Joi

The most downloaded JavaScript object schema validation library. Chainable API for defining schemas that validate JavaScript objects — supports string patterns, number ranges, nested objects, arrays, conditional validation, custom validators, and human-readable error messages. Originally part of hapi.js framework, now standalone. Used extensively for API request/response validation in Node.js.

Evaluated Mar 06, 2026 (0d ago) v17.x
Homepage ↗ Repo ↗ Developer Tools validation schema joi hapi node object-validation typescript
⚙ Agent Friendliness
70
/ 100
Can an agent use this?
🔒 Security
98
/ 100
Is it safe for agents?
⚡ Reliability
90
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
88
Error Messages
90
Auth Simplicity
100
Rate Limits
100

🔒 Security

TLS Enforcement
100
Auth Strength
100
Scope Granularity
100
Dep. Hygiene
88
Secret Handling
100

BSD 3-Clause licensed. Input validation reduces injection attack surface. Local computation. Widely audited as part of hapi.js ecosystem.

⚡ Reliability

Uptime/SLA
100
Version Stability
90
Breaking Changes
82
Error Recovery
90
AF Security Reliability

Best When

You need battle-tested, highly configurable object validation for Node.js APIs with excellent error messages and minimal TypeScript requirements.

Avoid When

You're building TypeScript-first applications where schema-derived types matter — Zod is the modern choice. For browser forms, use Yup.

Use Cases

  • Validate API request bodies, headers, and query parameters in Express/Fastify/Hapi applications
  • Enforce data contracts at agent pipeline boundaries — validate data shape before processing
  • Validate configuration objects at agent startup with detailed error messages identifying invalid config keys
  • Build reusable validation schemas for shared domain objects across agent service boundaries
  • Validate environment variables with custom rules before application initialization

Not For

  • TypeScript-first projects needing schema-derived types — Zod provides better TypeScript inference; Joi TypeScript support requires @hapi/joi types
  • JSON Schema standard compliance — Joi has its own DSL; use Ajv for standard JSON Schema validation
  • Browser-side validation — Joi is Node.js optimized; Yup or Zod are better for browser/React form validation

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Local library — no authentication required. BSD 3-Clause licensed.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

BSD 3-Clause licensed. Zero cost.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • schema.validate() returns { error, value } not throwing — check for error object: const { error, value } = schema.validate(data); if (error) throw error
  • schema.validateAsync() returns Promise — for async custom validators use validateAsync(); synchronous validators work with validate()
  • abortEarly: true (default) stops at first error — set abortEarly: false for collecting all errors: schema.validate(data, { abortEarly: false })
  • Joi strips unknown keys by default depending on allowUnknown option — be explicit: schema.validate(data, { allowUnknown: true }) or .unknown(true) on schema
  • TypeScript types: @hapi/joi is the old package; current package is 'joi' with built-in TypeScript types via @types/joi — verify package name in package.json
  • Nested schema reuse: Joi schemas are immutable and composable — define base schemas and use .concat() or .keys() to extend without mutation

Alternatives

zod-api yup-api ajv-api valibot-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Joi.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5209
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered