semver-regex
Advanced tools
Comparing version 4.0.4 to 4.0.5
export default function semverRegex() { | ||
return /(?<=^v?|\sv?)(?:(?:0|[1-9]\d{0,9}?)\.){2}(?:0|[1-9]\d{0,9})(?:-(?:--?|0|[1-9]\d*|\d*[a-z]+\d*)){0,100}(?=$| |\+|\.)(?:(?<=-\S+)(?:\.(?:--?|[\da-z-]*[a-z-]\d*|0|[1-9]\d*)){1,100}?)?(?!\.)(?:\+(?:[\da-z]\.?-?){1,100}?(?!\w))?(?!\+)/gi; | ||
return /(?<=^v?|\sv?)(?:(?:0|[1-9]\d{0,9}?)\.){2}(?:0|[1-9]\d{0,9})(?:-(?:--+)?(?:0|[1-9]\d*|\d*[a-z]+\d*)){0,100}(?=$| |\+|\.)(?:(?<=-\S+)(?:\.(?:--?|[\da-z-]*[a-z-]\d*|0|[1-9]\d*)){1,100}?)?(?!\.)(?:\+(?:[\da-z]\.?-?){1,100}?(?!\w))?(?!\+)/gi; | ||
} |
{ | ||
"name": "semver-regex", | ||
"version": "4.0.4", | ||
"version": "4.0.5", | ||
"description": "Regular expression for matching semver versions", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -31,4 +31,6 @@ # semver-regex | ||
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 100). And if you use this in a server context, you should also [give it a timeout](https://github.com/sindresorhus/super-regex). | ||
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also [give it a timeout](https://github.com/sindresorhus/super-regex). | ||
**I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input.** However, I'm happy to accept pull requests to improve the regex. | ||
## Related | ||
@@ -35,0 +37,0 @@ |
4272
42