Guides

Last updated

July 20, 2025

5 Ways to Implement an Email Validator with npm

Nicolas Rios

Table of Contents:

ON THIS PAGE

Heading

Get your free

email validation

API key now

4.8 from 1,863 votes

See why the best developers build on Abstract

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

No credit card required

Validating email addresses is a key step for data integrity in any npm project. We will walk through three common methods for building an email validator, providing working code for each. Then, we'll examine the shortcomings of these approaches and see how Abstract API offers a more robust solution.

How to Implement an Email Validator in npm

Here are three common methods to build an email validator in your npm project. Each approach has a different level of complexity and provides a distinct type of validation.

Syntax-Only Check with validator.js

The validator.js package offers a straightforward way to check email syntax. It relies on regular expressions that the library refines for over a decade to stay current with RFC 5322 edge cases.

This package has zero dependencies and is tree-shakeable, which makes it simple to integrate into any project. Because it performs simple string mathematics, it achieves a high throughput of over one million operations per second under V8.

The code imports the "isEmail" function from the library. It then passes an email address to this function, which returns a boolean value that indicates if the syntax is correct.

npm i validator
import isEmail from 'validator/lib/isEmail';
const ok = isEmail('user@example.com'); // boolean

Syntax and DNS MX Verification with node-email-verifier

The node-email-verifier package performs a two-step validation. First, it runs a pattern match based on RFC-5322 standards to check the email's format.

Next, it executes a "dns.resolveMx" command. This action confirms that the domain has a mail exchange record and can actually accept mail. An optional "timeout" flag protects your event loop from slow DNS responses. The package also provides a fast path with "checkMx:false" if you only need a syntax check.

The code imports the "verify" function. It then calls this function with the email address and an options object to check for an MX record with a one-second timeout.

npm i node-email-verifier
import verify from 'node-email-verifier';
const ok = await verify('user@example.com', { checkMx: true, timeout: 1000 });

A Custom Build with DNS and SMTP

This do-it-yourself method provides full control over the validation process. It involves a sequence of checks. First, you perform a regex pass on the email address. You can reuse validator.js for this or implement a custom pattern.

The second step is an MX lookup. The code uses "dns/promises" to resolve the domain's MX records. The final step is an SMTP probe to the mail server. The code connects to the server and sends a sequence of commands like "HELO", "MAIL FROM", and "RCPT TO".

It does not send any actual email data. Instead, it listens for a response code from the server, such as "250" for success or "550" for failure, to determine if the recipient is valid. This approach can be wrapped in a worker pool to avoid any block on Node’s single thread.

// 1. Regex pass (reuse validator.js or your custom pattern).

// 2. MX lookup:
import {resolveMx} from 'dns/promises';
const mx = await resolveMx(domain);

// 3. SMTP “RCPT TO” probe (don’t send DATA):
import net from 'net';
const sock = net.createConnection(25, mx[0].exchange);
sock.write('HELO example.com\r\n');
sock.write('MAIL FROM:<noreply@example.com>\r\n');
sock.write('RCPT TO:<user@example.com>\r\n');
// look for 250 or 550 response codes.

Challenges of Email Validation in npm

Despite the availability of several methods, developers face significant hurdles. These range from complex email standards and evolving domain names to security risks within the npm ecosystem.

Email standards like RFC 5322 are complex and sometimes conflict. Libraries such as validator.js simplify this with a single regex, which creates gaps. For example, it may incorrectly handle extended-ASCII characters even with specific flags disabled.
Regex-based tools like validator.js struggle with edge cases such as dotted local parts or quoted strings. A small tweak to the regex can break other valid formats, which forces maintainers to constantly patch the code to fix new issues.
The internet constantly evolves with new top-level domains and international characters. Packages that perform DNS checks, like node-email-verifier, can become outdated. They may silently fail on new domains, which breaks user signups while all tests still pass.
The npm ecosystem contains malicious look-alike packages that mimic legitimate validators. These packages can hide preinstall hooks to execute supply-chain attacks. A compromised validator dependency can expose your entire continuous integration environment to significant security threats.

Validate Emails with Abstract API

Add our email validation API to your project to maintain clean data and improve deliverability.

Get started for free

How Abstract API Improves npm Email Validation

Unlike regex-only packages, Abstract API addresses the core weaknesses of traditional validation. It layers multiple real-time checks to confirm an email address actually exists and can receive mail.

It layers multiple tests that include syntax checks, typo autocorrect, and lookups for disposable, free, or role-based domains. It also adds MX record resolution, a real-time SMTP handshake, and catch-all detection.
The heavy DNS and SMTP work runs on Abstract's infrastructure. This keeps Node processes non-blocking and removes the need to open ports or manage large domain lists.
Continuous daily and weekly feed updates mean the validation logic remains current. This process reduces the frequency of production redeploys.
The normalized and versioned JSON response simplifies upgrades. It also lets you centralize logs and alerts around deliverability or risk scores.

How to Add Abstract API to Your Dev Environment

Once you understand Abstract's capabilities, the addition of its email validator API to your project is simple.

Use npm to install an HTTP client like Axios and the dotenv package.
Sign in at Abstract API, create an Email Verification key, and copy it.
Add your API key to a .env file and ensure you load dotenv early in your application.
Create a dedicated module to contain the API call logic.
Import the new verification function wherever your application accepts emails.
Use the response data to gate user journeys based on deliverability and a quality score you define.

Sample Email Validator Implementation with Abstract API

The following function demonstrates a call to the Abstract API email validation endpoint. It accepts an email address as a parameter, sends it to the API along with your key, and returns a structured JSON object. This response contains a comprehensive breakdown of the email's validity.

For a valid address like "johnsmith@gmail.com", the API returns a detailed response:

The "deliverability" field provides a clear allow or block signal. You can use "quality_score" to flag borderline cases for review. The various "is_*_email" flags permit deeper segmentation or trigger additional verification steps. Finally, the "autocorrect" field suggests a fix for common user typos to improve conversions.

Final Thoughts

Simple regex checks often fail to detect invalid domains or disposable addresses, which leads to high bounce rates. Abstract API solves this with a multi-layered approach that includes real-time SMTP handshakes and domain checks. To reliably validate user emails, you can create an Abstract API account and get your free API key.

Frequently Asked Questions

What is an email validator in npm and how does it work?

An npm email validator is a Node.js package that checks whether an email address is valid before you accept it in your application. Packages like validator.js perform syntax checks against RFC 5322 rules, while more advanced packages like node-email-verifier also check DNS MX records to confirm the domain can actually receive mail.

What is the difference between validator.js and node-email-verifier?

validator.js is a lightweight, zero-dependency package that checks only email syntax using regex patterns, achieving over one million operations per second. node-email-verifier goes further by combining regex matching with a live DNS MX record lookup, so it can catch valid-looking addresses on domains that cannot actually receive email.

Why is regex alone not enough to validate emails in Node.js?

Email addresses allow edge cases such as dotted local parts and quoted strings that reliably break most regex patterns. RFC 5322 itself contains conflicting rules, and the growth of new TLDs and international characters means any static regex can quickly become outdated, leaving real addresses rejected or fake ones accepted.

Can npm email validator packages detect disposable or throwaway email addresses?

Standard npm packages like validator.js and node-email-verifier do not detect disposable email providers. Detecting throwaway addresses requires a continuously updated blocklist or an API service like Abstract's Email Validation API, which adds disposable email detection on top of syntax and DNS checks.

When should I use Abstract's Email Validation API instead of a standalone npm package?

Use an API when you need multi-layer validation beyond what local packages offer: typo autocorrect, disposable email detection, SMTP handshakes, and catch-all domain identification. Abstract's Email Validation API returns a quality score and deliverability status for each address, making it a better fit for production sign-up flows where invalid addresses carry a real cost.

Are there security risks when installing email validator packages from npm?

Yes. The npm ecosystem contains malicious lookalike packages designed to mimic popular libraries as supply-chain attack vectors. Always verify the exact package name, check the download count and repository before installing, and prefer well-maintained packages with a clear audit trail to reduce exposure to this risk.