Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah GoodingΒ - Β May 09, 2025
π Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more β
eslint-plugin-regexp
Advanced tools
eslint-plugin-regexp
ESLint plugin for finding RegExp mistakes and RegExp style guide violations.
What is eslint-plugin-regexp?
eslint-plugin-regexp is an ESLint plugin that provides linting rules for regular expressions. It helps developers write more efficient, readable, and secure regular expressions by catching common mistakes and suggesting improvements.
What are eslint-plugin-regexp's main functionalities?
No Unnecessary Escape
This rule disallows unnecessary escape characters in regular expressions. In the example, the backslash before the dot is unnecessary and should be removed.
/* eslint regexp/no-useless-escape: 'error' */
const regex = /\./;No Obscure Character Class
This rule disallows obscure character class ranges that can be confusing or error-prone. In the example, the character class is clear and does not contain obscure ranges.
/* eslint regexp/no-obscure-range: 'error' */
const regex = /[a-zA-Z]/;No Unnecessary Quantifier
This rule disallows unnecessary quantifiers in regular expressions. In the example, the quantifier {1} is unnecessary and should be removed.
/* eslint regexp/no-useless-quantifier: 'error' */
const regex = /a{1}/;No Empty Character Class
This rule disallows empty character classes in regular expressions. In the example, the character class is empty and should be corrected.
/* eslint regexp/no-empty-character-class: 'error' */
const regex = /[]/;Other packages similar to eslint-plugin-regexp
eslint-plugin-security
eslint-plugin-security is an ESLint plugin that helps identify potential security issues in JavaScript code. While it covers a broader range of security concerns, it includes some rules related to regular expressions, such as detecting potential ReDoS (Regular Expression Denial of Service) vulnerabilities. It is more general in scope compared to eslint-plugin-regexp.
eslint-plugin-unicorn
eslint-plugin-unicorn is a collection of various ESLint rules aimed at improving code quality and consistency. It includes some rules for regular expressions, such as preventing potential ReDoS attacks and suggesting more readable patterns. However, it is not as focused on regular expressions as eslint-plugin-regexp.
Introduction
eslint-plugin-regexp is ESLint plugin for finding RegExp mistakes and RegExp style guide violations.
:name_badge: Features
This ESLint plugin provides linting rules relate to better ways to help you avoid problems when using RegExp.
- Find the wrong usage of regular expressions, and their hints.
- Enforces a consistent style of regular expressions.
- Find hints for writing optimized regular expressions.
- 80 plugin rules for regular expression syntax and features.
You can check on the Online DEMO.
:book: Documentation
See documents.
:cd: Installation
npm install --save-dev eslint eslint-plugin-regexp
Requirements
- ESLint v8.44.0 and above
- Node.js v18.x, v20.x and above
:book: Usage
Add regexp to the plugins section of your eslint.config.js or .eslintrc configuration file (you can omit the eslint-plugin- prefix)
and either use one of the two configurations available (recommended or all) or configure the rules you want:
The recommended configuration (New Config)
The plugin.configs["flat/recommended"] config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
// eslint.config.js
import * as regexpPlugin from "eslint-plugin-regexp"
export default [
regexpPlugin.configs["flat/recommended"],
];
The recommended configuration (Legacy Config)
The plugin:regexp/recommended config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
// .eslintrc.js
module.exports = {
"plugins": [
"regexp"
],
"extends": [
// add more generic rulesets here, such as:
// 'eslint:recommended',
"plugin:regexp/recommended"
]
}
Advanced Configuration
Override/add specific rules configurations. See also: http://eslint.org/docs/user-guide/configuring.
// eslint.config.js
import * as regexpPlugin from "eslint-plugin-regexp"
export default [
{
plugins: { regexp: regexpPlugin },
rules: {
// Override/add rules settings here, such as:
"regexp/rule-name": "error"
}
}
];
// .eslintrc.js
module.exports = {
"plugins": [
"regexp"
],
"rules": {
// Override/add rules settings here, such as:
"regexp/rule-name": "error"
}
}
Using the all configuration
The plugin.configs["flat/all"] / plugin:regexp/all config enables all rules. It's meant for testing, not for production use because it changes with every minor and major version of the plugin. Use it at your own risk.
See lib/configs/rules/all.ts for more details.
:white_check_mark: Rules
πΌ Configurations enabled in.
β οΈ Configurations set to warn in.
π’ Set in the flat/recommended configuration.
π΅ Set in the recommended configuration.
π§ Automatically fixable by the --fix CLI option.
π‘ Manually fixable by editor suggestions.
Possible Errors
| NameΒ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β | Description | πΌ | β οΈ | π§ | π‘ |
|---|---|---|---|---|---|
| no-contradiction-with-assertion | disallow elements that contradict assertions | π’ π΅ | π‘ | ||
| no-control-character | disallow control characters | π‘ | |||
| no-dupe-disjunctions | disallow duplicate disjunctions | π’ π΅ | π‘ | ||
| no-empty-alternative | disallow alternatives without elements | π’ π΅ | π‘ | ||
| no-empty-capturing-group | disallow capturing group that captures empty. | π’ π΅ | |||
| no-empty-character-class | disallow character classes that match no characters | π’ π΅ | |||
| no-empty-group | disallow empty group | π’ π΅ | |||
| no-empty-lookarounds-assertion | disallow empty lookahead assertion or empty lookbehind assertion | π’ π΅ | |||
| no-escape-backspace | disallow escape backspace ([\b]) | π’ π΅ | π‘ | ||
| no-invalid-regexp | disallow invalid regular expression strings in RegExp constructors | π’ π΅ | |||
| no-lazy-ends | disallow lazy quantifiers at the end of an expression | π’ π΅ | π‘ | ||
| no-misleading-capturing-group | disallow capturing groups that do not behave as one would expect | π’ π΅ | π‘ | ||
| no-misleading-unicode-character | disallow multi-code-point characters in character classes and quantifiers | π’ π΅ | π§ | π‘ | |
| no-missing-g-flag | disallow missing g flag in patterns used in String#matchAll and String#replaceAll | π’ π΅ | π§ | ||
| no-optional-assertion | disallow optional assertions | π’ π΅ | |||
| no-potentially-useless-backreference | disallow backreferences that reference a group that might not be matched | π’ π΅ | |||
| no-super-linear-backtracking | disallow exponential and polynomial backtracking | π’ π΅ | π§ | ||
| no-super-linear-move | disallow quantifiers that cause quadratic moves | ||||
| no-useless-assertions | disallow assertions that are known to always accept (or reject) | π’ π΅ | π‘ | ||
| no-useless-backreference | disallow useless backreferences in regular expressions | π’ π΅ | |||
| no-useless-dollar-replacements | disallow useless $ replacements in replacement string | π’ π΅ | |||
| strict | disallow not strictly valid regular expressions | π’ π΅ | π§ | π‘ |
Best Practices
| NameΒ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β | Description | πΌ | β οΈ | π§ | π‘ |
|---|---|---|---|---|---|
| confusing-quantifier | disallow confusing quantifiers | π’ π΅ | |||
| control-character-escape | enforce consistent escaping of control characters | π’ π΅ | π§ | ||
| negation | enforce use of escapes on negation | π’ π΅ | π§ | ||
| no-dupe-characters-character-class | disallow duplicate characters in the RegExp character class | π’ π΅ | π§ | ||
| no-empty-string-literal | disallow empty string literals in character classes | π’ π΅ | |||
| no-extra-lookaround-assertions | disallow unnecessary nested lookaround assertions | π’ π΅ | π§ | ||
| no-invisible-character | disallow invisible raw character | π’ π΅ | π§ | ||
| no-legacy-features | disallow legacy RegExp features | π’ π΅ | |||
| no-non-standard-flag | disallow non-standard flags | π’ π΅ | |||
| no-obscure-range | disallow obscure character ranges | π’ π΅ | |||
| no-octal | disallow octal escape sequence | π‘ | |||
| no-standalone-backslash | disallow standalone backslashes (\) | ||||
| no-trivially-nested-assertion | disallow trivially nested assertions | π’ π΅ | π§ | ||
| no-trivially-nested-quantifier | disallow nested quantifiers that can be rewritten as one quantifier | π’ π΅ | π§ | ||
| no-unused-capturing-group | disallow unused capturing group | π’ π΅ | π§ | π‘ | |
| no-useless-character-class | disallow character class with one character | π’ π΅ | π§ | ||
| no-useless-flag | disallow unnecessary regex flags | π’ π΅ | π§ | ||
| no-useless-lazy | disallow unnecessarily non-greedy quantifiers | π’ π΅ | π§ | ||
| no-useless-quantifier | disallow quantifiers that can be removed | π’ π΅ | π§ | π‘ | |
| no-useless-range | disallow unnecessary character ranges | π’ π΅ | π§ | ||
| no-useless-set-operand | disallow unnecessary elements in expression character classes | π’ π΅ | π§ | ||
| no-useless-string-literal | disallow string disjunction of single characters in \q{...} | π’ π΅ | π§ | ||
| no-useless-two-nums-quantifier | disallow unnecessary {n,m} quantifier | π’ π΅ | π§ | ||
| no-zero-quantifier | disallow quantifiers with a maximum of zero | π’ π΅ | π‘ | ||
| optimal-lookaround-quantifier | disallow the alternatives of lookarounds that end with a non-constant quantifier | π’ π΅ | π‘ | ||
| optimal-quantifier-concatenation | require optimal quantifiers for concatenated quantifiers | π’ π΅ | π§ | ||
| prefer-escape-replacement-dollar-char | enforces escape of replacement $ character ($$). | ||||
| prefer-predefined-assertion | prefer predefined assertion over equivalent lookarounds | π’ π΅ | π§ | ||
| prefer-quantifier | enforce using quantifier | π§ | |||
| prefer-range | enforce using character class range | π’ π΅ | π§ | ||
| prefer-regexp-exec | enforce that RegExp#exec is used instead of String#match if no global flag is provided | ||||
| prefer-regexp-test | enforce that RegExp#test is used instead of String#match and RegExp#exec | π§ | |||
| prefer-set-operation | prefer character class set operations instead of lookarounds | π’ π΅ | π§ | ||
| require-unicode-regexp | enforce the use of the u flag | π§ | |||
| require-unicode-sets-regexp | enforce the use of the v flag | π§ | |||
| simplify-set-operations | require simplify set operations | π’ π΅ | π§ | ||
| sort-alternatives | sort alternatives if order doesn't matter | π§ | |||
| use-ignore-case | use the i flag if it simplifies the pattern | π’ π΅ | π§ |
Stylistic Issues
| NameΒ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β | Description | πΌ | β οΈ | π§ | π‘ |
|---|---|---|---|---|---|
| grapheme-string-literal | enforce single grapheme in string literal | ||||
| hexadecimal-escape | enforce consistent usage of hexadecimal escape | π§ | |||
| letter-case | enforce into your favorite case | π§ | |||
| match-any | enforce match any character style | π’ π΅ | π§ | ||
| no-useless-escape | disallow unnecessary escape characters in RegExp | π’ π΅ | π§ | ||
| no-useless-non-capturing-group | disallow unnecessary non-capturing group | π’ π΅ | π§ | ||
| prefer-character-class | enforce using character class | π’ π΅ | π§ | ||
| prefer-d | enforce using \d | π’ π΅ | π§ | ||
| prefer-lookaround | prefer lookarounds over capturing group that do not replace | π§ | |||
| prefer-named-backreference | enforce using named backreferences | π§ | |||
| prefer-named-capture-group | enforce using named capture groups | ||||
| prefer-named-replacement | enforce using named replacement | π§ | |||
| prefer-plus-quantifier | enforce using + quantifier | π’ π΅ | π§ | ||
| prefer-question-quantifier | enforce using ? quantifier | π’ π΅ | π§ | ||
| prefer-result-array-groups | enforce using result array groups | π§ | |||
| prefer-star-quantifier | enforce using * quantifier | π’ π΅ | π§ | ||
| prefer-unicode-codepoint-escapes | enforce use of unicode codepoint escapes | π’ π΅ | π§ | ||
| prefer-w | enforce using \w | π’ π΅ | π§ | ||
| sort-character-class-elements | enforces elements order in character class | π§ | |||
| sort-flags | require regex flags to be sorted | π’ π΅ | π§ | ||
| unicode-escape | enforce consistent usage of unicode escape or unicode codepoint escape | π§ | |||
| unicode-property | enforce consistent naming of unicode properties | π§ |
Removed
- :no_entry: These rules have been removed in a previous major release, after they have been deprecated for a while.
:gear: Settings
See Settings.
:traffic_light: Semantic Versioning Policy
eslint-plugin-regexp follows Semantic Versioning and ESLint's Semantic Versioning Policy.
:beers: Contributing
Welcome contributing!
Please use GitHub's Issues/PRs.
See CONTRIBUTING.md.
Development Tools
npm testruns tests and measures coverage.npm run updateruns in order to update readme and recommended configuration.npm run new [new rule name]runs to create the files needed for the new rule.npm run docs:watchstarts the website locally.
:lock: License
See the LICENSE file for license rights and limitations (MIT).
FAQs
ESLint plugin for finding RegExp mistakes and RegExp style guide violations.
The npm package eslint-plugin-regexp receives a total of 0 weekly downloads. As such, eslint-plugin-regexp popularity was classified as not popular.
We found that eslint-plugin-regexp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 2 open source maintainers collaborating on the project.
Package last updated on 15 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush PandyaΒ - Β May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill BoychenkoΒ - Β May 07, 2025