Is this module hardened for production use?

[AidanWelch]

Is it protected against various types of attacks request bodies could include, such as DOS through large JSONs or ReDoS? Also, I think Go isn't vulnerable to it, but format string attacks. Or is this more focused on development/testing use?

[daveshanley]

It should be considered production ready. It's used in a number of production products already.

If you find any weakness or vulnerability, please let me know, otherwise consider it stable, supported and hardened.

It has 99.8% code coverage. https://app.codecov.io/gh/pb33f/libopenapi-validator