Socket
Socket
Sign inDemoInstall

safe-regex

Package Overview
Dependencies
49
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.0.0 to 2.0.1

7

CHANGELOG.md

@@ -5,2 +5,9 @@ # v2

## v2.0.1
1. Fix parsing bug introduced during switch to regexp-tree.
Contributors:
- [davisjam](https://github.com/davisjam)
## v2.0.0

@@ -7,0 +14,0 @@

30

index.js

@@ -7,16 +7,20 @@ const regexpTree = require('regexp-tree');

let pattern = null;
if (isRegExp(re)) pattern = re.source;
else if (typeof re === 'string') pattern = re;
else pattern = String(re);
// Build an AST
let myRegExp = null;
let ast = null;
try {
ast = regexpTree.parse(pattern);
// Construct a RegExp object
if (re instanceof RegExp) {
myRegExp = re;
} else if (typeof re === 'string') {
myRegExp = new RegExp(re);
} else {
myRegExp = new RegExp(String(re));
}
// Build an AST
ast = regexpTree.parse(myRegExp);
} catch (err) {
try {
ast = regexpTree.parse(`/${pattern}/`); }
catch (err) {
return false;
}
// Invalid or unparseable input
return false;
}

@@ -48,5 +52,1 @@

};
function isRegExp (x) {
return {}.toString.call(x) === '[object RegExp]';
}

2

package.json
{
"name": "safe-regex",
"version": "2.0.0",
"version": "2.0.1",
"description": "detect possibly catastrophic, exponential-time regular expressions",

@@ -5,0 +5,0 @@ "main": "index.js",

3

test/regex.js

@@ -14,3 +14,4 @@ var safe = require('../');

'aaa',
'/^\d+(1337|404)*\d+$/'
'/^\d+(1337|404)*\d+$/',
'^@types/query-string'
];

@@ -17,0 +18,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc