0
0
NestJSframework~10 mins

Whitelist and transform options in NestJS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Whitelist and transform options
Receive incoming request data
Apply ValidationPipe with options
Whitelist enabled?
Remove extra props
Pass validated and transformed data to handler
Response
Incoming data is checked by ValidationPipe; if whitelist is on, extra properties are removed; if transform is on, data types convert to expected classes before reaching the handler.
Execution Sample
NestJS
app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true }));

@Post()
create(@Body() dto: CreateUserDto) {
  return dto;
}
This code sets up a global validation pipe that removes extra properties and converts input to CreateUserDto instance.
Execution Table
StepIncoming DataWhitelist ActionTransform ActionResulting Data
1{"name":"Alice","age":"25","extra":"remove me"}Remove 'extra' propertyConvert 'age' from string '25' to number 25{"name":"Alice","age":25}
2{"name":"Bob","age":30}No extra properties to removeNo type conversion needed (age already number){"name":"Bob","age":30}
3{"name":"Eve","age":"not a number"}No extra properties to removeConversion fails, validation error thrownError: Validation failed
4{"name":"Mallory","age":40,"admin":true}Remove 'admin' propertyNo type conversion needed{"name":"Mallory","age":40}
ExitN/AProcessing stops on validation errorN/ARequest rejected if validation fails
💡 Execution stops if validation fails or after data is cleaned and transformed.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
requestBodyN/A{"name":"Alice","age":"25","extra":"remove me"}{"name":"Bob","age":30}{"name":"Eve","age":"not a number"}{"name":"Mallory","age":40,"admin":true}N/A
whitelistedDataN/A{"name":"Alice","age":"25"}{"name":"Bob","age":30}{"name":"Eve","age":"not a number"}{"name":"Mallory","age":40}N/A
transformedDataN/A{"name":"Alice","age":25}{"name":"Bob","age":30}Validation error{"name":"Mallory","age":40}N/A
Key Moments - 3 Insights
Why does the 'extra' property disappear from the data after validation?
Because whitelist: true removes any properties not defined in the DTO, as shown in execution_table step 1 and 4.
What happens if a property cannot be converted to the expected type during transform?
Validation fails and an error is thrown, stopping execution as shown in execution_table step 3.
Does transform convert data only if whitelist is enabled?
No, transform works independently; whitelist removes extra props, transform converts types, both can be enabled together as in the example.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 1, what is the type of 'age' after transformation?
Astring
Bnumber
Cboolean
Dundefined
💡 Hint
Check the 'Transform Action' and 'Resulting Data' columns at step 1.
At which step does the validation pipe reject the request due to a conversion error?
AStep 1
BStep 2
CStep 3
DStep 4
💡 Hint
Look for 'Validation error thrown' in the 'Transform Action' column.
If whitelist was set to false, what would happen to the 'extra' property in step 1?
AIt would remain in the data passed to the handler
BIt would cause a validation error
CIt would be removed anyway
DIt would be converted to a number
💡 Hint
Whitelist controls removal of extra properties; see execution_table step 1 for effect.
Concept Snapshot
ValidationPipe options:
- whitelist: true removes properties not in DTO
- transform: true converts input to DTO instances
Use together to clean and convert incoming data
Validation errors stop request processing
Configured globally or per-route
Full Transcript
In NestJS, the ValidationPipe can be configured with whitelist and transform options. When whitelist is true, any properties not defined in the DTO class are removed from the incoming data. When transform is true, the incoming plain data is converted into instances of the DTO class, including type conversions like string to number. This process happens before the controller method receives the data. If validation or transformation fails, the request is rejected with an error. This ensures the controller only works with clean, correctly typed data. The execution table shows examples of data before and after these steps, including when extra properties are removed and when type conversion succeeds or fails.