Gathering detailed insights and metrics for zod-express-guard
Gathering detailed insights and metrics for zod-express-guard
Small package intended to use zod to make express request type-safe.
Installations
npm install zod-express-guardDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=16
Node Version
19.9.0
NPM Version
9.6.3
Releases
6
Languages
2
TypeScript
JavaScript
TypeScript (95.89%)
JavaScript (4.11%)
Developer
roziscoding
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
GPL-3.0 License
24 Stars
35 Commits
1 Forks
1 Watchers
1 Branches
2 Contributors
Updated on Aug 23, 2024
Maintainers
1
Package Meta Information
Latest Version
1.0.7
Package Id
zod-express-guard@1.0.7
Unpacked Size
45.76 kB
Size
15.61 kB
File Count
7
NPM Version
9.6.3
Node Version
19.9.0
Published on
Oct 09, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
3
Dev Dependencies
22
zod-express-guard
Small package intended to use zod to make express request type-safe.
Installation
Just install with your favorite package manager:
npm i zod-express-guard
Zod, Express and @types/express are peer dependencies, so you can change versions without having to wait for me to update this library. Newer versions of npm resolve these by default, but you can do it manually like this:
npm i -D @types/express && npm i express zod
Usage
This library exposes four validation functions, and three of them are shortcuts that end up calling the first one.
All functions support async middlewares and will catch async errors.
validate
This is the main function. It receives an object with the Zod schemas for what you want to validate,
together with the middleware you want to guard. If validation passes, your middleware will be called
with type-safe req properties. If validation fails, next will be called containg and instance of
ZodError
Example:
1// routes/login.ts 2import z from 'zod' 3import { validate } from 'zod-express-guard' 4 5export default validate( 6 { 7 body: z.object({ 8 login: z.string().nonempty(), 9 password: z.string().nonempty() 10 }) 11 }, 12 (req, res) => { 13 // req.body has the type { login: string, password: string } 14 // req.query and req.params have type unknown, since they were not validated 15 res.status(200).json({ message: 'Validation passed' }) 16 } 17)
You can pass up to three properties to the first parameter: body, query and params, each one
validates its respective property inside req
validateBody, validateQuery and validateParams
These three functions serve as shortcuts when you only want to validate a single property inside
req. This is useful for our login middleware in the previous example:
1// routes/login.ts 2 3import z from 'zod' 4import { validateBody } from 'zod-express-guard' 5 6export default validateBody( 7 z.object({ 8 login: z.string().nonempty(), 9 password: z.string().nonempty() 10 }), 11 (req, res) => { 12 // req.body has the type { login: string, password: string } 13 // req.query and req.params have type unknown, since they were not validated 14 res.status(200).json({ message: 'Validation passed' }) 15 } 16)
validateQuery and validateParams work similarly, but for req.query and req.params,
respectively.
Note that, when using a shortcut function, only one of the three properties will be validated and
made acessible, and the other two will have type unknown
Contributing
Environment setup
Clone this and run npm install on the root.
Making changes
Please make sure you modify the tests to reflect any changes you add.
Use npx gitmoji -c to commit, and follow existing commit patterns
Running tests
Simply run npm test after running npm install.
The package.json already specifies a pretest script that will run a clean build before testing.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/roziscoding/zod-express-guard/publish.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 1/21 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
24 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More