Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Generates regular expressions that match a set of strings.
regexgen
can be installed using npm:
npm install regexgen
The simplest use is to simply pass an array of strings to regexgen
:
const regexgen = require('regexgen');
regexgen(['foobar', 'foobaz', 'foozap', 'fooza']); // => /foo(?:zap?|ba[rz])/
You can also use the Trie
class directly:
const {Trie} = require('regexgen');
let t = new Trie;
t.add('foobar');
t.add('foobaz');
t.toRegExp(); // => /fooba[rz]/
regexgen
also has a simple CLI to generate regexes using inputs from the command line.
$ regexgen
Usage: regexgen [-gimuy] string1 string2 string3...
The optional first parameter is the flags to add
to the regex (e.g. -i
for a case insensitive match).
By default regexgen
will output a standard JavaScript regular expression, with Unicode codepoints converted into UCS-2 surrogate pairs.
If desired, you can request an ES2015-compatible Unicode regular expression by supplying the -u
flag, which results in those codepoints being retained.
$ regexgen 👩 👩💻 👩🏻💻 👩🏼💻 👩🏽💻 👩🏾💻 👩🏿💻
/\uD83D\uDC69(?:(?:\uD83C[\uDFFB-\uDFFF])?\u200D\uD83D\uDCBB)?/
$ regexgen -u 👩 👩💻 👩🏻💻 👩🏼💻 👩🏽💻 👩🏾💻 👩🏿💻
/\u{1F469}(?:[\u{1F3FB}-\u{1F3FF}]?\u200D\u{1F4BB})?/u
Such regular expressions are compatible with current versions of Node, as well as the latest browsers, and may be more transferrable to other languages.
Generate a Trie containing all of the input strings. This is a tree structure where each edge represents a single character. This removes redundancies at the start of the strings, but common branches further down are not merged.
A trie can be seen as a tree-shaped deterministic finite automaton (DFA), so DFA algorithms can be applied. In this case, we apply Hopcroft's DFA minimization algorithm to merge the nondistinguishable states.
Convert the resulting minimized DFA to a regular expression. This is done using
Brzozowski's algebraic method,
which is quite elegant. It expresses the DFA as a system of equations which can be solved
for a resulting regex. Along the way, some additional optimizations are made, such
as hoisting common substrings out of an alternation, and using character class ranges.
This produces an an Abstract Syntax Tree
(AST) for the regex, which is then converted to a string and compiled to a JavaScript
RegExp
object.
MIT
FAQs
Generate regular expressions that match a set of strings
We found that regexgen demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.