Dynamic Validation vs Schema Based Validation
Two approaches to checking data: imperative runtime guards you hand-write versus a declared schema that validates and infers types for you. One scales, one rots.
The short answer
Schema Based Validation over Dynamic Validation for most cases. A schema is the single source of truth — it validates, documents, and (with Zod/Pydantic) types your data in one declaration.
- Pick Dynamic Validation if have a genuinely dynamic shape — user-defined fields, plugin payloads, or rules that depend on other runtime state a static schema can't express
- Pick Schema Based Validation if validating API requests, config, env vars, or DB rows — anything with a knowable shape. Which is almost everything
- Also consider: They aren't enemies. Define a schema as your baseline contract, then bolt dynamic refinements (Zod .refine, Pydantic validators) on top for the cross-field logic a declaration can't capture.
— Nice Pick, opinionated tool recommendations
What they actually are
Dynamic validation means imperative checks you write by hand at runtime: if not isinstance(x, int), throw; if email lacks an @, reject. The logic lives wherever you happen to need it. Schema based validation flips it — you declare the shape once (a Zod object, a Pydantic model, a JSON Schema) and a library enforces it, coerces it, and reports every violation at the boundary. The distinction isn't 'static vs runtime' — both run at runtime. It's declarative-and-centralized versus imperative-and-scattered. That difference sounds academic until you have forty endpoints and someone changes the user object. With a schema you edit one file. With hand-rolled checks you play whack-a-mole across the codebase, missing three, and shipping a bug to prod. The shape of your data is a contract; pick the approach that makes the contract a single artifact instead of folklore.
Where dynamic validation earns its keep
Don't let me oversell schemas — dynamic validation isn't always laziness. Some data has no static shape. A form builder where users define their own fields, a plugin system accepting arbitrary payloads, a rules engine where validity of field B depends on the runtime value of field A and a database lookup — a frozen schema can't express that. Cross-field conditionals ('shipping address required only if delivery is selected') and async checks ('is this username taken?') are inherently dynamic; you reach for code, not a declaration. The honest truth is that the best schema libraries already know this, which is why Zod has .refine() and .superRefine() and Pydantic has @model_validator. So 'dynamic validation' as a standalone philosophy is mostly a description of what you do when you haven't reached for a schema yet. It's a tool inside the schema approach, not a rival to it.
The maintenance tax
Here's where hand-rolled validation quietly bankrupts you. Every imperative check is a place rules can disagree. One handler trims the email, the next doesn't. One requires age >= 18, a sibling endpoint forgot. Nobody documents any of it, so the real contract lives in the heads of whoever wrote each route — and they left. There's no error aggregation either: dynamic checks usually bail on the first failure, so users fix one field, resubmit, hit the next, and rage. A schema validates the whole object and hands back every error at once. It also doubles as documentation and, with Zod or Pydantic, as your TypeScript/Python types — z.infer means your validator and your type can't drift, because they're the same line. Dynamic validation gives you none of that. It's the cheaper option for exactly one afternoon, then it compounds interest for the life of the project.
The verdict, no hedging
Schema based validation wins, and it isn't close for the cases you actually face. APIs, config files, environment variables, queue messages, database rows — all have a knowable shape, so all want a declared schema at the boundary. Use Zod in TypeScript, Pydantic in Python, and stop hand-writing isinstance ladders like it's 2014. The single-source-of-truth, infer-your-types, aggregate-every-error story is decisively better engineering. The only legitimate home for pure dynamic validation is genuinely runtime-shaped data — and even then you express it as schema refinements, not loose imperative checks scattered across handlers. So treat 'dynamic' as the escape hatch inside a schema-first world, never the default. If your instinct is to write a validation if-statement, ask why it isn't a field in your schema. Usually it should be. t. NicePick
Quick Comparison
| Factor | Dynamic Validation | Schema Based Validation |
|---|---|---|
| Source of truth | Scattered across handlers, drifts over time | One declared schema, single artifact |
| Type inference | None — types and checks drift apart | z.infer / Pydantic models stay in sync |
| Error aggregation | Usually bails on first failure | Reports every violation at once |
| Runtime/cross-field logic | Native — arbitrary code, async, lookups | Possible via .refine/validators, slightly verbose |
| Maintenance cost at scale | Compounds — whack-a-mole on every change | Edit one file, propagates everywhere |
The Verdict
Use Dynamic Validation if: You have a genuinely dynamic shape — user-defined fields, plugin payloads, or rules that depend on other runtime state a static schema can't express.
Use Schema Based Validation if: You're validating API requests, config, env vars, or DB rows — anything with a knowable shape. Which is almost everything.
Consider: They aren't enemies. Define a schema as your baseline contract, then bolt dynamic refinements (Zod .refine, Pydantic validators) on top for the cross-field logic a declaration can't capture.
Dynamic Validation vs Schema Based Validation: FAQ
Is Dynamic Validation or Schema Based Validation better?
Schema Based Validation is the Nice Pick. A schema is the single source of truth — it validates, documents, and (with Zod/Pydantic) types your data in one declaration. Dynamic validation scatters the same rules across handlers where they drift, contradict each other, and silently rot. Centralize the contract.
When should you use Dynamic Validation?
You have a genuinely dynamic shape — user-defined fields, plugin payloads, or rules that depend on other runtime state a static schema can't express.
When should you use Schema Based Validation?
You're validating API requests, config, env vars, or DB rows — anything with a knowable shape. Which is almost everything.
What's the main difference between Dynamic Validation and Schema Based Validation?
Two approaches to checking data: imperative runtime guards you hand-write versus a declared schema that validates and infers types for you. One scales, one rots.
How do Dynamic Validation and Schema Based Validation compare on source of truth?
Dynamic Validation: Scattered across handlers, drifts over time. Schema Based Validation: One declared schema, single artifact. Schema Based Validation wins here.
Are there alternatives to consider beyond Dynamic Validation and Schema Based Validation?
They aren't enemies. Define a schema as your baseline contract, then bolt dynamic refinements (Zod .refine, Pydantic validators) on top for the cross-field logic a declaration can't capture.
A schema is the single source of truth — it validates, documents, and (with Zod/Pydantic) types your data in one declaration. Dynamic validation scatters the same rules across handlers where they drift, contradict each other, and silently rot. Centralize the contract.
Related Comparisons
Disagree? nice@nicepick.dev