Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The typanion npm package is a comprehensive solution for runtime input validation in JavaScript and TypeScript applications. It allows developers to ensure that the data their applications process meets certain criteria, thereby preventing unexpected errors and improving data integrity. Typanion offers a flexible and expressive API for defining validation rules, making it suitable for a wide range of use cases.
Basic Type Validation
This feature allows for basic type validation, such as checking if a value is a number. The code sample demonstrates how to use the `isNumber` function to validate numeric values.
{"const {isNumber} = require('typanion');
const validate = isNumber();
console.log(validate(42)); // {ok: true, errors: []}
console.log(validate('hello')); // {ok: false, errors: [...]}"}
Complex Object Validation
This feature enables complex object validation, allowing developers to validate nested objects and apply multiple validation rules. The code sample shows how to validate a user object with both `name` and `email` fields.
{"const {isObject, isString, applyCascade} = require('typanion');
const validateUser = isObject({
name: isString(),
email: applyCascade(isString(), [isEmail()])
});
console.log(validateUser({name: 'John Doe', email: 'john@example.com'})); // {ok: true, errors: []}"}
Custom Validation Rules
Typanion allows for the creation of custom validation rules. This feature is particularly useful for domain-specific validations. The code sample illustrates how to define and use a custom validator to check if a person is an adult.
{"const {createValidator} = require('typanion');
const isAdult = createValidator({
test: (value) => value >= 18,
message: (value) => `${value} is not an adult`
});
console.log(isAdult(21)); // {ok: true, errors: []}
console.log(isAdult(16)); // {ok: false, errors: [...]}"}
Joi is a powerful schema description language and data validator for JavaScript. It offers a similar range of functionalities for validating data structures but with a slightly different API design. Compared to typanion, Joi might be considered more feature-rich but also more complex for simple use cases.
Yup is a lean JavaScript schema builder for value parsing and validation. It integrates well with form libraries and is often used in front-end applications. While it provides similar validation capabilities, Yup focuses more on simplicity and ease of use compared to the more flexible and comprehensive approach of typanion.
Validator is a library of string validators and sanitizers. Unlike typanion, which offers a wide range of validation types and custom validation logic, Validator focuses primarily on string validation, making it more specialized but less versatile for different data types.
Static and runtime type assertion library with no dependencies
yarn add typanion
Compared to yup, Typanion has a better inference support for TypeScript + supports isOneOf
. Its functional API makes it very easy to tree shake, which is another bonus (although the library isn't very large in itself).
Check the website for our documentation: mael.dev/typanion.
First define a schema using the builtin operators:
import * as t from 'typanion';
const isMovie = t.isObject({
title: t.isString(),
description: t.isString(),
});
Then just call the schema to validate any unknown
value:
const userData = JSON.parse(input);
if (isMovie(userData)) {
console.log(userData.title);
}
Passing a second parameter allows you to retrieve detailed errors:
const userData = JSON.parse(input);
const errors: string[] = [];
if (!isMovie(userData, {errors})) {
console.log(errors);
}
You can also apply coercion over the user input:
const userData = JSON.parse(input);
const coercions: Coercion[] = [];
if (isMovie(userData, {coercions})) {
// Coercions aren't flushed by default
for (const [p, op] of coercions) op();
// All relevant fields have now been coerced
// ...
}
You can derive the type from the schema and use it in other functions:
import * as t from 'typanion';
const isMovie = t.isObject({
title: t.isString(),
description: t.isString(),
});
type Movie = t.InferType<typeof isMovie>;
// Then just use your alias:
const printMovie = (movie: Movie) => {
// ...
};
Schemas can be stored in multiple variables if needed:
import * as t from 'typanion';
const isActor = t.isObject({
name: t.isString();
});
const isMovie = t.isObject({
title: t.isString(),
description: t.isString(),
actors: t.isArray(isActor),
});
Copyright © 2020 Mael Nison
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Simple runtime TypeScript validator library
The npm package typanion receives a total of 1,895,211 weekly downloads. As such, typanion popularity was classified as popular.
We found that typanion demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.