTypes: truein theVALIDATE_REQUESTS=1request-validator config so URL query / path / form-urlencoded values pass validation when they cleanly coerce to the spec-declared type. Without this, every wire-format-forced string failedtype: integer/type: boolean/type: arrayeven though prod accepts the same payloads. See AE-629. - Fix parsing of
custom_instructionsparameter during style rule creation to correctly handle array values - Fix list of languages that support write, styles and tones
- Fix error message returned when a language does not support styles or tones but one is configured.
- Fix
GET /v3/glossaries/{id}/entriesto return lowercasesource_lang/target_lang, matching the real API and the/v3/glossariescreate/list responses. The handler echoed the upper-cased query parameters, so dictionary entries came back with a different casing than every other v3 glossary response.
- Bumped
qsto~6.15.2to fix GHSA-q8mj-m7cp-5q26 (qs.stringifyDoS via TypeError on null/undefined entries in comma-format arrays). Unblocks thenpm audit --productiongate on every MR pipeline. - Updated dependencies to fix GHSA-j3q9-mxjg-w52f and GHSA-27v5-c462-wpq7 (path-to-regexp DoS vulnerability)
- Updated transitive
fast-urito fix GHSA-q3j6-qgpj-74h6 (path traversal via percent-encoded dot segments) and GHSA-v39h-62p7-jpjc (host confusion via percent-encoded authority delimiters) - Updated follow-redirects to fix GHSA-r4q5-vmmm-2653 (auth header leak on cross-domain redirects)
1.20.0 - 2026-03-17
- Added many new languages to
/v2/languagesresponse to match the live API. - Add full CRUD support for
/v3/style_rulesendpoints: create, get, list, update name, and delete style rules - Add
PUT /v3/style_rules/{style_id}/configured_rulesendpoint for updating configured rules - Add CRUD support for custom instructions on style rules: create, get, update, and delete
- Updated dependencies to fix GHSA-w7fw-mjwx-w883 (qs ReDoS vulnerability)
1.19.0 - 2026-02-03
- Update model_type_used to always be
quality_optimizedfor/translate - Update the error message used for using formality for unsupported languages
- Updated dependencies to fix CVE-2025-64718
- Bumped node requirement to >=18 to fix CVE-2025-15284
1.18.0 - 2025-12-10
- Added validation for
tag_handling_versionparameter in translate endpoint. Acceptsv1andv2values. /v2/usageendpoint: Now returns additional fields:products,api_key_character_count,api_key_character_limit,start_time, andend_timein the response, matching the latest DeepL API spec./v3/style_rulesendpoint: Add support for listing style rules with pagination (page, page_size) and detailed response options- Add
style_idparameter support to/v2/translateendpoint for style rule validation - Add
X-Trace-Idresponse header matching live API.
1.17.4 - 2025-04-22
- Add support for dot notation for x-www-form-encoded requests
- Fix path override functionality
1.17.3 - 2025-03-31
- Fixed dictionary entry merging in v3 glossary update function.
1.17.2 - 2025-03-26
- Fix language code comparisons to be case-insensitive
1.17.1 - 2025-03-20
- Fix erroneous copyright year changes
1.17.0 - 2025-03-18
- Add support for the v3 glossary endpoints in the mock server
1.16.3 - 2025-03-05
- Add additional path for testing path overrides
1.16.2 - 2025-02-12
- Return error when both writing style and tone are provided in the same request
1.16.1 - 2025-01-23
- Fix allowed values for writing styles.
1.16.0 - 2025-01-22
- Added checks for supported languages in the Write API.
1.15.3 - 2025-01-17
- Fix BCP-47 conversion for languages without hyphens.
- Accept variant-less target languages for Write (server chooses default variant).
1.15.2 - 2025-01-17
- Fix typo in util function that causes a crash.
1.15.1 - 2025-01-17
v2/write/rephrasenow returns the target language in BCP-47 format, like the real API.
1.15.0 - 2025-01-15
- Added support for the Write API in the mock server.
1.14.1 - 2025-01-14
- Update
path-to-regexpdependency due to CVE-2024-52798 - Update
cross-spawndependency due to CVE-2024-21538
1.14.0 - 2024-11-15
/translateendpoint: addedmodel_typerequest parameter andmodel_type_usedresponse parameter.
1.13.0 - 2024-09-13
- Add supported glossary languages: Danish (
'da'), Norwegian (bokmål) ('nb'), and Swedish ('sv'). - Add billed characters to translate-text function: (
show_billed_charactersrequest parameter, andbilled_charactersresponse parameter).
1.12.0 - 2024-04-08
- Verify keepalive is used by clients by rejecting session reuse on new sockets, except in case where no-response mode is active
- Add
mock-server-session-allow-missing-user-agentsession header to override missing User-Agent check. - Add supported glossary languages: Portuguese (
'PT'), Russian ('RU'), and Chinese ('ZH'). - Add
output_formatparameter for document upload, to specify the desired file format of the output file - Add new language Arabic (
'AR').
- Run
npm audit fixto update dependencies.
1.11.0 - 2023-07-06
- Add formality for Japanese (
'JA'). - Add JSON-requests support to certain endpoints, matching DeepL API.
1.10.0 - 2023-01-26
- Add new languages Korean (
'KO') and Norwegian (bokmål) ('NB'). - Add limited support for XLIFF files. As this mock server only translates text files, XLIFF files will return a 503 error (the same as for other file types).
1.9.1 - 2022-12-07
formality=defaultis allowed for all target languages.
1.9.0 - 2022-11-03
- Add to supported glossary language pairs:
- English <-> Dutch
1.8.1 - 2022-11-03
- Mock server incorrectly supported JSON requests that are not supported by
DeepL API. Support for JSON requests is removed.
- #3 thanks to DevViktorKovacs.
1.8.0 - 2022-09-26
- Add
formalityoptions:prefer_lessandprefer_more
- Glossary language codes are case-insensitive.
1.7.0 - 2022-09-09
- Add to supported glossary language pairs:
- German <-> French
- English <-> Italian
- English <-> Japanese
- English <-> Polish
- Add new language Ukrainian (
'UK').
- Fix bug with missing
target_langorsource_langin glossary create.
1.6.0 - 2022-07-07
- Add support for glossary creation using CSV format.
- Update contributing guidelines, we can now accept Pull Requests.
- Update
package-lock.json: removedicer0.3.0 from indirect dependencies.
1.5.0 - 2022-05-18
- Add new languages Indonesian (
'ID') and Turkish ('TR'').
1.4.0 - 2022-04-13
- Add
error_messagefield to document status if an error occurs during document translation fails, and check if detected source language matches target language. The deprecatedmessagefield is also added to match the live API.
- Update name for the target language
zhto "Chinese (simplified)".
1.3.2 - 2022-03-01
- Add support for
tag_handling=html. formalityparameter is checked againsttarget_lang.
- Update
package-lock.json: upgradefollow-redirectsto 1.14.9 to silence security warnings. Note: security vulnerability CVE-2022-0536 affects cross-domain proxying and has no impact here because the proxy server is restricted to target only the mock server itself.
- Raise request body size limits to 50 MiB.
- Fix error response message when attempting to download a document before it has been translated.
1.3.1 - 2022-01-21
- Add contribution guidelines -- currently we are unable to accept Pull Requests.
- npm start command now uses environment variables if defined for DEEPL_MOCK_SERVER_PORT and DEEPL_MOCK_PROXY_SERVER_PORT.
- Update
package-lock.json: upgradefollow-redirectsto 1.14.7 to silence security warnings. Note: security vulnerability CVE-2022-0155 affects cross-domain proxying and has no impact here because the proxy server is restricted to target only the mock server itself.
- Remove "localhost" from listen() calls.
1.3.0 - 2021-11-15
- Add glossary support for document translation.
- Add missing argument validation for: formality, split_sentences, preserve_formatting and outline_detection.
- Add an optional proxy server that proxies requests to the mock server, listening on port 3001 by default.
- Add
expect-proxysession variable to reject requests not via proxy, as determined by presence of theForwardedheader.
- Require a non-empty
User-Agentheader for all endpoints.
1.2.0 - 2021-10-06
- Add support for
/v2/glossary-languages-pairendpoint.
- Document status seconds_remaining field is an integer.
- Glossary info source and target languages are lowercase.
1.1.0 - 2021-09-13
- Add support for glossary API functions.
- Accept both query and body parameters for all HTTP methods.
- Refactor internal date usage to use Date objects.
1.0.1 - 2021-08-12
- Add explicit copyright notice to all source files.
1.0.0 - 2021-08-12
- Add support for Authorization header with
DeepL-Auth-Keyprefix.
- Fix bug in error responses introduced in eslint refactoring.
0.2.0 - 2021-08-03
- Use
eslintandairbnbstyle for code checking.
- Fix issue when no array parameters are specified.
0.1.0 - 2021-07-30
Initial version.