Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
fastify-typebox
Advanced tools
Install
$ npm install fastify-typebox --save
Overview
This library provides enhanced TypeBox support for Fastify. It enables automatic type inference for Fastify requests with no additional type hinting required. This library achieves this by remapping the Fastify interface using TypeScript conditional types only. It reconstructs Fastify Request and Reply types making them fully TypeBox aware.
IMPORTANT: This project is intended to serve as prototype for exploring various static type inference possibilities in Fastify. It was developed to test TypeScript inference performance and static type checking behaviours. It is not recommended to take this project as a dependency, instead consider the upcoming
Type Providerfunctionality due to release in Fastify version 4.0.
Requires TypeScript 4.3.5 and above.
License MIT
Contents
Usage
The following demonstrates general usage.
import Fastify, { Type } from 'fastify-typebox'
const fastify = Fastify()
fastify.post('/users/:userId', {
schema: {
body: Type.Object({
x: Type.Number(),
y: Type.Number()
}),
response: {
200: Type.Object({
result: Type.Number()
})
}
}
}, (request, reply) => {
// -------------------------------------
// Requests
// -------------------------------------
// type Params = { userId: string }
const { userId } = request.params
// type Body = { x: number, y: number }
const { x, y } = request.body
// -------------------------------------
// Replies
// -------------------------------------
// type Response = { 200: { result: number } }
reply.send({ result: 100 }) // error: no status code specified
reply.status(400).send({ result: 42 }) // error: 400 status code not defined
reply.status(200).send({ result: '42' }) // error: result type is not number
reply.status(200).send({ result: x + y }) // ok: !
})
Request
Request handling should work inline with Fastify, However you must supply schemas as TypeBox types. Fastify TypeBox will then automatically infer the correct types in the Fastify route handlers. Request hooks are not supported.
fastify.get('/records', {
schema: {
querystring: Type.Object({
offset: Type.Integer({ minimum: 0 }),
limit: Type.Integer({ maximum: 64 }),
}),
response: {
200: Type.Array(
Type.Object({
id: Type.String({format: 'uuid' }),
email: Type.String({format: 'email' })
})
)
}
}
}, async (request, reply) => {
const { offset, limit } = request.query
const records = await get(offset, limit)
reply.status(200).send(records)
})
Params
Fastify TypeBox supports automatic param inference from urls. Param properties are always inferred as strings.
fastify.get('/users/:userId', (request, reply) => {
const { userId } = request.params // userId is string
})
Reply
Fastify TypeBox implements static type checking which is derived from the status codes specified for a route. Users must call status(...) prior to calling send(...) where the specified status code is used to select the appropriate response schema.
fastify.get('/action', {
schema: {
response: {
200: Type.String(),
401: Type.Boolean(),
500: Type.Number(),
}
}
}, (request, reply) => {
reply.status(200).send('ok') // must be string
reply.status(401).send(false) // must be boolean
reply.status(500).send(42) // must be number
})
Plugins
Fastify TypeBox provides mappings for Fastify plugins. To enable type inference for the plugin, specify FastifyTypeBoxInstance instead of FastifyInstance for the instance parameter type.
import { FastifyTypeBoxInstance } from 'fastify-typebox'
async function MyPlugin(instance: FastifyTypeBoxInstance, options: { config: any }) {
instance.get('/hello', (request, reply) => reply.send('world'))
}
...
fastify.register(MyPlugin, { config: 'xyz' })
FAQs
Enhanced TypeBox support for Fastify
The npm package fastify-typebox receives a total of 7 weekly downloads. As such, fastify-typebox popularity was classified as not popular.
We found that fastify-typebox demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Nov 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025