elysiaJS

t.String({ format: 'url' }) is vulnerable to redos on long URL It only has an impact on a specific pattern with a long URL string (> 4096 characters) Valid URL, and most value isn't affected by redos As a workaround, it's recommended to 1. Limit the URL string to a reasonable limit (< 384) 2. If a long URL string is necessary, it's recommended to update Elysia to at least 1.4.26 We will disclose a vulnerability in the upcoming week

I think Elysia make a lot of sense for meta-framework API routes API routes are usually lacking in documentation area because of rapid development so it's somewhat hard to track when something changes Elysia fix that because it's self-documenting by offering: 1. Eden Treaty: End-to-end type safety w/ RPC-like client similar to tRPC 2. OpenAPI: Tight integration with OpenAPI and runtime schema with Standard JSON Schema eg. TypeBox, Zod, etc. 3. OpenAPI Type Gen: Automatic documenting all possible type based on HTTP status using return type infers directly from TypeScript type Because it's Single Source of Truth from runtime to type to OpenAPI documentation to Frontend via RPC-like client without generator means nothing is out of sync and directly infers from code This means if something changes, it would show exactly where it could cause error and if your code works and the documentation would update instantly without effort It's a REST API, so everyone already knows it and you can just use something like OpenAPI generator for other languages as necessary to works with And it's using Web Standard API so it works with most meta framework like Nextjs, Nuxt, Tanstack Start, Astro and so on Elysia is "If your code works, it's self documented"