Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Meaningful Error Validation for everyone.
import { createValidationSchema } from 'mev';
const userSchema = createValidationSchema()
.addField('username', f => f
.string()
.addRule(r => r.minLength(5))
.addRule(r => r.maxLength(10))
.addRule(r => r.lowercase())
)
.addField('age', f => f
.number()
.addRule(r => r.min(0))
);
// { success: true }
userSchema.run({ username: 'myusername', age: 5 });
Install using your favourite JavaScript package manager.
$ npm install mev
$ yarn add mev
Rule
A rule is an atomic validation test which when tested either passes or provides a description of the failed test.
This description is the key to the purpose of this library. It is written by you, ready to be passed back up your stack and straight to the user. When unspecified, a test description and title may be generated.
import { createValidationRule } from 'mev';
const rule = createValidationRule()
.title('too long')
.description('must be no longer than 5')
.addTestFunction(e => e.length <= 5);
rule.test('short');
// { success: true }
rule.test('not short');
// { title: 'too long', description: 'must be no longer than 5' }
Here the addTestFunction
method is being used to specify the validation test. Each rule may have as many tests as desired, however it is recommended to keep rules atomic for more specific error messages.
Mev has many built in methods for testing data. These are specific to the data type being tested, and as such there is an extension of Rule
for each primitive data type string
, number
& boolean
.
StringRule
Calling the string
method first in the chain will give the chain access to each of the test methods provided in StringRule
. Here maxLength
is being used to replace the test function written above.
import { createValidationRule } from 'mev';
const rule = createValidationRule()
.string()
.title('too long')
.description('must be no longer than 5')
.maxLength(5);
rule.test('short');
// { success: true }
rule.test('not short');
// { title: 'too long', description: 'must be no longer than 5' }
maxLength(n)
- fails when the test input has a length greater than n
minLength(n)
- fails when the test input has a length smaller than n
blacklist(list)
- fails when the test input contains one or more element in list
as a substringuppercase()
- fails when the test input contains any lowercase letterslowercase()
- fails when the test input contains any uppercase lettersalphanumeric()
- fails when the test input contains any character other than a letter or numberregex(r)
- fails when the regular expression r
fails on the test inputNumberRule
Calling the number
method first in the chain will give the chain access to each of the test methods provided in NumerRule
.
import { createValidationRule } from 'mev';
const rule = createValidationRule()
.number()
.title('too big')
.description('must not be larger than 5')
.max(5);
rule.test(3);
// { success: true }
rule.test(6);
// { title: 'too big', description: 'must not be larger than 5' }
max(n)
- fails when the test input is greater than n
min(n)
- fails when the test input is less than n
closedMax(n)
- see max(n)
closedMin(n)
- see max(n)
openMax(n)
- fails when the test input is greater than or equal to n
openMin(n)
- fails when the test input is less than or equal to n
closedInterval(min, max)
- fails when the test input is outside of the interval [min
, max
]openInterval(min, max)
- fails when the test input is outside of the interval (min
, max
)BooleanRule
Calling the boolean
method first in the chain will give the chain access to each of the test methods provided in BooleanRule
.
import { createValidationRule } from 'mev';
const rule = createValidationRule()
.boolean()
.title('truthy')
.description('must be truthy')
.true();
rule.test(true);
// { success: true }
rule.test(false);
// { title: 'truthy', description: 'must be truthy' }
true()
- fails when the test input is falsefalse()
- fails when the test input is trueField
A field is a collection of rules, typically pertaining to the same data type. Rules are either added as an object, or through a callback function.
When a field is tested, each of the rules are tested with the provided data and either a success flag is returned, or an array of errors from each failing test.
import { createValidationRule, createValidationField } from 'mev';
const rule = createValidationRule()
.title('too long')
.description('must be no longer than 5')
.addTestFunction(e => e.length <= 5);
const field = createValidationField()
.addRule(rule)
.addRule(r => r
.title('odd length')
.description('must have an even length')
.addTestFunction(e => e.length % 2 === 0)
);
field.test('pass');
// { success: true }
field.test('failure');
// { errors: [
// { title: 'too long', description: 'must be no longer than 5' },
// { title: 'odd length', description: 'must have an even length' }
// ] }
As with Rule
, fields may be associated with one of the primitive data types string
, number
or boolean
. Once again this must be placed first in the chain, and once it has been used then all rules will have access to the test methods associated with that type.
import { createValidationField } from 'mev';
const field = createValidationField()
.string()
.addRule(r => r
.title('too long')
.description('must not be longer than 5')
.maxLength(5)
)
Here the value of r
being passed into the callback of addRule
will be an instance of StringRule
, and therefore has access to the method maxLength
.
It is important to note that if the value passed into addRule
is a rule instead of a function, then it will not have access to the methods of field type and the type will have to be stated explicitly in the rule.
Schema
A schema is a collection of fields and other schemas, similar to how a Field
is a collection of Rule
s. When a schema is tested against an input object, each field is tested, and the error from each failing test is reduced into a single array. Once again, if no rules have failed, then a success flag will be returned.
The addField
method is used to add a new field to a schema. The first argument is the name of the field and the second argument takes either a field object or a callback function which is passed a new field object.
import { createValidationField, createValidationSchema } from 'mev';
const usernameField = createValidationField()
.string()
.addRule(r => r
.title('invalid character')
.description('usernames must only contain letters and numbers')
.alphanumeric()
)
.addRule(r => r
.title('invalid length')
.description('usernames must be between 2 and 15 characters long')
.minLength(2)
.maxLength(15)
);
const schema = createValidationSchema()
.addField('age', f => f
.number()
.addRule(r => r
.title('negative age')
.description('an age must be greater than 0')
.min(0)
)
)
.addField('username', usernameField);
schema.test({ age: 4, username: 'myusername' });
// { success: true }
schema.test({ age: -4, username: 'invalid username' })
// { errors: [
// { fieldName: 'age',
// title: 'negative age',
// description: 'an age must be greater than 0' },
// { fieldName: 'username',
// title: 'invalid character',
// description: 'usernames must only contain letters and numbers' },
// { fieldName: 'username',
// title: 'invalid length',
// description: 'usernames must be between 2 and 15 characters long' }
// ]}
When rules fail in a schema, the fieldName
is also included in the error object.
Schema
has the method addSchemaField
which is similar to addField
except the second argument takes a schema object or callback passing a schema object. This allows nested schema validation.
import { createSchemaValidation } from 'mev';
import userSchema from './user';
const schema = createValidationSchema()
.addSchemaField('user', userSchema)
.addSchemaField('testInfo', s => s
.addField('score', f => f
.number()
.addRule(r => r
.title('out of range')
.description('out of test score range of 1-100')
.closedInterval(0, 100)
)
)
);
schema.test({
user: { username: 'myUsername', age: 32 },
testInfo: { score: 40 },
});
// { success: true }
schema.test({
user: { username: 'invalid username', age: 32 },
testInfo: { score: 1000 },
});
// { errors: [
// { parent: 'user',
// fieldName: 'username',
// title: 'invalid character',
// description: 'usernames must only contain letters and numbers' },
// { parent: 'user',
// fieldName: 'username',
// title: 'invalid length',
// description: 'usernames must be between 2 and 15 characters long' },
// { parent: 'testInfo',
// fieldName: 'score',
// title: 'out of range',
// description: 'out of test score range of 1-100' }
// ]}
When rules fail in a nested schema, the fieldName
and parent
schema are also included in the error object.
Provided are methods for determining the outcome of a validation test.
This allows type knowledge of the result which is essential in TypeScript and useful for the type knowledge in your IDE.
isSuccess
& isError
import { isSuccess, isError, createValidationSchema } from 'mev';
const schema = createValidationSchema()
.addField('age', f => f
.number()
.addRule(r => r
.title('negative age')
.description('an age must be greater than 0')
.min(0)
)
);
const result = schema.test({ age: 32 });
if (isSuccess(result)) {
// will have access to result.success
} else {
// will have access to result.errors
}
if (isError(result)) {
// will have access to result.errors
} else {
// will have access to result.success
}
FAQs
Another validator..
The npm package mev receives a total of 3 weekly downloads. As such, mev popularity was classified as not popular.
We found that mev demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.