Joi, a popular object schema validation library for JavaScript, saw a significant shift between versions 14.3.1 and 17.1.1. While both maintain the core function of schema validation under the BSD-3-Clause license, the internal architecture and dependency landscape experienced a major overhaul. Version 17.1.1 reflects a move towards the Hapi ecosystem, replacing core dependencies like hoek and topo with @hapi/hoek and @hapi/topo respectively, alongside new additions like @hapi/address, @hapi/formula, and @hapi/pinpoint. This demonstrates a consolidation and potentially improved compatibility within the Hapi.js framework.
The development dependencies also showcase a shift, dropping tools like hapitoc in favor of @hapi/lab, @hapi/code, and @hapi/bourne, reinforcing the Hapi toolkit integration for testing and development. Notably, version 17.1.1 also uses @hapi/joi-legacy-test which tests against the legacy version @hapi/joi@15.x.x.
Beyond the dependency changes, the size of the package almost doubled, with unpackedSize increasing from 192877 bytes in version 14.3.1 to 428922 bytes in version 17.1.1. This indicates a considerable expansion of the library's functionality or internal complexities. Developers considering upgrading should carefully examine these changes and ensure compatibility with their existing code. Importantly, the repository URL changed from github.com/hapijs/joi.git to github.com/sideway/joi.git, which reflects the shift of ownership. The release date provides a temporal context, with version 17.1.1 arriving almost two years after version 14.3.1, giving developers insight of how recent is each version.
The are not vulnerabilities for the version 17.1.1 of the package joi
