Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

safe-regex2

Package Overview
Dependencies
Maintainers
9
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

safe-regex2

detect possibly catastrophic, exponential-time regular expressions

  • 4.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2.1M
increased by12.68%
Maintainers
9
Weekly downloads
 
Created
Source

safe-regex2

detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1

This is a fork of https://github.com/substack/safe-regex at 1.1.0.

WARNING: This module has both false positives and false negatives. It is not meant as a full checker, but it detect basic cases.

example

var safe = require('safe-regex2');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));
$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

methods

var safe = require('safe-regex')

var ok = safe(re, opts={})

Return a boolean ok whether or not the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If the re is a string and is an invalid regex, returns false.

  • opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

install

With npm do:

npm install safe-regex2

license

MIT

Keywords

FAQs

Package last updated on 12 Jul 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc