Socket
Socket
Sign inDemoInstall

semver-regex

Package Overview
Dependencies
0
Maintainers
1
Versions
16
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

    semver-regex

Regular expression for matching semver versions


Version published
Maintainers
1
Install size
4.17 kB
Created

Package description

What is semver-regex?

The semver-regex npm package provides a regular expression for matching semantic versioning (semver) strings. Semantic versioning is a versioning scheme for software that conveys meaning about the underlying changes. The semver-regex package allows users to easily validate and extract semver strings from text.

What are semver-regex's main functionalities?

Validation of semver strings

This feature allows you to test if a string is a valid semantic version. The code sample demonstrates how to use the semver-regex package to validate a correct semver string ('1.0.0') and an incorrect one ('1.0').

const semverRegex = require('semver-regex');
console.log(semverRegex().test('1.0.0')); // true
console.log(semverRegex().test('1.0')); // false

Extraction of semver strings

This feature allows you to extract a semver string from a larger piece of text. The code sample shows how to use the semver-regex package to find and extract the first semver string from a given text.

const semverRegex = require('semver-regex');
const text = 'The latest version is 3.2.1.';
console.log(text.match(semverRegex())[0]); // '3.2.1'

Other packages similar to semver-regex

Readme

Source

semver-regex

Regular expression for matching semver versions

Install

npm install semver-regex

Usage

import semverRegex from 'semver-regex';

semverRegex().test('v1.0.0');
//=> true

semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow');
//=> true

semverRegex().exec('unicorn 1.0.0 rainbow')[0];
//=> '1.0.0'

'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex());
//=> ['1.0.0', '2.1.3']

Important

If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also give it a timeout.

I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input. However, I'm happy to accept pull requests to improve the regex.

  • find-versions - Find semver versions in a string
  • latest-semver - Get the latest stable semver version from an array of versions
  • to-semver - Get an array of valid, sorted, and cleaned semver versions from an array of strings
  • semver-diff - Get the diff type of two semver versions: 0.0.1 0.0.2patch
  • semver-truncate - Truncate a semver version: 1.2.31.2.0

Keywords

FAQs

Last updated on 08 Jun 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc