Security News
New CVE Forecasting Tool Predicts 47,000 Disclosures in 2025
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.
By Sarah Gooding - Jul 07, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
semver-regex
Advanced tools
What is semver-regex?
The semver-regex npm package provides a regular expression for matching semantic versioning (semver) strings. Semantic versioning is a versioning scheme for software that conveys meaning about the underlying changes. The semver-regex package allows users to easily validate and extract semver strings from text.
What are semver-regex's main functionalities?
Validation of semver strings
This feature allows you to test if a string is a valid semantic version. The code sample demonstrates how to use the semver-regex package to validate a correct semver string ('1.0.0') and an incorrect one ('1.0').
const semverRegex = require('semver-regex');
console.log(semverRegex().test('1.0.0')); // true
console.log(semverRegex().test('1.0')); // falseExtraction of semver strings
This feature allows you to extract a semver string from a larger piece of text. The code sample shows how to use the semver-regex package to find and extract the first semver string from a given text.
const semverRegex = require('semver-regex');
const text = 'The latest version is 3.2.1.';
console.log(text.match(semverRegex())[0]); // '3.2.1'Other packages similar to semver-regex
semver
The semver package is a more comprehensive tool for working with semantic versions. It not only validates semver strings but also compares them, sorts them, and can increment version numbers according to the semver specification. It offers a richer API compared to the simple regex matching of semver-regex.
compare-versions
The compare-versions package allows you to compare semver strings to determine which is greater, equal, or less. It provides a simple comparison function rather than regex-based validation, focusing on the ordering of versions rather than pattern matching.
semver-regex
Regular expression for matching semver versions
Install
npm install semver-regex
Usage
import semverRegex from 'semver-regex';
semverRegex().test('v1.0.0');
//=> true
semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow');
//=> true
semverRegex().exec('unicorn 1.0.0 rainbow')[0];
//=> '1.0.0'
'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex());
//=> ['1.0.0', '2.1.3']
Important
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also give it a timeout.
I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input. However, I'm happy to accept pull requests to improve the regex.
Related
- find-versions - Find semver versions in a string
- latest-semver - Get the latest stable semver version from an array of versions
- to-semver - Get an array of valid, sorted, and cleaned semver versions from an array of strings
- semver-diff - Get the diff type of two semver versions:
0.0.10.0.2→patch - semver-truncate - Truncate a semver version:
1.2.3→1.2.0
FAQs
Regular expression for matching semver versions
The npm package semver-regex receives a total of 6,266,265 weekly downloads. As such, semver-regex popularity was classified as popular.
We found that semver-regex demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Jun 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
By Sarah Gooding - Jul 04, 2025
Research
Security News
8 More Malicious Firefox Extensions: Exploiting Popular Game Recognition, Hijacking User Sessions, and Stealing OAuth Credentials
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
By Kush Pandya - Jul 04, 2025