Zod, a TypeScript-first schema declaration and validation library known for its static type inference, saw a version update from 3.17.10 to 3.18.0. While both versions share core functionalities like schema definition and validation, subtle changes in the developer tooling suggest improvements and shifts in the build process. One notable difference lies in the introduction of tsx as a development dependency in version 3.18.0, replacing esbuild and esbuild-runner present in the older version. This switch likely indicates a move towards a more streamlined or efficient development workflow, where tsx provides direct TypeScript execution for faster development cycles.
Developers upgrading to 3.18.0 will benefit from potentially faster local development and testing iterations due to the tsx integration. The core functionality of Zod for defining and validating schemas remains consistent, ensuring that existing codebases remain compatible. The consistent usage of tools like eslint, prettier, and typescript signifies a commitment to code quality and maintainability across versions. The unpacked size of the newer version has also slightly increased, suggesting possible new features or improvements within the library itself, though further investigation might be needed to confirm the actual cause. The focus on static type inference continues to make Zod a top choice for TypeScript developers needing robust data validation.
All the vulnerabilities related to the version 3.18.0 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
