If your schemas are received from untrusted sources (or generated from untrusted data) there are several scenarios you need to prevent: It is difficult to predict all the scenarios, but at the very least it may help to limit the size of untrusted schemas (e.g.limit JSON string length) and also the maximum schema object depth (that can be high for relatively small JSON strings).Ajv treats JSON schemas as trusted as your application code.This security model is based on the most common use case, when the schemas are static and bundled together with the application.You can define custom keywords with add Keyword method.Keywords are defined on the Several custom keywords (typeof, instanceof, range and property Names) are defined in ajv-keywords package - they can be used for your schemas and as a starting point for your own custom keywords. During asynchronous compilation remote references are loaded using supplied function. Example in REPL: https://tonicdev.com/esp/ajv-asynchronous-validation You can define custom formats and keywords that perform validation asynchronously by accessing database or some other service.It also introduces additional security aspects to consider.
The value of "$data" should be a JSON-pointer to the data (the root is always the top level data object, even if the $data reference is inside a referenced subschema) or a relative JSON-pointer (it is relative to the current point in data; if the $data reference is inside a referenced subschema it cannot point to the data outside of the root level for this subschema). This schema requires that the value in property to point to other schemas previously added to the Ajv instance or to the fragments of the current schema.Ajv compiles asynchronous schemas to es7 async functions that can optionally be transpiled with nodent.Async functions are supported in 7 and all modern browsers. Ajv version 6.0.0 that supports draft-07 is released.
Currently Ajv is the fastest and the most standard compliant validator according to these benchmarks: See API and Options for more details.
You should add in the keyword or format definition (see add Format, add Keyword and Defining custom keywords).