Gathering detailed insights and metrics for @anatine/zod-nestjs
Gathering detailed insights and metrics for @anatine/zod-nestjs
Installations
npm install @anatine/zod-nestjsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.20.7
NPM Version
10.8.2
Releases
73
zod-nestjs-2.0.12
zod-nestjs-2.0.12
Updated on Apr 05, 2025
zod-nestjs-2.0.11
zod-nestjs-2.0.11
Updated on Apr 04, 2025
zod-mock-3.14.0
zod-mock-3.14.0
Updated on Apr 04, 2025
zod-openapi-2.2.8
zod-openapi-2.2.8
Updated on Apr 04, 2025
zod-mock-3.13.5
zod-mock-3.13.5
Updated on Jan 20, 2025
zod-nestjs-2.0.10
zod-nestjs-2.0.10
Updated on Jan 20, 2025
Languages
2
TypeScript
JavaScript
TypeScript (99.51%)
JavaScript (0.49%)
Developer
anatine
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
759 Stars
525 Commits
108 Forks
8 Watchers
12 Branches
53 Contributors
Updated on Jul 13, 2025
Maintainers
1
Package Meta Information
Latest Version
2.0.12
Package Id
@anatine/zod-nestjs@2.0.12
Unpacked Size
37.66 kB
Size
11.75 kB
File Count
22
NPM Version
10.8.2
Node Version
18.20.7
Published on
Apr 05, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
5
@anatine/zod-nestjs
Helper methods for using Zod in a NestJS project.
- Validation pipe on data
- Patch to Swagger module
Installation
@anatine/zod-openapi, openapi3-ts, and zod are peer dependencies instead of dependant packages.
While zod is necessary for operation, openapi3-ts is for type-casting. @anatine/zod-openapi does the actual conversion
1npm install openapi3-ts zod @anatine/zod-openapi @anatine/zod-nestjs
Usage
Generate a schema
Use Zod to generate a schema. Additionally, use @anatidae/zod-openapi to extend a schema for OpenAPI and Swagger UI.
Example schema:
1import { createZodDto } from '@anatine/zod-nestjs'; 2import { extendApi } from '@anatine/zod-openapi'; 3import { z } from 'zod'; 4export const CatZ = extendApi( 5 z.object({ 6 name: z.string(), 7 age: z.number(), 8 breed: z.string(), 9 }), 10 { 11 title: 'Cat', 12 description: 'A cat', 13 } 14); 15export class CatDto extends createZodDto(CatZ) {} 16export class UpdateCatDto extends createZodDto(CatZ.omit({ name: true })) {} 17export const GetCatsZ = extendApi( 18 z.object({ 19 cats: extendApi(z.array(z.string()), { description: 'List of cats' }), 20 }), 21 { title: 'Get Cat Response' } 22); 23export class GetCatsDto extends createZodDto(GetCatsZ) {} 24export const CreateCatResponseZ = z.object({ 25 success: z.boolean(), 26 message: z.string(), 27 name: z.string(), 28}); 29export class CreateCatResponseDto extends createZodDto(CreateCatResponseZ) {} 30export class UpdateCatResponseDto extends createZodDto( 31 CreateCatResponseZ.omit({ name: true }) 32) {}
Use the schema in your controller
This follows the standard NestJS method of creating controllers.
@nestjs/swagger decorators should work normally.
Example Controller
1import { ZodValidationPipe } from '@anatine/zod-nestjs'; 2import { 3 Body, 4 Controller, 5 Get, 6 Param, 7 Patch, 8 Post, 9 UsePipes, 10} from '@nestjs/common'; 11import { ApiCreatedResponse } from '@nestjs/swagger'; 12import { 13 CatDto, 14 CreateCatResponseDto, 15 GetCatsDto, 16 UpdateCatDto, 17 UpdateCatResponseDto, 18} from './cats.dto'; 19@Controller('cats') 20@UsePipes(ZodValidationPipe) 21export class CatsController { 22 @Get() 23 @ApiCreatedResponse({ 24 type: GetCatsDto, 25 }) 26 async findAll(): Promise<GetCatsDto> { 27 return { cats: ['Lizzie', 'Spike'] }; 28 } 29 @Get(':id') 30 @ApiCreatedResponse({ 31 type: CatDto, 32 }) 33 async findOne(@Param() { id }: { id: string }): Promise<CatDto> { 34 return { 35 name: `Cat-${id}`, 36 age: 8, 37 breed: 'Unknown', 38 }; 39 } 40 @Post() 41 @ApiCreatedResponse({ 42 description: 'The record has been successfully created.', 43 type: CreateCatResponseDto, 44 }) 45 async create(@Body() createCatDto: CatDto): Promise<CreateCatResponseDto> { 46 return { 47 success: true, 48 message: 'Cat created', 49 name: createCatDto.name, 50 }; 51 } 52 @Patch() 53 async update( 54 @Body() updateCatDto: UpdateCatDto 55 ): Promise<UpdateCatResponseDto> { 56 return { 57 success: true, 58 message: `Cat's age of ${updateCatDto.age} updated`, 59 }; 60 } 61}
NOTE: Responses have to use the ApiCreatedResponse decorator when using the @nestjs/swagger module.
Set up your app
Patch the swagger so that it can use Zod types before you create the document.
Example Main App
1import { Logger } from '@nestjs/common'; 2import { NestFactory } from '@nestjs/core'; 3import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger'; 4import { CatsModule } from './app/cats.module'; 5import { patchNestjsSwagger } from '@anatine/zod-nestjs'; 6async function bootstrap() { 7 const app = await NestFactory.create(CatsModule); 8 const globalPrefix = 'api'; 9 app.setGlobalPrefix(globalPrefix); 10 const config = new DocumentBuilder() 11 .setTitle('Cats example') 12 .setDescription('The cats API description') 13 .setVersion('1.0') 14 .addTag('cats') 15 .build(); 16 patchNestjsSwagger(); // <--- This is the hacky patch using prototypes (for now) 17 const document = SwaggerModule.createDocument(app, config); 18 SwaggerModule.setup('api', app, document); 19 const port = process.env.PORT || 3333; 20 await app.listen(port, () => { 21 Logger.log('Listening at http://localhost:' + port + '/' + globalPrefix); 22 }); 23} 24bootstrap();
Future goals
- Remove dependency on
@nestjs/swaggerby providing a Swagger UI. - Expand to create an express-only wrapper (without NestJS)
- Auto generate client side libs with Zod validation.
Credits
-
zod-dto
Extensive use and inspiration from zod-dto.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
Found 12/20 approved changesets -- score normalized to 6
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/pr_on_master.yml:1
- Warn: no topLevel permission defined: .github/workflows/pre-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_on_master.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/pr_on_master.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_on_master.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/pr_on_master.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/pre-publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/pre-publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/anatine/zod-plugins/publish.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/pr_on_master.yml:44
- Warn: npmCommand not pinned by hash: .github/workflows/pre-publish.yml:46
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:46
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-cj7v-w2c7-cp7c
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-44fp-w29j-9vj5
- Warn: Project is vulnerable to: GHSA-4pg4-qvpc-4q3h
- Warn: Project is vulnerable to: GHSA-g5hg-p3ph-g8qg
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More