Package Exports

fhir-capability-analyzer
fhir-capability-analyzer/registry

Readme

fhir-capability-analyzer

A TypeScript CLI and library that answers the question: "What does this FHIR server actually support?"

Fetch a CapabilityStatement from any FHIR server URL or local JSON file
Summarize resources, interactions, operations, and security in a readable format
Detect conformance to international profiles: US Core, UK Core, AU Core, IPS, IPA, SMART App Launch, ISiK, and more
Generate a structured analysis report with warnings for common configuration issues
Compare two servers' capabilities side by side
Output as human-readable text, JSON (CI-friendly), or Markdown

The browser-safe core works in Node.js, Deno, Cloudflare Workers, and browser bundles. The CLI wraps the same core with file I/O and exit codes.

Why this exists

Every FHIR server exposes a CapabilityStatement at /metadata describing every resource, interaction, search parameter, and security mechanism it supports. Reading one by hand is painful: a typical document runs 1,000 to 3,000 lines of deeply nested JSON.

fhir-capability-analyzer does that reading for you: fetch, parse, summarize, and compare, all from the command line. It also detects which international profiles a server declares support for, which is useful when integrating with servers in different countries or healthcare systems.

Quick start

# Analyze a live server
npx fhir-capability-analyzer analyze https://hapi.fhir.org/baseR4

# Analyze a local file
npx fhir-capability-analyzer analyze ./capability.json

# JSON output (CI-friendly, stable schema)
npx fhir-capability-analyzer analyze https://hapi.fhir.org/baseR4 --format json

# Markdown output
npx fhir-capability-analyzer analyze https://hapi.fhir.org/baseR4 --format markdown

# Compare two servers
npx fhir-capability-analyzer compare https://server-a.example.com https://server-b.example.com

# Compare and fail CI if differences found
npx fhir-capability-analyzer compare ./baseline.json https://server.example.com --exit-on-diff

Sample output

Server: HAPI FHIR R4 Test Server
FHIR Version: 4.0.1
Status: active
Formats: application/fhir+json, application/fhir+xml, json, xml

Resources (3)
-------------
Patient                        read, vread, update, patch, delete, history-instance, history-type, create, search-type [7 search params]
Observation                    read, create, update, delete, search-type [4 search params]
Condition                      read, create, update, search-type [3 search params]

Operations (2)
--------------
  $everything
  $validate

Profile Conformance
-------------------
  (No known profiles detected)

Security
--------
  CORS: enabled
  Auth: (none declared)

Installation

# Global CLI
npm install -g fhir-capability-analyzer

# Project dependency (library use)
npm install fhir-capability-analyzer

CLI reference

`analyze <source>`

Analyze a CapabilityStatement from a URL or local JSON file.

Arguments:
  source              FHIR server URL or path to local JSON file

Options:
  -f, --format        Output format: text | json | markdown  (default: text)
  --bearer-token      Bearer token for OAuth 2.0 protected servers
  -v, --version       Print version
  -h, --help          Show help

Exit codes:
  0  Success, no warnings
  1  Success, but warnings were found (text and markdown modes only)
  2  Fetch or parse error

`compare <sourceA> <sourceB>`

Compare two FHIR servers' capabilities.

Arguments:
  sourceA             FHIR server URL or local JSON file (baseline)
  sourceB             FHIR server URL or local JSON file (target)

Options:
  -f, --format        Output format: text | json | markdown  (default: text)
  --exit-on-diff      Exit with code 1 when differences are found
  --bearer-token      Bearer token for OAuth 2.0 protected servers
  -h, --help          Show help

Authentication

For OAuth 2.0 protected servers, pass the token via flag or environment variable:

# Via flag
fhir-capability-analyzer analyze https://secure.example.com --bearer-token "$TOKEN"

# Via environment variable (preferred for CI — keeps the token out of shell history)
FHIR_TOKEN=eyJ... fhir-capability-analyzer analyze https://secure.example.com

# Compare two secured servers (same token used for both)
FHIR_TOKEN=eyJ... fhir-capability-analyzer compare https://server-a.example.com https://server-b.example.com

The --bearer-token flag takes precedence over FHIR_TOKEN. Tokens are never written to stdout or included in any output format.

TypeScript library API

import {
  fetchCapabilityStatement,
  parseFromJson,
  analyze,
  compare,
} from "fhir-capability-analyzer";

import { detectProfiles } from "fhir-capability-analyzer/registry";

// Fetch from a live server
const result = await fetchCapabilityStatement("https://hapi.fhir.org/baseR4");

// Fetch from an OAuth 2.0 protected server
const result = await fetchCapabilityStatement("https://secure.example.com", {
  headers: { Authorization: `Bearer ${token}` },
});
if (!result.success) throw new Error(result.error);

// Analyze
const report = analyze(result.capability);
console.log(report.summary.resourceCount); // number of resources
console.log(report.conformance.detectedProfiles); // ProfileConformance[]
console.log(report.warnings); // string[]

// Parse from local JSON (e.g., after fs.readFileSync)
const localResult = parseFromJson(JSON.parse(rawJson));

// Compare two capabilities
const diff = compare(capA, capB);
// diff.added, diff.removed, diff.changed — ComparisonDifference[]

// Profile detection only
const profiles = detectProfiles([
  "http://hl7.org/fhir/us/core/StructureDefinition/us-core-patient",
]);
// [{ url, name, country, standard }]

Profile detection

Detects conformance to known international and national FHIR profiles by matching profile URLs declared in instantiates, implementationGuide, and per-resource profile/supportedProfile fields.

Standard	Country	Canonical URL prefix
US Core	🇺🇸 us	`http://hl7.org/fhir/us/core/`
UK Core	🇬🇧 uk	`https://fhir.hl7.org.uk/`, `https://fhir.nhs.uk/`
AU Core	🇦🇺 au	`http://hl7.org.au/fhir/core/`
AU Base	🇦🇺 au	`http://hl7.org.au/fhir/`
CA Baseline	🇨🇦 ca	`http://hl7.org/fhir/ca/baseline/`
IPS	🌍 international	`http://hl7.org/fhir/uv/ips/`
IPA	🌍 international	`http://hl7.org/fhir/uv/ipa/`
SMART App Launch	🌍 international	`http://fhir-registry.smarthealthit.org/`, `http://hl7.org/fhir/smart-app-launch/`
ISiK	🇩🇪 de	`https://gematik.de/fhir/isik/`, `https://gematik.de/fhir/ISiK/`
FR Core	🇫🇷 fr	`http://hl7.org/fhir/fr/core/`, `https://hl7.fr/ig/fhir/`
NL Nictiz	🇳🇱 nl	`http://nictiz.nl/fhir/`
IHE	🌍 international	`https://profiles.ihe.net/`

These are FHIR canonical identifiers. Some canonical URL hosts do not resolve in a browser, but the identifiers still need to be matched exactly when they appear in a CapabilityStatement.

Architecture

src/core/        browser-safe functional core
  types.ts       all shared TypeScript interfaces
  parse.ts       CapabilityStatement → ServerCapability
  fetch.ts       fetch from URL, parse from JSON
  analyze.ts     ServerCapability → AnalysisReport
  compare.ts     ServerCapability × ServerCapability → ComparisonReport

src/registry/    browser-safe profile registry
  profiles.ts    known profile URL patterns
  detect.ts      detectProfiles(urls[]) → ProfileConformance[]

src/formatters/  browser-safe output renderers
  text.ts        human-readable text
  json.ts        stable JSON
  markdown.ts    Markdown tables

src/cli/         Node.js adapter (thin shell over core)
  commands/      analyze.ts, compare.ts

No code under src/core/, src/registry/, or src/formatters/ imports Node.js APIs. This is enforced by TypeScript and tested.

What this tool does NOT do

Full StructureDefinition / profile conformance validation — use the HL7 FHIR Validator
Profile evaluation beyond URL pattern matching (only checks declared URLs, not resource content)
OAuth 2.0 authorization flows — you need to obtain a bearer token separately and pass it via --bearer-token or FHIR_TOKEN
IG package resolution or download
XML to JSON conversion — use the fhir package

Supported FHIR versions

R4 (4.0.1), R4B (4.3.0), R5 (5.0.0) — auto-detected from the fhirVersion field.

The FHIR TypeScript ecosystem

fhir-capability-analyzer is part of a small family of tools for FHIR developer workflows:

Tool	Purpose
`fhir-resource-diff`	Validate, diff, and compare individual FHIR JSON resources
`fhir-test-data`	Generate valid FHIR test data with country-aware identifiers (14 locales)
`fhir-capability-analyzer` (this package)	Fetch, analyze, and compare FHIR server CapabilityStatements

Using them together:

# Check what a server supports before running integration tests
fhir-capability-analyzer analyze https://your-fhir-server.example.com

# Generate test patients and validate them against the FHIR spec
fhir-test-data generate patient --locale uk --seed 42 | \
  fhir-resource-diff validate - --fhir-version R4

# Compare two servers to find differences before a migration
fhir-capability-analyzer compare https://old-server.example.com https://new-server.example.com \
  --exit-on-diff

Development

Prerequisites

Node.js >= 20
pnpm >= 9

Setup

git clone https://github.com/dnlbox/fhir-capability-analyzer.git
cd fhir-capability-analyzer
pnpm install

Common scripts

Script	Purpose
`pnpm cli -- analyze <url>`	Run CLI from source
`pnpm test`	Run tests
`pnpm test:watch`	Run tests in watch mode
`pnpm typecheck`	TypeScript type checking
`pnpm lint`	ESLint
`pnpm build`	Production build (tsup)

Roadmap

Authentication support for secured FHIR servers (OAuth 2.0 token injection)
--assert flag for CI: fail if a specific profile is not detected

JSPM