Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
remix-params-helper
Advanced tools
This package makes it simple to use Zod with standard URLSearchParams and FormData which are typically used in Remix apps.
This package makes it simple to use Zod with standard URLSearchParams and FormData which are typically used in Remix apps.
Helper no longer requires explicit types on helper. Thanks @zolrath. This will definitely cut down on the boilerplate.
This package is still work in progress. I'll be refining the API and fixing the TypeScript types.
npm install remix-params-helper zod
Zod is a peer dependency
Zod is used to validate untyped data and either return a valid object or a list of errors encounted.
To use the helper, first define your Zod schema. It also supports nested objects and arrays.
const ParamsSchema = z.object({
a: z.number(),
b: z.string(),
c: z.boolean(),
d: z.string().optional(),
e: z.array(z.number()),
})
getParams(params, schema)
This function is used to parse and validate data from URLSearchParams
, FormData
, or Remix params
object.
It returns an object that has success
property. If result.success
is true
then result.data
will be a valid object of type T
, inferred from your Zod schema.
Otherwise, result.errors
will be an object with keys for each property that failed validation. The key value will be the validation error message.
NOTE: Error messages will now return the message from directly Zod. You can customize the error message in your Zod schema Zod Custom Error Messages
If the validation returns multiple errors for the same key, it will return an array, otherwise it will be a string.
errors[key] = 'message'
errors[key] = ['message 1', 'message 2']
Unlike Object.fromEntries()
, this function also supports multi-value keys and will convert them to an array. So e=1&e=2&e=3
will convert it to e: [1,2,3]
const url = new URL(request.url)
const result = getParams(url.searchParams, ParamsSchema)
if (!result.success) {
throw new Response(result.errors, { status: 400 })
}
// these variables will be typed and valid
const { a, b, c, d, e } = result.data
getSearchParams(request, schema)
This helper function is used to parse and validate URLSearchParams
data from the Request
found in the Remix action/loader, it returns the same result values as getParams
.
const result = getSearchParams(request, ParamsSchema)
if (!result.success) {
return json(result.errors, { status: 400 })
}
// these variable will be typed and valid
const { a, b, c, d, e } = result.data
getFormData(request, schema)
This helper function is used to parse and validate FormData
data from the Request
found in the Remix action/loader, it returns the same result values as getParams
.
const result = await getFormData(request, ParamsSchema)
if (!result.success) {
return json(result.errors, { status: 400 })
}
// these variables will be typed and valid
const { a, b, c, d, e } = result.data
*OrFail()
versions of the helpersThe functions getParamsOrFail()
, getFormDataOrFail()
, getSearchParamsOrFail()
will throw an Error
when parsing fails. Since the helper can only
return a valid result, the return value is always the data.
// returns valid data that can be destructured or Error is thrown
const { a, b, c, d, e } = await getFormDataOrFail(request, ParamsSchema)
NOTE: Although we provide these helpers, it is recommended that you return errors instead of throwing. Form validation is typically an expected error. Throwing
Error
should be reserved for unexpected errors.
Input names should be dot-separated (e.g, address.street
). Array names can include
the square brackets (e.g., favoriteFoods[]
). These are optional. The helper will
correctly determine if the value is an array.
describe('test nested objects and arrays', () => {
it('should validate nested object', () => {
const mySchema = z.object({
name: z.string(),
address: z.object({
street: z.string(),
city: z.string(),
state: z.string(),
zip: z.string(),
}),
})
const formData = new FormData()
formData.set('name', 'abcdef')
formData.set('address.street', '123 Main St')
formData.set('address.city', 'Anytown')
formData.set('address.state', 'US')
formData.set('address.zip', '12345')
const result = getParams(formData, mySchema)
expect(result.success).toBe(true)
expect(result.data.address.street).toBe('123 Main St')
})
it('should validate arrays with [] syntax', () => {
const mySchema = z.object({
name: z.string(),
favoriteFoods: z.array(z.string()),
})
const formData = new FormData()
formData.set('name', 'abcdef')
formData.append('favoriteFoods[]', 'Pizza')
formData.append('favoriteFoods[]', 'Tacos')
formData.append('favoriteFoods[]', 'Hamburgers')
formData.append('favoriteFoods[]', 'Sushi')
const result = getParams(formData, mySchema)
expect(result.success).toBe(true)
expect(result.data.favoriteFoods?.length).toBe(4)
})
})
useFormInputProps(schema)
This helper allows you to set the props on your form <input/>
based on your Zod schema.
The function returns another function that you use to spread the properties on your input. It currently sets the following props based on the key value you specify. If you need to override any of the props, just add it after you spread.
If the key doesn't exist in the schema, it will throw an error. This way if you rename any properties, it will force you to use the correct key.
This currently uses the native browser validation like required
. I plan on adding enhanced client-side validation that will utilize the same Zod schema.
function Component() {
const inputProps = useFormInputProps(schema)
return (
<Form>
<input ...{inputProps('a')} />
<input ...{inputProps('b')} />
<input ...{inputProps('c')} />
{/* This will throw an error since 'x' is not in schema*/}
<input ...{inputProps('x')} />
</Form>
)
}
There is an example app at https://remix-params-helper.herokuapp.com/
Click on the Actions demo and the URL Params demo to see the helper in action.
Thanks goes to these wonderful people (emoji key):
Kiliman 💻 📖 | Antti 💻 | Matt Furden 💻 | Raúl R Pearson 💻 | Clifford Fajardo 📖 | Benjamin ⚠️ 🐛 | Dusty Doris 💻 🐛 |
This project follows the all-contributors specification. Contributions of any kind welcome!
v0.5.1
FAQs
This package makes it simple to use Zod with standard URLSearchParams and FormData which are typically used in Remix apps.
The npm package remix-params-helper receives a total of 3,323 weekly downloads. As such, remix-params-helper popularity was classified as popular.
We found that remix-params-helper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.