Zod is a TypeScript-first schema declaration and validation library renowned for its static type inference capabilities. Versions 3.3.4 and 3.3.3 share the same core functionality and developer tooling, evidenced by identical devDependencies including linters, testing frameworks like Jest, and build tools such as Rollup. Both versions utilize the same configurations for code formatting (Prettier) and dependency management (lint-staged, dependency-cruiser). They also leverage identical TypeScript versions and related ESLint plugins.
The critical distinction lies in the dist object, specifically the unpackedSize. Version 3.3.4 exhibits a slightly larger unpacked size of 448924 bytes compared to 3.3.3's 448398 bytes suggesting minor code adjustments or additions. While both versions have the same number of files, the later version probably introduces internal fixes,optimizations or very small new features.
For developers choosing between the two, version 3.3.4 is the preferable option due to the likely inclusion of bug fixes or performance improvements. The difference between the versions is not relevant for the vast majority of developers since the versions only differs in the internal implementations and bug fixes to provide the same functionality. Regular updates are important to ensure you're benefitting from the latest enhancements and stability improvements within the Zod ecosystem.
All the vulnerabilities related to the version 3.3.4 of the package
Zod denial of service vulnerability
Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.
