JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 12875171
  • Score
    100M100P100Q216629F
  • License MIT

detect possibly catastrophic, exponential-time regular expressions

Package Exports

  • safe-regex

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (safe-regex) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

safe-regex

Detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1.

WARNING: This module has both false positives and false negatives. Use vuln-regex-detector for improved accuracy.

browser support

build status

Example

var safe = require('safe-regex');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));
$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

Methods

const safe = require('safe-regex')

const ok = safe(re, opts={})

Return a boolean ok whether or not the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If the re is a string and is an invalid regex, returns false.

  • opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

Install

With npm do:

npm install safe-regex

License

MIT