Zod, a TypeScript-first schema declaration and validation library, offers static type inference, simplifying data validation in your projects. Comparing versions 3.13.0 and 3.12.1 reveals subtle but potentially impactful differences. While both share the same core development dependencies like Jest, TypeScript, Rollup, and ESLint, suggesting a consistent development environment and coding standards, the key lies in the distribution details.
Version 3.13.0 boasts a smaller unpacked size of 411621 compared to 3.12.1's 549581, with fewer files (32 vs 61). This reduction suggests potential optimizations in the build process, leading to a leaner package. This could translate to faster installation times and a smaller footprint in your node_modules directory, beneficial for projects concerned with bundle size and performance. Furthermore, version 3.13.0 was released more recently.
Developers should consider these factors when choosing between the versions. If minimizing package size and ensuring the most recent fixes is a priority, version 3.13.0 is preferable. However, carefully review the changelog for any breaking changes between the versions to ensure smooth integration into existing projects. Keep in mind that changes in file count and overall size implies modification on the shipped code that must be considered.
All the vulnerabilities related to the version 3.13.0 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
