Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
The randexp npm package is used to generate random strings that match a given regular expression. This can be useful for testing, generating mock data, or any scenario where you need random but structured strings.
Generate Random String from Regex
This feature allows you to generate a random string that matches a given regular expression. In this example, the generated string will match the pattern 'hello+ (world|to you)'.
const RandExp = require('randexp');
const randexp = new RandExp(/hello+ (world|to you)/);
console.log(randexp.gen());
Custom Randomness
You can customize the randomness by overriding the `randInt` method. In this example, the `randInt` method is overridden to always return the lower bound, making the output deterministic.
const RandExp = require('randexp');
const randexp = new RandExp(/hello+ (world|to you)/);
randexp.randInt = (a, b) => a; // Always return the lower bound
console.log(randexp.gen());
Using Flags
RandExp supports regex flags such as case insensitivity. In this example, the 'i' flag makes the regex case insensitive.
const RandExp = require('randexp');
const randexp = new RandExp(/hello+ (world|to you)/i); // Case insensitive
console.log(randexp.gen());
Faker is a popular library for generating fake data. While it doesn't generate strings based on regular expressions, it provides a wide range of methods for generating random data such as names, addresses, and phone numbers. It is more feature-rich in terms of the variety of data it can generate compared to randexp.
Chance is another library for generating random data. It offers a variety of random data generators, including strings, numbers, and even entire objects. Like Faker, it does not focus on regex-based string generation but provides a broader range of random data generation capabilities.
Xeger is a library specifically designed to generate strings that match a given regular expression, similar to randexp. It is a JavaScript port of the Java library Xeger and offers similar functionality to randexp, focusing on regex-based string generation.
randexp will generate a random string that matches a given RegExp Javascript object.
const RandExp = require('randexp');
// supports grouping and piping
new RandExp(/hello+ (world|to you)/).gen();
// => hellooooooooooooooooooo world
// sets and ranges and references
new RandExp(/<([a-z]\w{0,20})>foo<\1>/).gen();
// => <m5xhdg>foo<m5xhdg>
// wildcard
new RandExp(/random stuff: .+/).gen();
// => random stuff: l3m;Hf9XYbI [YPaxV>U*4-_F!WXQh9>;rH3i l!8.zoh?[utt1OWFQrE ^~8zEQm]~tK
// ignore case
new RandExp(/xxx xtreme dragon warrior xxx/i).gen();
// => xxx xtReME dRAGON warRiOR xXX
// dynamic regexp shortcut
new RandExp('(sun|mon|tue|wednes|thurs|fri|satur)day', 'i');
// is the same as
new RandExp(new RegExp('(sun|mon|tue|wednes|thurs|fri|satur)day', 'i'));
If you're only going to use gen()
once with a regexp and want slightly shorter syntax for it
const randexp = require('randexp').randexp;
randexp(/[1-6]/); // 4
randexp('great|good( job)?|excellent'); // great
If you miss the old syntax
require('randexp').sugar();
/yes|no|maybe|i don't know/.gen(); // maybe
Regular expressions are used in every language, every programmer is familiar with them. Regex can be used to easily express complex strings. What better way to generate a random string than with a language you can use to express the string you want?
Thanks to String-Random for giving me the idea to make this in the first place and randexp for the sweet .gen()
syntax.
The default generated character range includes printable ASCII. In order to add or remove characters,
a defaultRange
attribute is exposed. you can subtract(from, to)
and add(from, to)
const randexp = new RandExp(/random stuff: .+/);
randexp.defaultRange.subtract(32, 126);
randexp.defaultRange.add(0, 65535);
randexp.gen();
// => random stuff: 湐箻ໜ䫴㳸長���邓蕲뤀쑡篷皇硬剈궦佔칗븛뀃匫鴔事좍ﯣ⭼ꝏ䭍詳蒂䥂뽭
You can also change the default range by changing RandExp.prototype.defaultRange
.
The default randomness is provided by Math.random()
. If you need to use a seedable or cryptographic PRNG, you
can override RandExp.prototype.randInt
or randexp.randInt
(where randexp
is an instance of RandExp
). randInt(from, to)
accepts an inclusive range and returns a randomly selected number within that range.
Repetitional tokens such as *
, +
, and {3,}
have an infinite max range. In this case, randexp looks at its min and adds 100 to it to get a useable max value. If you want to use another int other than 100 you can change the max
property in RandExp.prototype
or the RandExp instance.
const randexp = new RandExp(/no{1,}/);
randexp.max = 1000000;
With RandExp.sugar()
const regexp = /(hi)*/;
regexp.max = 1000000;
There are some regular expressions which can never match any string.
Ones with badly placed positionals such as /a^/
and /$c/m
. Randexp will ignore positional tokens.
Back references to non-existing groups like /(a)\1\2/
. Randexp will ignore those references, returning an empty string for them. If the group exists only after the reference is used such as in /\1 (hey)/
, it will too be ignored.
Custom negated character sets with two sets inside that cancel each other out. Example: /[^\w\W]/
. If you give this to randexp, it will return an empty string for this set since it can't match anything.
Use generators to populate JSON Schema samples. See: jsf on github and jsf demo page.
npm install randexp
Download the minified version from the latest release.
Tests are written with mocha
npm test
RandExp includes TypeScript definitions.
import * as RandExp from "randexp";
const randexp = new RandExp(/[a-z]{6}/);
randexp.gen();
Use dtslint to check the definition file.
npm install -g dtslint
npm run dtslint
FAQs
Create random strings that match a given regular expression.
The npm package randexp receives a total of 2,792,192 weekly downloads. As such, randexp popularity was classified as popular.
We found that randexp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.