Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
ajv-formats
Advanced tools
The ajv-formats package provides support for string formats in JSON Schema validation using the AJV validator. It includes various string formats for date-time, email, hostname, ipv4, ipv6, uri, uri-reference, uuid, and more, which can be used to validate data against specific format requirements.
Date-time format validation
Validates that a string is a valid date-time representation according to the format specified in the JSON Schema.
{"type":"string","format":"date-time"}
Email format validation
Validates that a string is a valid email address.
{"type":"string","format":"email"}
URI format validation
Validates that a string is a valid URI.
{"type":"string","format":"uri"}
UUID format validation
Validates that a string is a valid UUID.
{"type":"string","format":"uuid"}
The jsonschema package is a JSON Schema validator that also provides format validation. It supports similar functionalities to ajv-formats but is implemented in a different way and may have different performance characteristics.
tv4 is a tiny validator for JSON Schema v4. Like ajv-formats, it can validate formats specified in a JSON Schema, but it is less feature-rich and not as actively maintained as AJV.
Joi is a powerful schema description language and data validator for JavaScript. Unlike ajv-formats, Joi does not use JSON Schema but instead provides its own schema definition language, which can be more expressive and easier to use for some developers.
JSON Schema formats for Ajv
import Ajv from "ajv"
import addFormats from "ajv-formats"
const ajv = new Ajv()
addFormats(ajv)
The package defines these formats:
See regular expressions used for format validation and the sources that were used in formats.ts.
Please note: JSON Schema draft-07 also defines formats iri
, iri-reference
, idn-hostname
and idn-email
for URLs, hostnames and emails with international characters. These formats are available in ajv-formats-draft2019 plugin.
Options can be passed via the second parameter. Options value can be
addFormats(ajv, ["date", "time"])
Please note: when ajv encounters an undefined format it throws exception (unless ajv instance was configured with strict: false
option). To allow specific undefined formats they have to be passed to ajv instance via formats
option with true
value:
const ajv = new Ajv((formats: {date: true, time: true})) // to ignore "date" and "time" formats in schemas.
"full"
) with optional list of format names:addFormats(ajv, {mode: "fast"})
or
addFormats(ajv, {mode: "fast", formats: ["date", "time"]})
In "fast"
mode the following formats are simplified: "date"
, "time"
, "date-time"
, "uri"
, "uri-reference"
, "email"
. For example "date"
, "time"
and "date-time"
do not validate ranges in "fast"
mode, only string structure, and other formats have simplified regular expressions.
npm install
git submodule update --init
npm test
FAQs
Format validation for Ajv v7+
The npm package ajv-formats receives a total of 18,102,948 weekly downloads. As such, ajv-formats popularity was classified as popular.
We found that ajv-formats demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.