Rust-powered static analysis for TypeScript APIs.
Find unvalidated req.body, req.query, and req.params — before they cause runtime errors or security vulnerabilities.
No install needed. Just run:
npx @stephen-collins-tech/ts-validator path/to/entry-file.tsOptions:
npx @stephen-collins-tech/ts-validator --help- Recursively parses
.tsand.tsxfiles. - Detects raw access to external inputs like
req.body. - Flags usage that may lack proper runtime validation.
- Supports flags:
--json,--fail-on-warning,--help,--version.
TypeScript protects you at compile time.
ts-validator protects you at runtime — when external data actually hits your app.
Don't trust unvalidated input. Catch it automatically.
Want to build locally or extend the tool?
See CONTRIBUTING.md.
npx @stephen-collins-tech/ts-validator src/index.tsOutput:
For CI/CD pipelines or programmatic usage, you can output the results as JSON:
npx @stephen-collins-tech/ts-validator src/index.ts --jsonThis outputs a single JSON string with the following structure:
{
"files_parsed": 10,
"violations_count": 3,
"elapsed_time_ms": 256,
"violations": [
{
"file": "src/controllers/user.ts",
"line": 12,
"column": 23,
"kind": "DirectAccess",
"message": "Unvalidated direct access: req.body"
}
]
}By default, ts-validator always returns an exit code of 0 even when violations are found.
If you want to fail CI pipelines or scripts when violations are detected, use the --fail-on-warning flag:
npx @stephen-collins-tech/ts-validator src/index.ts --json --fail-on-warningThis will output the JSON data and exit with code 1 if any violations are found.
npm install -g @stephen-collins-tech/ts-validator
ts-validator --versionnpm install --save-dev @stephen-collins-tech/ts-validatorThen in your package.json:
"scripts": {
"validate": "ts-validator src/index.ts"
}- Smarter validation detection (
schema.parse(req.body))
MIT License.