Skip to content

feat: type inference for check function #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Laurin-W wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: type inference for check function #355

Laurin-W wants to merge 3 commits into from

Conversation

@Laurin-W
Copy link

@Laurin-W Laurin-W commented Nov 8, 2025

The PR adds utility types that can infer the TypeScript types from validation schemas.

This is the type inference part that is eventually intended to be used in moleculer to infer the parameter types of action handlers.

I modified the compile() function of the Validator so that the returned check function expects the TS type that was specified in the schema passed to compile().
If you prefer to not have this implemented with the check()/compile() function, let me know. We could also just export the utility types for external use (by moleculer).

Note that the inference types do not support all features that the validator does. For example, "email" or "uuid" are interpreted as string.
Also, type inference for validators with the considerNullAsAValue flag are not implemented (it does not seem to be a very common use case and the complexity would grow. Let me know if you think it should be implemented).

This is WIP.
The TS unit tests are not yet adapted (they will require // @ts-expect-error comments for check() calls with invalid objects).

@Laurin-W
feat: type inference for check function.
851fcfe
@Laurin-W
update unit tests, fix remaining index.d.ts issues, update tsconfig, run
c80aec4 
up to date, audited 1266 packages in 3s

85 packages are looking for funding
  run `npm fund` for details

# npm audit report

form-data  <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4
No fix available
node_modules/form-data
  request  *
  Depends on vulnerable versions of form-data
  Depends on vulnerable versions of tough-cookie
  node_modules/request
    coveralls  *
    Depends on vulnerable versions of request
    node_modules/coveralls

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install npm-check@3.2.10, which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        npm-check  >=3.2.7
        Depends on vulnerable versions of inquirer
        Depends on vulnerable versions of package-json
        Depends on vulnerable versions of update-notifier
        node_modules/npm-check

semver  7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install nodemon@3.1.11, which is a breaking change
node_modules/simple-update-notifier/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

tmp  <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install npm-check@3.2.10, which is a breaking change
node_modules/tmp
  external-editor  >=1.1.1
  Depends on vulnerable versions of tmp
  node_modules/external-editor
    inquirer  3.0.0 - 8.2.6 || 9.0.0 - 9.3.7
    Depends on vulnerable versions of external-editor
    node_modules/inquirer

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

15 vulnerabilities (3 low, 7 moderate, 3 high, 2 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.
@Laurin-W Laurin-W marked this pull request as ready for review December 15, 2025 10:35
@Laurin-W
Copy link
Author

Laurin-W commented Dec 15, 2025

Hello everyone,
this PR is now ready for review.

The TypeScript tests are updated and you can play around with them to see what it "feels like" working with the inferred TS types.

Note that I did not add support for the validate() function because it would cause "type instantiation is excessively deep and possibly infinite" errors. So type inference is supported by the function returned by compile() only.

Happy to hear about your feedback and let me know if you have questions!

Btw, the TypeScript 7 native implementation is in a usable state now and a charm to play with (since it's ~10x faster, everything feels more "instant").
The minimum required TS version is 4.9.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Laurin-W