ConfigsJul 2, 2026·3 min read

Validator.js — String Validation and Sanitization for JavaScript

A library of string validators and sanitizers for JavaScript and Node.js covering emails, URLs, credit cards, and dozens of other formats.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Script
Install
Stage only
Trust
Trust: Established
Entrypoint
Validator.js
Safe staging command
npx -y tokrepo@latest install 040a0766-75ce-11f1-9bc6-00163e2b0d79 --target codex

Stages files first; activation requires review of the staged README and plan.

Introduction

Validator.js is a library of string validators and sanitizers for JavaScript. It runs in both Node.js and browser environments, giving you a single dependency for checking emails, URLs, UUIDs, credit card numbers, and many more common formats.

What Validator.js Does

  • Validates over 80 string formats including email, URL, IP, UUID, and ISO dates
  • Sanitizes input by trimming, escaping HTML, normalizing emails, and stripping low bytes
  • Works in Node.js and the browser with zero external dependencies
  • Provides locale-aware validation for phone numbers, postcodes, and tax IDs
  • Supports custom validation by composing built-in checks

Architecture Overview

Validator.js is a pure-function library with no classes or state. Each validator and sanitizer is an independent function that takes a string and returns a boolean or transformed string. The library ships as a single ES module with tree-shakeable named exports, keeping bundle size small when you import only what you need.

Self-Hosting & Configuration

  • Install via npm, yarn, or pnpm for Node.js projects
  • Import individual validators to reduce bundle size in frontend builds
  • No configuration files are needed as each function is self-contained
  • Use the sanitizer functions at your API boundary before storing user input
  • Pair with schema libraries like Zod or Yup for object-level validation

Key Features

  • Over 80 built-in validators covering common web input patterns
  • Locale-specific checks for phone numbers and postal codes across 50+ countries
  • Lightweight with zero dependencies and a small bundle footprint
  • Consistent API where every function takes a string and options object
  • Active maintenance with regular updates for new validation rules

Comparison with Similar Tools

  • Zod — validates typed objects and schemas; Validator.js focuses on raw string checks
  • Yup — schema-based with async support; Validator.js is synchronous string-only
  • joi — Hapi ecosystem schema validator; Validator.js is framework-agnostic
  • class-validator — decorator-based for TypeScript classes; Validator.js uses plain functions
  • Valibot — modular schema builder; Validator.js is a flat collection of string utilities

FAQ

Q: Can I use Validator.js in the browser? A: Yes. It ships as an ES module and works in any modern browser or bundler.

Q: Does it validate objects or only strings? A: Only strings. For object validation, pair it with a schema library.

Q: Is it safe to rely on for security-critical input? A: It is widely used for input sanitization, but always combine it with server-side checks and parameterized queries.

Q: How do I add a custom validator? A: Compose existing validators in a wrapper function; the library does not have a plugin API.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets