Ajv is a fast JSON schema validator for Node.js and browsers. It supports JSON Schema draft-04/06/07/2019-09/2020-12 and JSON Type Definition (RFC8927), useful for validating JSON data against schema definitions.
Project status
- The ajv-validator/ajv GitHub source appears actively maintained, with multiple tagged version updates in 2026 and a recent upstream push on 2026-05-12.
- Update cadence looks steady but somewhat bursty, with v8.18.0 on 2026-02-14, followed by v8.19.0 and v8.20.0 both on 2026-04-24 (suggesting a short release cluster after an earlier interval).
AI summary generated Today
Recent updates
v8.20.0
1 month agov8.20.0 updates ajv to support newer Node.js runtimes (adding Node 22 and 24 support) and adjusts TypeScript lib settings to cover ES2022 RegExp features used by RegExpIndicesArray. The release notes only mention these two items, but the diff also includes repository build/test configuration changes.
Breakingv8.19.0
1 month agov8.19.0 ships a security fix for prototype pollution related to the `$data` feature when resolving the `format` keyword. The change ensures format-name lookups do not allow `Object.prototype` properties to interfere with validation, with accompanying regression tests.
Securityv8.18.0
3 months agov8.18.0 adds `sideEffects: false` to the package metadata, updates documentation, and includes two functional fixes: special numeric serialization for JTD and a ReDoS mitigation for `$data`-driven `pattern`. The code changes reveal additional behavior that is not fully captured by the release notes, especially around the default handling of `Infinity`/`NaN` and how invalid `$data` patterns are handled at runtime.
SecurityFeaturesv8.17.1
7/12/2024v8.17.1 appears to be a patch release that only bumps the package version to 8.17.1. Based on the provided diff, there are no code changes beyond updating package.json.
v8.17.0
7/10/2024v8.17.0 switches Ajv's internal URI parsing and resolution from uri-js to fast-uri, and adds coverage for resolving $ref values that contain encoded characters. The release notes describe this as the only functional change, alongside some lint and documentation adjustments.
Breakingv8.16.0
6/4/2024v8.16.0 changes Ajv's URI handling by swapping the embedded URI implementation from fast-uri to uri-js across compile-time types, resolution logic, runtime URI utilities, docs, and tests. Although the release notes say it “revert[s] fast-uri change”, the actual diff indicates the opposite of a fast-uri revert, with fast-uri removed from runtime dependencies and uri-js becoming the default.
Breakingv8.15.0
6/3/2024v8.15.0 switches AJV’s built-in URI handling from `uri-js` to `fast-uri`. The runtime, compiler resolution, and related TypeScript types were updated to import `fast-uri`, and the dependency list was adjusted accordingly.
Breakingv8.14.0
5/25/2024Release v8.14.0 includes documentation improvements (maxLength/minLength warning), CI workflow updates, and a fix related to the discriminator keyword when schemas use external $refs. The core code change improves how ajv resolves $refs for discriminator oneOf entries and adds coverage for both compile and compileAsync paths.
v8.13.0
4/29/2024v8.13.0 is primarily a tooling and packaging update, adding named exports for the main Ajv entry points and bumping dependency versions. The release notes are minimal, so the diff needs closer inspection for any behavioral changes that could affect consumers.
Featuresv8.12.0
1/3/2023v8.12.0 focuses on JTD correctness fixes in the compiler and serializer, plus related improvements to TypeScript JTD schema typings. The release notes highlight empty schema handling (notably JTD values), discriminator behavior for objects with many properties, and correct narrowing from JTD number to integer, alongside an update to CI Node versions.
Breaking