Zod, a TypeScript-first schema declaration and validation library, offers static type inference for enhanced development workflows. Comparing versions 1.2.3 and 1.2.2 reveals subtle but noteworthy changes for developers. While both versions share the same core functionality, dependencies, and development tools such as Jest, TSLint, and TypeScript, along with a MIT license and the same author, Colin McDonnell, the key distinction lies in the distribution details.
Version 1.2.3 shows a slightly larger file count in the distributed tarball (102 files) compared to version 1.2.2 (97 files). Both have the same unpacked size, 163704 bytes, indicating a potentially more organized or modular structure in the newer version, although the impact on performance is likely minimal. Another subtle change is in the repository URL in the package metadata, from git+https://github.com/vriad/zod.git in 1.2.2 to just https://github.com/vriad/zod in 1.2.3.
Given the minor version increment and the nearly simultaneous release dates (separated by less than a minute), it’s likely that version 1.2.3 addresses a small bug fix, enhancements to the build process, or internal refactoring. Developers considering which version to use should generally opt for the latest stable release (1.2.3) to benefit from any potential corrections or optimizations. This incremental upgrade should provide a seamless transition, maintaining the core functionality and TypeScript-first focus that makes Zod an attractive choice for schema validation.
All the vulnerabilities related to the version 1.2.3 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
