🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

nexus-validate-zod

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nexus-validate-zod

Validation using Zod package for Nexus.

1.5.5
latest
Source
npm
Version published
Weekly downloads
134
-11.26%
Maintainers
1
Weekly downloads
 
Created
Source

nexus-validate-zod

npm npm bundle size

Add extra validation to GraphQL Nexus in an easy and expressive way.

const UserMutation = extendType({
  type: 'Mutation',
  definition(t) {
    t.field('createUser', {
      type: 'User',

      // add arguments
      args: {
        email: stringArg(),
        age: intArg(),
      },

      // add the extra validation
      validate: {
        email: z.string().email(),
        age: z.number().min(18),
      },
    });
  },
});

Documentation

Installation

# npm
npm i nexus-validate-zod zod


# yarn
yarn add nexus-validate-zod zod


# pnpm
pnpm add nexus-validate-zod zod

nexus-validate-zod uses zod under the hood so you need to install that too. nexus and graphql are also required, but if you are using Nexus then both of those should already be installed.

Add the plugin to Nexus:

Once installed you need to add the plugin to your nexus schema configuration:

import { makeSchema } from 'nexus';
import { validatePlugin } from 'nexus-validate-zod';

const schema = makeSchema({
  ...
  plugins: [
    ...
    validatePlugin(),
  ],
});

Usage

The validate method can be added to any field with args:

const UserMutation = extendType({
  type: 'Mutation',
  definition(t) {
    t.field('createUser', {
      type: 'User',
      args: {
        email: stringArg(),
      },
      validate: {
        // validate that email is an actual email
        email: z.string().email(),
      },
    });
  },
});

Trying to call the above with an invalid email will result in the following error:

{
  "errors": [
    {
      "message": "Validation failed",
      "extensions": {
        "validationErrors": {
            "email": "Invalid email"
        },
        "code": "BAD_USER_INPUT"
      }
      ...
    }
  ]
}

Custom validations

If you don't want to use the built-in validation rules, you can roll your own by throwing an error if an argument is invalid, and returning void if everything is OK.

import { UserInputError } from 'nexus-validate';
t.field('createUser', {
  type: 'User',
  args: {
    email: stringArg(),
  },
  // use args and context to check if email is valid
  validate(args, context) {
    if (args.email !== context.user.email) {
      throw new UserInputError('not your email', {
        invalidArgs: ['email'],
      });
    }
  },
});

Custom errors

The plugin provides a formatError option where you can format the error however you'd like:

import { UserInputError } from 'apollo-server';
import { validatePlugin, ValidationError } from 'nexus-validate';

const schema = makeSchema({
  ...
  plugins: [
    ...
    validatePlugin({
      formatError: ({ error }) => {
        if (error instanceof ZodError) {
          // convert error to UserInputError from apollo-server
          return new UserInputError("Your custom error message", {
            validationErrors: { ... },
          });
        }

        return error;
      },
    }),
  ],
});

Custom error messages

If you want to change the error message for the validation rules, that's usually possible by passing a message to the rule:

validate: {
  email: z
          .string({
            required_error: 'Email is required',
          })
          .email('Email must be valid email'),
};

API

validate(args: Args, ctx: Context) => Promise<ValidationSchema | boolean>

Args

The Args argument will return whatever you passed in to args in your field definition:

t.field('createUser', {
  type: 'User',
  args: {
    email: stringArg(),
    age: numberArg(),
  },
  // email and age will be typed as a string and a number
  validate: ({ email, age }) => {}
}

Context

Context is your GraphQL context, which can give you access to things like the current user or your data sources. This will let you validation rules based on the context of your API.

t.field('createUser', {
  type: 'User',
  args: {
    email: stringArg(),
  },
  validate: async ({ email }, { prisma }) => {
    const count = await prisma.user.count({ where: { email } });
    if (count > 1) {
      throw new Error('email already taken');
    }
  },
});

Examples

FAQs

Package last updated on 30 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban

Research

Security News

Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban

Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.

By Kirill Boychenko  -  Jun 03, 2025