Zod, a TypeScript-first schema declaration and validation library known for its static type inference, released version 1.0.5 shortly after version 1.0.4. While both share the same core description, license (MIT), repository, and author details (Colin McDonnell), a few subtle differences might interest developers.
Primarily, the release dates indicate a rapid iteration, with version 1.0.5 appearing a mere two hours after 1.0.4. This suggests a quick patch or minor adjustment. The dist object highlights these differences .The unpackedSize of version 1.0.5 is slightly larger (44553 bytes) than version 1.0.4 (44056 bytes), representing only a slight increase around 500 bytes. The fileCount remains constant at 23.
For developers, this information signals that the update from 1.0.4 to 1.0.5 is likely a bug fix or very minor enhancement. Before upgrading, it is recommended to review the changelog (typically found on the project's GitHub repository) to understand the specific changes incorporated. This might detail fixed validation errors, performance optimizations, or minor API tweaks. Given the extremely short release window, it's improbable that major features were introduced. If users encounter any problems with 1.0.4, upgrading to 1.0.5 is recommended, as it likely addresses those issues. Overall, both versions offer a schema declaration and validation approach, therefore understanding the difference between these two versions is negligible.
All the vulnerabilities related to the version 1.0.5 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
