← Back to list
zod-validation-patterns
by aiskillstore
Security-audited skills for Claude, Codex & Claude Code. One-click install, quality verified.
⭐ 102🍴 3📅 Jan 23, 2026
Run in ManusSKILL.md
name: zod-validation-patterns description: This skill provides comprehensive patterns for using Zod validation library in TypeScript applications. It ensures input validation is done correctly, securely, and consistently across the codebase.
Zod Validation Patterns Skill
Use this skill when: Working with user input validation, API request validation, form data validation, or data transformation in Quetrex.
Purpose
This skill provides comprehensive patterns for using Zod validation library in TypeScript applications. It ensures input validation is done correctly, securely, and consistently across the codebase.
What's Covered
-
Schema Patterns - Complete guide to all Zod schema types
- Primitives (string, number, boolean, date)
- Collections (array, object, map, set, record)
- Advanced types (union, intersection, discriminated unions)
- Optional/nullable patterns
- Branded types and recursive schemas
-
Error Handling - Robust error management
- Custom error messages
- Internationalization (i18n)
- Error formatting for UI display
- Safe parsing patterns
- Error recovery strategies
-
Refinements - Custom validation logic
- Basic and chained refinements
- Cross-field validation
- Conditional validation
- Business logic validation
- File upload validation
-
Transforms - Data transformation and normalization
- Type coercion
- Data cleaning and normalization
- Computed fields
- Preprocessing patterns
-
Async Validation - Asynchronous validation patterns
- Database uniqueness checks
- API validations
- Concurrent async validations
- Error handling and timeouts
-
Type Inference - TypeScript type extraction
- z.infer patterns
- Input vs output types
- Generic schema types
- Discriminated union inference
-
API Integration - Next.js integration patterns
- API routes validation
- Server Actions validation
- Form data and file uploads
- Error response formatting
-
Common Schemas - Reusable schema library
- Email, password, phone validation
- URL, UUID, date schemas
- Address, credit card validation
- Username, slug, color schemas
Quick Start
Basic Usage
import { z } from 'zod'
// Define schema
const userSchema = z.object({
email: z.string().email(),
age: z.number().int().positive(),
role: z.enum(['admin', 'user'])
})
// Parse data (throws on error)
const user = userSchema.parse(data)
// Safe parse (returns result object)
const result = userSchema.safeParse(data)
if (result.success) {
console.log(result.data)
} else {
console.error(result.error)
}
Type Inference
// Extract TypeScript type from schema
type User = z.infer<typeof userSchema>
// { email: string; age: number; role: 'admin' | 'user' }
API Route Example
// src/app/api/users/route.ts
import { NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
const createUserSchema = z.object({
email: z.string().email(),
password: z.string().min(8)
})
export async function POST(request: NextRequest) {
const body = await request.json()
const result = createUserSchema.safeParse(body)
if (!result.success) {
return NextResponse.json(
{ error: 'Validation failed', details: result.error.format() },
{ status: 400 }
)
}
// Process validated data
const { email, password } = result.data
// ...
}
When to Use This Skill
DO Use for:
- API request validation - All incoming data to API routes
- Form submission validation - Client and server-side
- Database input validation - Before inserting/updating
- Configuration validation - Environment variables, config files
- File upload validation - Size, type, content validation
- External API responses - Validate third-party data
DON'T Use for:
- Simple type checks - Use TypeScript types when validation isn't needed
- Runtime performance-critical paths - Validation has overhead
- Already validated data - Don't re-validate trusted internal data
Best Practices
- Validate at boundaries - API routes, Server Actions, external data sources
- Use safe parsing - Prefer
safeParse()overparse()for better error handling - Provide clear error messages - Customize messages for user-facing validation
- Reuse common schemas - Use schemas from
common-schemas.md - Type inference - Always use
z.infer<typeof schema>for TypeScript types - Test edge cases - Write tests for validation logic
- Document complex schemas - Add JSDoc comments for business rules
Common Patterns
1. Optional Fields with Defaults
const configSchema = z.object({
timeout: z.number().int().positive().default(30),
retries: z.number().int().min(0).default(3),
debug: z.boolean().optional()
})
2. Conditional Required Fields
const addressSchema = z.object({
country: z.string(),
state: z.string().optional()
}).refine(
data => data.country === 'US' ? !!data.state : true,
{ message: 'State is required for US addresses', path: ['state'] }
)
3. Transform and Validate
const emailSchema = z.string()
.trim()
.toLowerCase()
.email()
4. Discriminated Unions
const eventSchema = z.discriminatedUnion('type', [
z.object({ type: z.literal('click'), x: z.number(), y: z.number() }),
z.object({ type: z.literal('keypress'), key: z.string() })
])
5. Async Database Check
const usernameSchema = z.string()
.min(3)
.max(20)
.regex(/^[a-zA-Z0-9_-]+$/)
.refine(async (username) => {
const existing = await db.user.findUnique({ where: { username } })
return !existing
}, { message: 'Username already taken' })
Integration with Quetrex
TypeScript Strict Mode Compliance
All schemas must work with TypeScript strict mode:
- No
anytypes - No
@ts-ignorecomments - Explicit type inference with
z.infer
Testing Requirements
Validation logic requires comprehensive tests:
- Happy path - Valid data passes
- Edge cases - Boundary values, empty strings, null/undefined
- Error cases - Invalid data produces expected errors
- Custom validations - All refinements and transforms tested
Server Actions Pattern
'use server'
import { z } from 'zod'
const createProjectSchema = z.object({
name: z.string().min(1).max(100),
description: z.string().optional()
})
export async function createProject(formData: FormData) {
const result = createProjectSchema.safeParse({
name: formData.get('name'),
description: formData.get('description')
})
if (!result.success) {
return { error: result.error.format() }
}
// Process validated data
return { success: true, data: result.data }
}
Resources
- Zod Documentation: https://zod.dev/
- TypeScript Handbook: https://www.typescriptlang.org/docs/handbook/
- Next.js Server Actions: https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations
Navigation
Start with:
- Schema Patterns - Learn all schema types
- Common Schemas - Use ready-made schemas
- API Integration - Integrate with Next.js
Then explore:
- Error Handling - Better error messages
- Refinements - Custom validation logic
- Transforms - Data transformation
- Async Validation - Database/API checks
- Type Inference - Advanced TypeScript patterns
Last updated: 2025-11-23 | Zod v4.1.12
Score
Total Score
60/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
○説明文
100文字以上の説明がある
0/10
✓人気
GitHub Stars 100以上
+5
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
