| Sure. You tend to think about the edges of your application. 1. Router Tanstack Router: Supports runtime validation libraries such as z0d. So I have routes such as example.com/viewer/$uuid/$number, it should 400 if those aren't actually validate uuid and numbers. React Router: Supports Types, but every type is a string because, well, they technically are, but this isn't useful in practice in my opinion. There are 3rd party libs such as: https://github.com/fenok/react-router-typesafe-routes 2. API Lets say you're making your API public to clients you can't trust to send the correct data ( which probably also includes your own client ). https://www.npmjs.com/package/express-openapi-validator This library advertises validating both your input and your output 3. State https://github.com/pmndrs/zustand/discussions/1722 4. Database https://www.npmjs.com/package/prisma-zod-generator 5. Forms https://medium.com/@toukir.ahamed.pigeon/react-hook-form-wit... 6. ENV https://jfranciscosousa.com/blog/validating-environment-vari... Obviously checks on the agent are primarily a DX/UX thing, whilst checks on the server step are also security controls. |