Runtime Validation in Node.js with TypeScript: Zod & Yup

In full-stack development, especially when using Node.js with TypeScript, ensuring data integrity at runtime is crucial. This involves validating incoming data (like API requests) against expected structures and types. Libraries like Zod and Yup provide powerful, schema-driven solutions for this, bridging the gap between TypeScript's compile-time safety and JavaScript's dynamic nature.

Why Runtime Validation?

While TypeScript excels at catching type errors during development (compile-time), it doesn't inherently validate data that arrives at runtime, such as from external APIs, user inputs, or database queries. Runtime validation ensures that the data conforms to the expected shape and types before it's processed, preventing unexpected errors, security vulnerabilities, and data corruption.

Think of runtime validation as a security checkpoint for your data. Even if your TypeScript code is perfectly typed, untrusted data entering your application needs to be verified.

Introducing Zod

Zod is a TypeScript-first schema declaration and validation library. It allows you to define data schemas in TypeScript, which are then used for both compile-time checking and runtime validation. Zod schemas are incredibly expressive and can represent complex data structures.

Zod schemas define data shapes and validate them at runtime.

Zod schemas are built using a fluent API. You define expected types, shapes, and constraints. For example, a user object might require a string 'name' and a number 'age'.

A basic Zod schema for a user might look like this:

import { z } from 'zod';

const UserSchema = z.object({
  name: z.string().min(1),
  age: z.number().positive(),
  email: z.string().email().optional(),
});

// Usage:
type User = z.infer<typeof UserSchema>; // Infer TypeScript type

const validUserData = { name: 'Alice', age: 30 };
const invalidUserData = { name: '', age: -5 };

const result1 = UserSchema.safeParse(validUserData);
// result1 will be { success: true, data: { name: 'Alice', age: 30 } }

const result2 = UserSchema.safeParse(invalidUserData);
// result2 will be { success: false, error: ZodError {...} }

Zod's safeParse method returns a result object indicating success or failure, along with the parsed data or validation errors. This makes integrating Zod into API handlers straightforward.

Introducing Yup

Yup is another popular schema builder for value validation. While not strictly TypeScript-first like Zod, it integrates very well with TypeScript and offers a robust set of validation rules and a clear API for defining schemas.

Yup schemas define data shapes and validate them at runtime.

Yup schemas are built using a chainable API. You define expected types, constraints, and custom validation logic. Similar to Zod, it's used to validate incoming data.

Here's a Yup equivalent for the user schema:

import * as yup from 'yup';

const userSchema = yup.object({
  name: yup.string().min(1).required(),
  age: yup.number().positive().required(),
  email: yup.string().email().optional(),
});

// Usage:
type User = yup.InferType<typeof userSchema>; // Infer TypeScript type

async function validateUser(userData: any) {
  try {
    const validatedUser = await userSchema.validate(userData, { abortEarly: false });
    console.log('Validation successful:', validatedUser);
    return validatedUser;
  } catch (error) {
    console.error('Validation failed:', error.errors);
    throw error;
  }
}

const validUserData = { name: 'Bob', age: 25 };
const invalidUserData = { name: 'Charlie', age: 0 };

validateUser(validUserData);
validateUser(invalidUserData);

Yup's validate method throws an error if validation fails, which can be caught in a try...catch block. The abortEarly: false option allows collecting all validation errors.

Comparison: Zod vs. Yup

Feature	Zod	Yup
TypeScript Integration	Excellent (TypeScript-first)	Very Good
Schema Definition	Fluent API, Zod objects	Chainable API, Yup objects
Validation Result	Returns `{ success: boolean, data?: T, error?: ZodError }`	Throws `ValidationError` on failure, returns data on success
Type Inference	Built-in `z.infer<typeof schema>`	Built-in `yup.InferType<typeof schema>`
Error Handling	Structured error object	Error object with `errors` array
Async Validation	Supports async parsing	Supports async validation methods

Integrating with Node.js Frameworks (e.g., Express)

These libraries are commonly used in Node.js frameworks like Express.js to validate request bodies, query parameters, or route parameters. You can create middleware that intercepts incoming requests, validates the relevant data against a schema, and either proceeds to the next middleware/route handler or returns a validation error response.

Consider a typical Express.js route handler for creating a user. The request body needs to be validated before creating the user in the database. A Zod schema can be used to define the expected structure of the request body. The safeParse method is called on the request body. If validation succeeds, the parsed data (now guaranteed to match the schema) is passed to the controller function. If it fails, a 400 Bad Request response is sent back to the client with the validation errors.

📚

Text-based content

Library pages focus on text content

What is the primary benefit of using Zod or Yup in a Node.js TypeScript application?

To ensure data integrity at runtime by validating incoming data against predefined schemas, preventing errors and security issues.

How does Zod handle validation failures?

Zod's safeParse method returns an object with a success: false property and a ZodError object containing details about the failures.

What is the purpose of yup.InferType?

It infers a TypeScript type from a Yup schema, allowing for compile-time type checking of data that has been validated by Yup.

Learning Resources

Zod Official Documentation(documentation)

The official documentation for Zod, covering its features, API, and usage with comprehensive examples.

Yup Official Documentation(documentation)

The official GitHub repository for Yup, providing installation instructions, API reference, and usage examples.

Zod: Type-safe data validation for TypeScript(video)

A video tutorial demonstrating how to use Zod for robust data validation in TypeScript projects.

Mastering Yup for Form Validation in React(video)

While focused on React, this video provides excellent insights into Yup's schema building and validation capabilities applicable to Node.js.

Validating API Requests with Zod in Node.js(blog)

A blog post detailing how to implement runtime validation for API requests in a Node.js backend using Zod.

Using Yup for Validation in Express.js(blog)

A practical guide on integrating Yup validation into Express.js applications for securing API endpoints.

TypeScript Runtime Validation: Zod vs Yup(video)

A comparative video discussing the pros and cons of Zod and Yup for runtime validation in TypeScript projects.

Express.js Middleware for Validation(documentation)

Official Express.js documentation on middleware, essential for understanding how to integrate validation libraries into your backend.

Schema Validation in Node.js(documentation)

The npm page for Zod, offering a quick overview and link to its repository and documentation.

Yup: JavaScript schema builder for validation(documentation)

The npm page for Yup, providing installation details and a brief description of its purpose.

Using libraries like Zod or Yup for runtime validation