There are tons. The ones I most often see mentioned are: zod, io-ts, runtypes. I’m at the design stage of building yet another, not because the existing ones aren’t great, but because I have a different set of requirements that none really meet:
- Documentation-driven: types are defined by JSON Schema
- Automatically generated documentation (which you get for free with this design)
- Flexible API: some people prefer the io-ts FP style, others prefer try/catch; some prefer callable types, others prefer reference access for primitives like io-ts.
- Interfaces designed to integrate with an ecosystem of tools with a similar documentation-driven philosophy, for example an HTTP API library which automatically generates OpenAPI docs (which I’m also working on).
I don't think so? I actually looked for such functionality recently and couldn't find anything. Kaspersky uses a hypervisor to hook syscalls[0] in order to provide such functionality. There's also DTrace for Windows[1], but that requires being enabled through bcdedit which is a bit... meh.
I'm thinking of the win32k.sys filter, which, my Windows-literate friends inform me, only blocks a subset (a gnarly subset, but a subset still) of the total kernel attack surface; it's not a general-purpose filter.
