Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
safe-regex2
Advanced tools
Readme
detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1
This is a fork of https://github.com/substack/safe-regex at 1.1.0.
WARNING: This module has both false positives and false negatives. It is not meant as a full checker, but it detect basic cases.
var safe = require('safe-regex2');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));
$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true
var safe = require('safe-regex')
Return a boolean ok
whether or not the regex re
is safe and not possibly
catastrophic.
re
can be a RegExp
object or just a string.
If the re
is a string and is an invalid regex, returns false
.
opts.limit
- maximum number of allowed repetitions in the entire regex.
Default: 25
.With npm do:
npm install safe-regex2
MIT
FAQs
detect possibly catastrophic, exponential-time regular expressions
The npm package safe-regex2 receives a total of 1,257,343 weekly downloads. As such, safe-regex2 popularity was classified as popular.
We found that safe-regex2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.