A Zod misuse I've noticed: Validating function args
A Zod misuse I've noticed: Validating function args.
Zod is for validating runtime input:
- URL params
- HTTP Responses
- localStorage
- Cookies
- Reading from files
Avoid using Zod to validate function args. The args are already strongly typed by TypeScript itself.
"But TypeScript doesn't exist at runtime."
Yep.
So, validate runtime inputs via Zod.
Validate a URL param when it's read from the URL.
Validate an HTTP response when it's parsed to JSON.
etc.
Don't allow unvalidated inputs to "flow" through the app.