next-server-action-validation
Advanced tools
[](https://www.npmjs.com/package/next-server-action-validation) [](https://opensource.org/licenses/MIT)
This package provides an efficient and straightforward method for validating data in NextJS Server Actions. It's designed to ensure that the data passed into server actions is validated on the server side, enhancing the security and reliability of your NextJS applications.
NextJS Server Actions simplify back-end code execution, eliminating the need for manual API route creation. This increases developer productivity. However, they lack a crucial feature: body validation.
Using client-side validation, like Zod.js, is a good practice but it only provides partial security. Client-side validation does not protect your NextJS Server Actions from receiving invalid data directly, posing a potential risk.
The solution to this issue is to integrate body validation within your server actions. This package allows you to use Zod.js schemas in your server actions, providing a robust and secure way to validate data. Additionally, it simplifies error handling by seamlessly communicating validation errors back to the client component.
npm install next-server-action-validation zod
This package uses Zod for runtime validation of data passed into server actions
To protect your server action it needs to be wrapped in the withValidation function together with a Zod.js validation schema.
// server-action.ts
'use server';
import * as z from 'zod';
import { withValidation } from 'next-server-action-validation';
// 1. Create the Validation Schema
const myServerActionSchema = z.object({
name: z.string().min(4)
});
// 2. Wrap your server action in the `withValidation` function
export const myServerAction = withValidation(myServerActionSchema, async (data: { name: string }) => {
console.log(data); // Data is fully typesafe
return true;
});
To use your server action and check for validation errors we can simply call our action and pass its result into the isValidationError function. If this function resolves to be truthy the validation failed. From now on the type of our result is a ValidationError which holds all validation errors.
// page.tsx
'use client';
import { useState } from 'react';
import { myServerAction } from '@/app/page.actions';
import { isValidationError } from 'next-server-action-validation';
export default function Home() {
const [myString, setMyString] = useState('');
async function handleSave() {
// 1. Call your server action as normal
const result = await myServerAction({ name: myString });
// 2. Check for validation errors
if (isValidationError(result)) {
// The type of result.errors is an array of `ZodIssues`
// which we can use to display proper error messages
console.log(result.errors);
// 3. Return out of the function
return;
}
// 4. Proceed as normal
console.log('We passed correct data!');
}
return (
<main>
<Input onChange={e => setMyString(e.target.value)} />
<Button onClick={handleSave}>Save</Button>
</main>
);
}
withValidationValidates data using a Zod schema and, if valid, executes a specified function.
function withValidation<T, F extends (_data: T) => any>(
schema: ZodSchema<T>,
func: F
): F | ((data: T) => Promise<ValidationError>);
schema: The Zod schema to validate the data against.func: The function to execute if the data is valid. This function should accept one argument of type T.The withValidation function is designed to facilitate the validation of data using a Zod schema before executing a specific function. It ensures that the provided function func is only called if the data satisfies the schema validation. In cases where the data fails the validation, a ValidationError object is returned, simplifying the error handling process.
isValidationErrorChecks if a given object is an instance of ValidationError.
function isValidationError(obj: any): boolean;
obj: The object to be checked.boolean: Returns true if the object is an instance of ValidationError, otherwise false.ValidationErrorA type representing a validation error, typically used in conjunction with validation functions.
export type ValidationError = {
isValidationError: boolean;
errors: ZodIssue[];
};
FAQs
[](https://www.npmjs.com/package/next-server-action-validation) [](https://opensource.org/licenses/MIT)
The npm package next-server-action-validation receives a total of 12 weekly downloads. As such, next-server-action-validation popularity was classified as not popular.
We found that next-server-action-validation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.