1. Router

Tanstack Router: Supports runtime validation libraries such as z0d. So I have routes such as example.com/viewer/$uuid/$number, it should 400 if those aren't actually validate uuid and numbers.

React Router: Supports Types, but every type is a string because, well, they technically are, but this isn't useful in practice in my opinion. There are 3rd party libs such as: https://github.com/fenok/react-router-typesafe-routes

2. API

Lets say you're making your API public to clients you can't trust to send the correct data ( which probably also includes your own client ).

https://www.npmjs.com/package/express-openapi-validator

This library advertises validating both your input and your output

3. State

https://github.com/pmndrs/zustand/discussions/1722

4. Database

https://www.npmjs.com/package/prisma-zod-generator

5. Forms

https://medium.com/@toukir.ahamed.pigeon/react-hook-form-wit...

6. ENV

https://jfranciscosousa.com/blog/validating-environment-vari...

Obviously checks on the agent are primarily a DX/UX thing, whilst checks on the server step are also security controls.