Zod, a TypeScript-first schema declaration and validation library renowned for its static type inference, saw a jump from version 1.0.15 to 1.1.0 within a short timeframe reflecting active development. Both versions share a consistent set of development dependencies, including testing frameworks like Jest and Ts-Jest, linting tools such as TSLint and TSLint-config-prettier, and utilities like Nodemon, Prettier, and TypeScript. The license (MIT), repository location on GitHub, and author information remained constant between releases.
However, a key difference lies in the package size and content. Version 1.1.0 exhibits a notable increase in both file count (82 vs 66) and unpacked size (152158 bytes vs 123188 bytes) compared to version 1.0.15. This suggests significant additions or modifications to the library's core functionality, schema definitions or internal utilities. Developers migrating from the earlier version should expect a larger bundle size and potentially new features or breaking changes. Without specific release notes, developers should perform thorough testing to assure new and existing code functionality.
The release dates highlight rapid development, with version 1.1.0 released just a few days after 1.0.15 indicating possible bug fixes or feature enhancements. While the core purpose of Zod as a robust validation library remains the same, developers should investigate the incremental code changes released to leverage best practices and new components.
All the vulnerabilities related to the version 1.1.0 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
