The Common Misconception
TypeScript improves developer confidence, but it does not validate runtime input. User input, third-party APIs, and queue payloads can all break assumptions.
Where Runtime Validation Matters Most
- Public API boundaries
- Webhook handlers
- Message queues
- Database writes
These are trust boundaries. Validate every one.
Recommended Pattern
Use schema-first validation at boundaries:
- Parse and validate input
- Return typed domain object
- Pass only validated data deeper
This keeps the rest of your app simpler and safer.
Error Design
Validation errors should be:
- Structured
- User-safe
- Actionable for developers
Avoid leaking internal stack details in user-facing responses.
Why This Improves Velocity
Good validation reduces:
- Unexpected production crashes
- Debugging time
- Defensive checks spread across code
It turns unknown bad states into known handled states.
Final Thought
TypeScript gives compile-time confidence. Runtime validation gives production confidence. You need both for reliable systems.