express-zod-api - npm Package Versions

v20.19.0

• Configuring built-in logger made optional:
  • Built-in logger configuration option level made optional as well as the logger option for createConfig();
  • Using debug level by default, or warn when NODE_ENV=production.
• Fixed performance issue on BuiltinLogger when its color option is not set in config:
  • .child() method is 50x times faster now by only detecting the color support once;
  • Color autodetection was introduced in v18.3.0.

v20.18.0

• Introducing ensureHttpError() method that converts any Error into HttpError:
  • It converts InputValidationError to BadRequest (status code 400) and others to InternalServerError (500).
• Deprecating getStatusCodeFromError() — use the ensureHttpError().statusCode instead.
• Generalizing server-side error messages in production mode by default:
  • This feature aims to improve the security of your API by not disclosing the exact causes of errors;
  • Applies to defaultResultHandler, defaultEndpointsFactory and Last Resort Handler only;
  • When NODE_ENV is set to production (displayed on startup);
  • Instead of actual message the default one associated with the corresponding statusCode used;
  • Server-side errors are those having status code 5XX, or treated that way by ensureHttpError();
  • You can control that behavior by throwing errors using createHttpError() and using its expose option;
  • More about production mode and how to activate it: https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production

import createHttpError from "http-errors";
// NODE_ENV=production
// Throwing HttpError from Endpoint or Middleware that is using defaultResultHandler or defaultEndpointsFactory:
createHttpError(401, "Token expired"); // —> "Token expired"
createHttpError(401, "Token expired", { expose: false }); // —> "Unauthorized"
createHttpError(500, "Something is broken"); // —> "Internal Server Error"
createHttpError(501, "We didn't make it yet", { expose: true }); // —> "We didn't make it yet"

v20.17.0

• Added cause property to DocumentationError;
• Log all server side errors (status codes >= 500) and in full (not just the message).

v20.16.0

• Deprecating originalError property on both InputValidationError and OutputValidationError:
  • Use cause property instead;
  • Those error classes are publicly exposed for developers making custom Result Handlers.

  const error = new InputValidationError(new z.ZodError([]));
- logger.error(error.originalError.message);
+ logger.error(error.cause.message);

v20.15.3

• Merge intersected object types in generated client:
  • This fixes "empty object" intersection problem for endpoints having middlwares without inputs.

- type GetV1UserRetrieveInput = {} & {
+ type GetV1UserRetrieveInput = {
    /** a numeric string containing the id of the user */
    id: string;
  };

v20.15.2

• Fixed duplicated client types in unions:
  • When splitResponse option is disabled on Integration primitive response types could have been duplicated.

- type GetV1AvatarSendResponse = string | string;
+ type GetV1AvatarSendResponse = string;

v20.15.1

• Deprecating serializer property on Documentation and Integration constructor argument:
  • That property was introduced in v9.3.0 and utilized for comparing schemas in order to handle possible circular references within z.lazy();
  • The property is no longer in use and will be removed in version 21.

v20.15.0

• Feat: warn about potentially unserializable schema used for JSON operating endpoints:
  • This version will warn you if you're using a schema that might not work in request or response, in particular:
    • Generally unserializable objects: z.map(), z.set(), z.bigint();
    • JSON incompatible entities: z.never(), z.void(), z.promise(), z.symbol(), z.nan();
    • Non-revivable in request: z.date();
    • Incorrectly used in request: ez.dateOut();
    • Incorrectly used in response: ez.dateIn(), ez.upload(), ez.raw();
  • The feature suggested by @t1nky.