Using Omit<User, 'password'> is a practical approach because it ensures that sensitive fields like passwords are excluded while keeping the response type in sync with User.

If new fields are added, they will be included automatically, reducing the need for manual updates.

This helps maintain consistency and avoids duplicate type definitions. If a newly added field contains sensitive data, it should be explicitly omitted, which is a separate concern from using Omit.

This also depends upon requirement.

I have seen so many duplicate type definitions, just for 1-2 fields.