top | item 22819106

(no title)

I completely agree with the more general point, that consuming external data requires a validation layer. But oh boy do I have feelings about class-validator.

Here's what it looks like to correctly annotate an array of objects with with class-validator and json-schema annotations:

  @ApiProperty({ type: Foo, isArray: true })
  @ValidateNested({ each: true })
  @Type(() => Foo)
  @IsArray()
  items: Foo[];

It's not just that you have to define everything in triplicate, it's that the failure mode for forgetting any of the above is to silently not validate your data. Unless you're very careful, you don't get the safety benefits that were the whole point of using class-validator in the first place.

If I were starting from scratch, I would instead consider either io-ts or a solution that involves a code generation step, where this entire category of risk is avoided.

discuss

No comments yet.