Package Exports
- @exodus/schemasafe
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@exodus/schemasafe) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@exodus/schemasafe
A code-generating JSON Schema validator that attempts to be reasonably secure.
Supports draft-04/06/07/2019-09.
Installation
npm install --save @exodus/schemasafeUsage
Simply pass a schema to compile it
const { validator } = require('@exodus/schemasafe')
const validate = validator({
type: 'object',
required: ['hello'],
properties: {
hello: {
type: 'string'
}
}
})
console.log('should be valid', validate({ hello: 'world' }))
console.log('should not be valid', validate({}))Custom formats
@exodus/schemasafe supports the formats specified in JSON schema v4 (such as date-time).
If you want to add your own custom formats pass them as the formats options to the validator
const validate = validator({
type: 'string',
format: 'only-a'
}, {
formats: {
'only-a': /^a+$/
}
})
console.log(validate('aa')) // true
console.log(validate('ab')) // falseExternal schemas
You can pass in external schemas that you reference using the $ref attribute as the schemas option
const ext = {
type: 'string'
}
const schema = {
$ref: 'ext#' // references another schema called ext
}
// pass the external schemas as an option
const validate = validator(schema, { schemas: { ext: ext }})
console.log(validate('hello')) // true
console.log(validate(42)) // falseEnabling errors shows information about the source of the error
When the includeErrors option is set to true, @exodus/schemasafe also outputs:
keywordLocation: a JSON pointer string as an URI fragment indicating which sub-schema failed, e.g.#/properties/item/typeinstanceLocation: a JSON pointer string as an URI fragment indicating which property of the object failed validation, e.g.#/item
const schema = {
type: 'object',
required: ['hello'],
properties: {
hello: {
type: 'string'
}
}
}
const validate = validator(schema, { includeErrors: true })
validate({ hello: 100 });
console.log(validate.errors)
// [ { keywordLocation: '#/properties/hello/type', instanceLocation: '#/hello' } ]Only the first error is reported by default unless allErrors option is also set to true in
addition to includeErrors.
See Error handling for more information.
Generate Modules
To compile a validator function to an IIFE, call validate.toModule():
const { validator } = require('@exodus/schemasafe')
const schema = {
type: 'string',
format: 'hex'
}
// This works with custom formats as well.
const formats = {
hex: (value) => /^0x[0-9A-Fa-f]*$/.test(value),
}
const validate = validator(schema, { formats })
console.log(validate.toModule())
/** Prints:
* (function() {
* 'use strict'
* const format0 = (value) => /^0x[0-9A-Fa-f]*$/.test(value);
* return (function validate(data) {
* if (data === undefined) data = null
* if (!(typeof data === "string")) return false
* if (!format0(data)) return false
* return true
* })})();
*/Performance
@exodus/schemasafe uses code generation to turn a JSON schema into javascript code that is easily
optimizeable by v8.
See Performance for information on options that might affect performace both ways.
Previous work
This is based on a heavily rewritten version of the amazing (but outdated) is-my-json-valid by @mafintosh.
Compared to is-my-json-valid, @exodus/schemasafe adds security-first design, many new features,
newer spec versions support, slimmer and more maintainable code, 0 dependencies, self-contained JS
module generation, fixes bugs and adds better test coverage, and drops support for outdated Node.js
versions.
License
MIT