Package Exports

eslint-plugin-redos-detector
eslint-plugin-redos-detector/dist/eslint-plugin-redos-detector.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (eslint-plugin-redos-detector) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

eslint-plugin-redos-detector

An ESLint plugin that detects vulnerable regex using "RedosDetector". It processes all RegExp literals. I.e. /ab+c/ but not new RegExp('ab+c').

Installation

You'll first need to install ESLint:

npm i eslint --save-dev

Next, install eslint-plugin-redos-detector:

npm i --save-dev eslint-plugin-redos-detector

Usage

Add redos-detector to the plugins section of your .eslintrc configuration file.

{
  "plugins": ["redos-detector"]
}

Then configure the rule under the rules section.

{
  "rules": {
    "redos-detector/no-unsafe-regex": "error"
  }
}

Or do the following to provide options.

{
  "rules": {
    "redos-detector/no-unsafe-regex": [
      "error",
      {
        "ignoreError": true
      }
    ]
  }
}

Options

ignoreError: If true any error getting results be ignored. It's possible for the detection to fail with some patterns, or if the patten is malformed or uses unsupported features. See this doc for the type of errors. (Default: false)
maxSteps: See the option in this doc with the same name. (Default: See linked doc)
maxScore: See the option in this doc with the same name. (Default: See linked doc)
timeout: See the option in this doc with the same name. (Default: See linked doc)