Why Valibot for an npm packument?

An npm package explorer or registry-mirror UI rendered in the browser cares about every KB at first paint. Valibot's tree-shaking gives a smaller bundle for the dynamic-key shapes (versions, time, dist-tags), with no semantic loss vs. Zod.

Will the dynamic versions / time keys validate?

Yes. They become v.record(...) of the per-version schema. dist-tags becomes v.record(v.string()).

Single-version or full packument?

Either. The full / packument gives a richer schema; the single-version variant is leaner. Generate from whichever endpoint your client fetches.

JSON→TypeScript

npm Registry Response to Valibot

Paste a npm registry JSON payload and get a Valibot v.object schema you can run inside your handler. Smaller bundle than Zod, same boundary guarantee — useful for Cloudflare Workers, Vercel Edge, and any runtime where bundle size matters.

JSON input valid

Valibot output

About this conversion

The npm packument has dynamic-key shapes (versions, time, dist-tags) and quietly grows fields across the registry's history. A parse at fetch time means dependency analyzers and mirror tools get an immediate validation error instead of a NoneType-style crash deep in the version walker.

An npm package explorer or registry-mirror UI rendered in the browser cares about every KB at first paint — Valibot's tree-shaking gives you a smaller bundle than Zod for the dynamic-key shape inside versions and time, with no semantic loss on a paste-and-validate flow. The output is a copy-paste-runnable v.object using the canonical namespace import (import * as v from "valibot"); only the primitives your shape actually uses (v.string, v.number, v.array, v.union, v.optional) get pulled in.

npm Registry Response to Valibot

About this conversion

Same shape, other validators

Other JSON shapes