Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

micromatch

Package Overview
Dependencies
Maintainers
3
Versions
69
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

micromatch - npm Package Versions

1
7

3.0.5

Diff

doowb
published 3.0.4 •

jonschlinkert
published 3.0.3 •

jonschlinkert
published 3.0.2 •

jonschlinkert
published 3.0.1 •

jonschlinkert
published 3.0.0 •

Changelog

Source

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

  • micromatch results are directly compared to bash results
  • in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
  • micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

Here are those sub-modules with links to related prs on those modules if you want to see how they contribute to this code:

nanomatch (new library) - glob expansion (*, **, ? and [...])) braces - brace expansion ({1..10}, {a,b,c}, etc) extglob - extended globs (!(a|b), @(!(foo|bar)), etc) expand-brackets - POSIX character classes [[:alpha:][:digit:]]

Added

  • source map support (optionally created when using parse or compile - I have no idea what the use case is yet, but they come for free) (note that source maps are not generated for brace expansion at present, since the braces compiler uses a different strategy. I'll update if/when this changes).
  • parser is exposed, so that implementors can customize or override specific micromatch parsers if necessary
  • compiler is exposed, so that implementors can customize or override specific micromatch compilers if necessary

Fixed

  • more accurate matching (passes 100% of Bash 4.3 of the brace expansion and extglob unit tests, as well as all Bash glob tests that are relevant to node.js usage, all minimatch tests, all brace-expansion tests, and also passes a couple of tests that bash fails)
  • even safer - micromatch has always generated optimized patterns so it's not subject to DoS exploits like minimatch (completely different than the regex DoS issue, minimatch and multimatch are still openly exposed to being used for DoS attacks), but more safeguards were built into this refactor

Changed

  • the public API of this library did not change in this version and should be safe to upgrade without changing implentor code. However, we have released this as a major version for the following reasons:
    • out of an abundance of caution due to the large amount of code changed in this release
    • we have improved parser accuracy to such a degree that some implementors using invalid globs have noted change in behavior. If this is the case for you, please check that you are using a valid glob expression before logging a bug with this library
jonschlinkert
published 2.3.11 •

jonschlinkert
published 2.3.10 •

jonschlinkert
published 2.3.9 •

jonschlinkert
published 2.3.8 •

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc