Testing & Code Quality
Type-Safe API Boundaries
TypeScript is strongest inside your codebase. Boundaries such as JSON, forms, URL params, localStorage, environment variables, and third-party libraries are unknown runtime data until validated.
- Boundary data should start as
unknown - Validation should happen once at the edge
- Wrappers contain unsafe interop
- Boundary tests are high value
- Types and schemas can drift
async function getJson(url: string): Promise<unknown> {
const res = await fetch(url)
if (!res.ok) throw new Error(`HTTP ${res.status}`)
return res.json()
}
const raw = await getJson("/api/user/u1")
const user = parseUser(raw)
// user is now trusted User inside the app.| Boundary | Risk | Protection |
|---|---|---|
| HTTP JSON | Shape changed or invalid | Schema/parser |
| Form input | Strings and missing fields | Field validation |
| URL params | Everything is string | Parse + validate |
| localStorage | Stale/manual data | Parser + fallback |
| env vars | Missing/malformed config | Startup validation |
| Untyped dependency | any spread | Small typed wrapper |