Back to Explore

ajv-validator/ajv

GitHub
2 updates · last 90 days2 watchersOpen source

Last release:

Ajv is a fast JSON schema validator for Node.js and browsers. It supports JSON Schema draft-04/06/07/2019-09/2020-12 and JSON Type Definition (RFC8927), useful for validating JSON data against schema definitions.

Project status

  • Actively maintained, upstream has recent activity (last push 2026-05-12) and multiple version updates in 2026 (v8.18.0 on 2026-02-14, v8.19.0 and v8.20.0 on 2026-04-24).
  • Apparent update cadence is fairly regular for 2026, roughly every 1 to 3 months based on the provided recent updates (about 2 months from v8.18.0 to v8.19.0, then same-week updates to v8.20.0).

AI summary generated

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • v8.20.0

    v8.20.0 updates ajv to support newer Node.js runtimes (adding Node 22 and 24 support) and adjusts TypeScript lib settings to cover ES2022 RegExp features used by RegExpIndicesArray. The release notes only mention these two items, but the diff also includes repository build/test configuration changes.

    Breaking
  • v8.19.0

    v8.19.0 ships a security fix for prototype pollution related to the `$data` feature when resolving the `format` keyword. The change ensures format-name lookups do not allow `Object.prototype` properties to interfere with validation, with accompanying regression tests.

    Security
  • v8.18.0

    v8.18.0 adds `sideEffects: false` to the package metadata, updates documentation, and includes two functional fixes: special numeric serialization for JTD and a ReDoS mitigation for `$data`-driven `pattern`. The code changes reveal additional behavior that is not fully captured by the release notes, especially around the default handling of `Infinity`/`NaN` and how invalid `$data` patterns are handled at runtime.

    SecurityFeatures
  • v8.17.1

    v8.17.1 appears to be a patch release that only bumps the package version to 8.17.1. Based on the provided diff, there are no code changes beyond updating package.json.

  • v8.17.0

    v8.17.0 switches Ajv's internal URI parsing and resolution from uri-js to fast-uri, and adds coverage for resolving $ref values that contain encoded characters. The release notes describe this as the only functional change, alongside some lint and documentation adjustments.

    Breaking
  • v8.16.0

    v8.16.0 changes Ajv's URI handling by swapping the embedded URI implementation from fast-uri to uri-js across compile-time types, resolution logic, runtime URI utilities, docs, and tests. Although the release notes say it “revert[s] fast-uri change”, the actual diff indicates the opposite of a fast-uri revert, with fast-uri removed from runtime dependencies and uri-js becoming the default.

    Breaking
  • v8.15.0

    v8.15.0 switches AJV’s built-in URI handling from `uri-js` to `fast-uri`. The runtime, compiler resolution, and related TypeScript types were updated to import `fast-uri`, and the dependency list was adjusted accordingly.

    Breaking
  • v8.14.0

    Release v8.14.0 includes documentation improvements (maxLength/minLength warning), CI workflow updates, and a fix related to the discriminator keyword when schemas use external $refs. The core code change improves how ajv resolves $refs for discriminator oneOf entries and adds coverage for both compile and compileAsync paths.

  • v8.13.0

    v8.13.0 is primarily a tooling and packaging update, adding named exports for the main Ajv entry points and bumping dependency versions. The release notes are minimal, so the diff needs closer inspection for any behavioral changes that could affect consumers.

    Features
  • v8.12.0

    v8.12.0 focuses on JTD correctness fixes in the compiler and serializer, plus related improvements to TypeScript JTD schema typings. The release notes highlight empty schema handling (notably JTD values), discriminator behavior for objects with many properties, and correct narrowing from JTD number to integer, alongside an update to CI Node versions.

    Breaking