safe-regex
Advanced tools
Comparing version 2.0.0 to 2.0.1
@@ -5,2 +5,9 @@ # v2 | ||
## v2.0.1 | ||
1. Fix parsing bug introduced during switch to regexp-tree. | ||
Contributors: | ||
- [davisjam](https://github.com/davisjam) | ||
## v2.0.0 | ||
@@ -7,0 +14,0 @@ |
30
index.js
@@ -7,16 +7,20 @@ const regexpTree = require('regexp-tree'); | ||
let pattern = null; | ||
if (isRegExp(re)) pattern = re.source; | ||
else if (typeof re === 'string') pattern = re; | ||
else pattern = String(re); | ||
// Build an AST | ||
let myRegExp = null; | ||
let ast = null; | ||
try { | ||
ast = regexpTree.parse(pattern); | ||
// Construct a RegExp object | ||
if (re instanceof RegExp) { | ||
myRegExp = re; | ||
} else if (typeof re === 'string') { | ||
myRegExp = new RegExp(re); | ||
} else { | ||
myRegExp = new RegExp(String(re)); | ||
} | ||
// Build an AST | ||
ast = regexpTree.parse(myRegExp); | ||
} catch (err) { | ||
try { | ||
ast = regexpTree.parse(`/${pattern}/`); } | ||
catch (err) { | ||
return false; | ||
} | ||
// Invalid or unparseable input | ||
return false; | ||
} | ||
@@ -48,5 +52,1 @@ | ||
}; | ||
function isRegExp (x) { | ||
return {}.toString.call(x) === '[object RegExp]'; | ||
} |
{ | ||
"name": "safe-regex", | ||
"version": "2.0.0", | ||
"version": "2.0.1", | ||
"description": "detect possibly catastrophic, exponential-time regular expressions", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -14,3 +14,4 @@ var safe = require('../'); | ||
'aaa', | ||
'/^\d+(1337|404)*\d+$/' | ||
'/^\d+(1337|404)*\d+$/', | ||
'^@types/query-string' | ||
]; | ||
@@ -17,0 +18,0 @@ |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
6466
99
0