semver-regex
Advanced tools
Supply Chain Security
Vulnerability
Quality
Maintenance
License
The semver-regex npm package provides a regular expression for matching semantic versioning (semver) strings. Semantic versioning is a versioning scheme for software that conveys meaning about the underlying changes. The semver-regex package allows users to easily validate and extract semver strings from text.
Validation of semver strings
This feature allows you to test if a string is a valid semantic version. The code sample demonstrates how to use the semver-regex package to validate a correct semver string ('1.0.0') and an incorrect one ('1.0').
const semverRegex = require('semver-regex');
console.log(semverRegex().test('1.0.0')); // true
console.log(semverRegex().test('1.0')); // falseExtraction of semver strings
This feature allows you to extract a semver string from a larger piece of text. The code sample shows how to use the semver-regex package to find and extract the first semver string from a given text.
const semverRegex = require('semver-regex');
const text = 'The latest version is 3.2.1.';
console.log(text.match(semverRegex())[0]); // '3.2.1'The semver package is a more comprehensive tool for working with semantic versions. It not only validates semver strings but also compares them, sorts them, and can increment version numbers according to the semver specification. It offers a richer API compared to the simple regex matching of semver-regex.
The compare-versions package allows you to compare semver strings to determine which is greater, equal, or less. It provides a simple comparison function rather than regex-based validation, focusing on the ordering of versions rather than pattern matching.
Regular expression for matching semver versions
npm install semver-regex
import semverRegex from 'semver-regex';
semverRegex().test('v1.0.0');
//=> true
semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow');
//=> true
semverRegex().exec('unicorn 1.0.0 rainbow')[0];
//=> '1.0.0'
'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex());
//=> ['1.0.0', '2.1.3']
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also give it a timeout.
I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input. However, I'm happy to accept pull requests to improve the regex.
0.0.1 0.0.2 → patch1.2.3 → 1.2.0FAQs
Regular expression for matching semver versions
The npm package semver-regex receives a total of 3,900,131 weekly downloads. As such, semver-regex popularity was classified as popular.
We found that semver-regex demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
Research
Security News
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
Security News
TC39 advances 9 JavaScript proposals, including Array.fromAsync, Error.isError, and Explicit Resource Management, which are now headed into the ECMAScript spec.