Gathering detailed insights and metrics for superstruct
Gathering detailed insights and metrics for superstruct
Gathering detailed insights and metrics for superstruct
Gathering detailed insights and metrics for superstruct
@hookform/resolvers
React Hook Form validation resolvers: Yup, Joi, Superstruct, Zod, Vest, Class Validator, io-ts, Nope, computed-types, TypeBox, arktype, Typanion, Effect-TS and VineJS
@janiscommerce/superstruct
![Build Status](https://github.com/janis-commerce/superstruct/workflows/Build%20Status/badge.svg) [![Coverage Status](https://coveralls.io/repos/github/janis-commerce/superstruct/badge.svg?branch=master)](https://coveralls.io/github/janis-commerce/superst
@portive/api-types
Useful TypeScript types and SuperStruct Structs for interacting with the Portive's cloud services for open source components.
@felte/validator-superstruct
A package to use Superstruct validation with Felte
A simple and composable way to validate data in JavaScript (and TypeScript).
npm install superstruct
99.3
Supply Chain
99.6
Quality
83.1
Maintenance
100
Vulnerability
100
License
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
7,032 Stars
957 Commits
225 Forks
43 Watching
9 Branches
67 Contributors
Updated on 28 Nov 2024
Minified
Minified + Gzipped
TypeScript (99.67%)
JavaScript (0.33%)
Cumulative downloads
Total Downloads
Last day
-13.7%
324,341
Compared to previous day
Last week
2.3%
1,846,900
Compared to previous week
Last month
12.8%
7,613,100
Compared to previous month
Last year
27.4%
72,424,224
Compared to previous year
A simple and composable way
to validate data in JavaScript (and TypeScript).
Usage • Why? • Principles • Demo • Examples • Documentation
Superstruct makes it easy to define interfaces and then validate JavaScript data against them. Its type annotation API was inspired by Typescript, Flow, Go, and GraphQL, giving it a familiar and easy to understand API.
But Superstruct is designed for validating data at runtime, so it throws (or returns) detailed runtime errors for you or your end users. This is especially useful in situations like accepting arbitrary input in a REST or GraphQL API. But it can even be used to validate internal data structures at runtime when needed.
Superstruct allows you to define the shape of data you want to validate:
1import { assert, object, number, string, array } from 'superstruct' 2 3const Article = object({ 4 id: number(), 5 title: string(), 6 tags: array(string()), 7 author: object({ 8 id: number(), 9 }), 10}) 11 12const data = { 13 id: 34, 14 title: 'Hello World', 15 tags: ['news', 'features'], 16 author: { 17 id: 1, 18 }, 19} 20 21assert(data, Article) 22// This will throw an error when the data is invalid. 23// If you'd rather not throw, you can use `is()` or `validate()`.
Superstruct ships with validators for all the common JavaScript data types, and you can define custom ones too:
1import { is, define, object, string } from 'superstruct' 2import isUuid from 'is-uuid' 3import isEmail from 'is-email' 4 5const Email = define('Email', isEmail) 6const Uuid = define('Uuid', isUuid.v4) 7 8const User = object({ 9 id: Uuid, 10 email: Email, 11 name: string(), 12}) 13 14const data = { 15 id: 'c8d63140-a1f7-45e0-bfc6-df72973fea86', 16 email: 'jane@example.com', 17 name: 'Jane', 18} 19 20if (is(data, User)) { 21 // Your data is guaranteed to be valid in this block. 22}
Superstruct can also handle coercion of your data before validating it, for example to mix in default values:
1import { create, object, number, string, defaulted } from 'superstruct' 2 3let i = 0 4 5const User = object({ 6 id: defaulted(number(), () => i++), 7 name: string(), 8}) 9 10const data = { 11 name: 'Jane', 12} 13 14// You can apply the defaults to your data while validating. 15const user = create(data, User) 16// { 17// id: 0, 18// name: 'Jane', 19// }
And if you use TypeScript, Superstruct automatically ensures that your data has proper typings whenever you validate it:
1import { is, object, number, string } from 'superstruct' 2 3const User = object({ 4 id: number(), 5 name: string() 6}) 7 8const data: unknown = { ... } 9 10if (is(data, User)) { 11 // TypeScript knows the shape of `data` here, so it is safe to access 12 // properties like `data.id` and `data.name`. 13}
Superstruct supports more complex use cases too like defining arrays or nested objects, composing structs inside each other, returning errors instead of throwing them, and more! For more information read the full Documentation.
There are lots of existing validation libraries—joi
, express-validator
, validator.js
, yup
, ajv
, is-my-json-valid
... But they exhibit many issues that lead to your codebase becoming hard to maintain...
They don't expose detailed errors. Many validators simply return string-only errors or booleans without any details as to why, making it difficult to customize the errors to be helpful for end-users.
They make custom types hard. Many validators ship with built-in types like emails, URLs, UUIDs, etc. with no way to know what they check for, and complicated APIs for defining new types.
They don't encourage single sources of truth. Many existing APIs encourage re-defining custom data types over and over, with the source of truth being spread out across your entire code base.
They don't throw errors. Many don't actually throw the errors, forcing you to wrap everywhere. Although helpful in the days of callbacks, not using throw
in modern JavaScript makes code much more complex.
They're tightly coupled to other concerns. Many validators are tightly coupled to Express or other frameworks, which results in one-off, confusing code that isn't reusable across your code base.
They use JSON Schema. Don't get me wrong, JSON Schema can be useful. But it's kind of like HATEOAS—it's usually way more complexity than you need and you aren't using any of its benefits. (Sorry, I said it.)
Of course, not every validation library suffers from all of these issues, but most of them exhibit at least one. If you've run into this problem before, you might like Superstruct.
Which brings me to how Superstruct solves these issues...
Customizable types. Superstruct's power is in making it easy to define an entire set of custom data types that are specific to your application, and defined in a single place, so you have full control over your requirements.
Unopinionated defaults. Superstruct ships with native JavaScript types, and everything else is customizable, so you never have to fight to override decisions made by "core" that differ from your application's needs.
Composable interfaces. Superstruct interfaces are composable, so you can break down commonly-repeated pieces of data into components, and compose them to build up the more complex objects.
Useful errors. The errors that Superstruct throws contain all the information you need to convert them into your own application-specific errors easy, which means more helpful errors for your end users!
Familiar API. The Superstruct API was heavily inspired by Typescript, Flow, Go, and GraphQL. If you're familiar with any of those, then its schema definition API will feel very natural to use, so you can get started quickly.
Try out the live demo on CodeSandbox to get an idea for how the API works, or to quickly verify your use case:
Superstruct's API is very flexible, allowing it to be used for a variety of use cases on your servers and in the browser. Here are a few examples of common patterns...
Read the getting started guide to familiarize yourself with how Superstruct works. After that, check out the full API reference for more detailed information about structs, types and errors...
This package is MIT-licensed.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
0 existing vulnerabilities detected
Reason
Found 9/28 approved changesets -- score normalized to 3
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More