Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
string-to-regexp
Advanced tools
Readme
You want to allow users to pass in a RegExp with flags or without from string input. Here's how javascript would handle these:
^Hola$ // matches only the string 'Hola'
/^Hola$/ // same - matches only the string 'Hola'
/^Hola$/i // case insensitve match of 'Hola'
Unfortunately new RegExp(string) doesn't parse out these flags as javascript would. This library creates that behavior - you will get exactly the same behavior as if you had the unquoted string in your javascript source.
Of course the bold and brave can get the same effect by using 'eval'. Because this module is all about creating a regex from a user provided input string - the use of eval in this context scares the b-jesus out of me. So then this module is for the weak of heart - like me - who would prefer to avoid the potential of someone hijacking my software by way of some clever javascript introduced where a regexp was expected.
Invalid regex expressions in fact produce a 'null' value at this time which you should look for.
npm install string-to-regexp --save
var stringToRegExp = require('string-to-regexp.js');
/^Hola$/i === stringToRegExp('/^Hola$/i'); // true
/^Hola$/ === stringToRegExp('/^Hola$/'); // true
/^Hola$/ === stringToRegExp('^Hola$'); // true
npm test
In lieu of a formal style guide, please maintain the existing coding style. Add unit tests for any new or changed functionality. Run 'grunt ci' to make sure all tests and jshint rules pass.
FAQs
A simple module that knows how to build a regexp with or without flags without using eval.
The npm package string-to-regexp receives a total of 350 weekly downloads. As such, string-to-regexp popularity was classified as not popular.
We found that string-to-regexp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.