Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Suretype is a JSON validator targeting TypeScript and JSON Schema. It is ridiculously type safe when used in TypeScript, which is good for accuraccy, but also for aiding IDE auto-complete.
❯ yarn benchmark
Joi x 385,563 ops/sec ±0.39% (95 runs sampled)
Superstruct x 257,141 ops/sec ±0.34% (90 runs sampled)
suretype x 21,499,582 ops/sec ±0.85% (92 runs sampled)
It supports most (if not all) of JSON schema, and nothing beyond that, so that the validator schemas written in TypeScript (or JavaScript) can be ensured to be convertible into JSON schema. This also prevents suretype from becoming feature bloated - it has a small and extremely simple API.
Errors are prettified using awesome-ajv-errors.
From a validator schema defined with suretype, you can trivially:
The following is a validator schema using suretype:
import { v } from "suretype"
const userSchema = v.object( {
firstName: v.string( ).required( ),
lastName: v.string( ),
age: v.number( ).gte( 21 ),
} );
This schema object can be compiled into validator functions, and it can be used to deduce the corresponding TypeScript type:
import type { TypeOf } from "suretype"
type User = TypeOf< typeof userSchema >;
This type is compile-time constructed (or deduced), and is semantically identical to:
interface User {
firstName: string;
lastName?: string;
age?: number;
}
Note the ?
for the optional properties, i.e. those that aren't followed by required()
.
There are three ways of compiling a validator function; choose the one that best fits your application and situation. Given:
import { compile } from "suretype"
const data = ... // get data from somewhere, e.g. as a TypeScript unknown
The default behaviour of compile
is to return a validator function returning extended Ajv output.
const userValidator = compile( userSchema );
userValidator( data );
// { ok: true } or
// { ok: false, errors: [Ajv errors...], explanation: string }
The explanation
is a pretty-printed error.
Use the second optional argument to specify simple
mode. The return is a boolean, type guarded.
const isUser = compile( userSchema, { simple: true } );
isUser( data ); // true | false, usable as guard:
// Realistic usage:
if ( isUser( data ) ) {
// Valid TypeScript, <data> is now typed(!) as the User type above
data.firstName;
} else {
// TypeScript compile error(!), <data> is unknown
data.firstName;
}
Specify ensure
mode to get a validator function which returns the exact same output as the input (referentially equal), but with a deduced type. This is often the most practical mode.
const ensureUser = compile( userSchema, { ensure: true } );
ensureUser( data ); // returns data or throws an error if the data isn't valid.
// Realistic usage:
const user = ensureUser( data );
// <user> is ensured to be valid, *and* is of type User (as above)
user.firstName; // string
user.foo; // TypeScript compile-time error, there is no `foo` in User
On validation failure, the error thrown will be of the class ValidationError
, which has both the raw Ajv errors as an errors
property, and the pretty explanation in the property explanation
.
Note: The returned ensurer function can optionally take a type parameter as long as it is equal to or compatible with the deduced type. This means that if the type is exported from suretype to decorated TypeScript declaration files (with annotations), those types can be used as a type parameter, and the returned type will be that type. Example:
import type { User } from './generated/user'
const user = ensureUser< User >( data );
// user is now of type User
Sometimes it's handy to not describe the validator schema programmatically, but rather use a raw JSON Schema. There will be no type deduction, so the corresponding interface must be provided explicitly. Only use this if you know the JSON Schema maps to the interface! raw
works just like the v.*
functions and returns a validator schema. It can also be annotated.
import { raw, compile } from 'suretype'
type User = ...; // Get this type from somewhere
const userSchema = raw< User >( { type: 'object', properties: { /* ... */ } } );
// Compile as usual
const ensureUser = compile( userSchema, { ensure: true } );
You can annotate a validator schema using suretype()
or annotate()
. The return value is still a validator schema, but when exporting it, the annotations will be included.
The difference between suretype()
and annotate()
is that suretype()
requires the name
property, where as it's optional in annotate()
. Use suretype()
to annotate top-level schemas so that they have proper names in the corresponding JSON Schema.
Annotations are useful when exporting the schema to other formats (e.g. JSON Schema or pretty TypeScript interfaces).
import { suretype, annotate, v } from "suretype"
const cartItemSchema = suretype(
// Annotations
{ name: "CartItem" },
// The validator schema
v.object( {
productId: annotate( { title: "The product id string" }, v.string( ) ),
// ...
} )
);
The interface (i.e. the fields you can use) is called Annotations
:
interface Annotations {
name: string;
title?: string;
description?: string;
examples?: Array< string >;
}
where only the name
is required.
The following are two types, one using (or depending on) the other. They are named, which will be reflected in the JSON schema, shown below.
The userSchema
is the same as in the above example, although it's wrapped in suretype()
which annotates it with a name and other attributes.
import { suretype, v } from "suretype"
const userSchema = suretype(
{
name: "V1User",
title: "User type, version 1",
description: `
A User object must have a firstName property,
all other properties are optional.
`,
examples: [
{
firstName: "John",
lastName: "Doe",
}
],
},
v.object( {
firstName: v.string( ).required( ),
lastName: v.string( ),
age: v.number( ).gte( 21 ),
} )
);
const messageSchema = suretype(
{
name: "V1Message",
title: "A message from a certain user",
},
v.object( {
user: userSchema.required( ),
line: v.string( ).required( ),
} )
);
The JSON schema for these can be extracted, either each type by itself:
import { extractSingleJsonSchema } from "suretype"
const jsonSchema = extractSingleJsonSchema( userSchema ); // The JSON schema for User
or as all types at once, into one big JSON schema. In this case, all validation schemas provided must be wrapped with suretype()
, as they will become JSON schema "definitions" and therefore must have at least a name.
import { extractJsonSchema } from "suretype"
const jsonSchema = extractJsonSchema( [ userSchema, messageSchema ] );
The jsonSchema
object (which can be JSON.stringify
'd) will be something like:
{
"$schema": "http://json-schema.org/draft-07/schema#",
"definitions": {
"V1User": { // <-- This corresponds to the "name" property in suretype()
"title": "User type, version 1",
"description": "A User object must have a firstName property,\nall other properties are optional.",
"examples": [
{
"firstName": "John",
"lastName": "Doe"
}
],
"type": "object",
"properties": {
"firstName": { "type": "string" },
"lastName": { "type": "string" },
"age": { "type": "number", "minimum": 13 }
},
"required": [ "firstName" ]
},
"V1Message": {
"title": "A message from a certain user",
"type": "object",
"properties": {
"user": { "$ref": "#/definitions/V1User" }, // <-- Proper references
"line": { "type": "string" }
},
"required": [ "user", "line" ]
}
}
}
FAQs
Typesafe JSON (Schema) validator with magic powers 🧙♂️
The npm package suretype receives a total of 33,781 weekly downloads. As such, suretype popularity was classified as popular.
We found that suretype demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.