Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
string.prototype.matchall
Advanced tools
Spec-compliant polyfill for String.prototype.matchAll ESnext proposal.
The string.prototype.matchall npm package is a polyfill for the `String.prototype.matchAll` method, which returns an iterator of all results matching a string against a regular expression, including capturing groups. This package is particularly useful for environments that do not yet support the `matchAll` method natively.
Matching all occurrences of a pattern
This feature allows you to find all occurrences of the pattern `/test/g` in the string `"test1test2"`. It returns an iterator that contains all matches.
"test1test2".matchAll(/test/g)
Capturing groups in matches
This demonstrates how to use capturing groups with `matchAll`. The regular expression `/(te)(st\d)/g` includes two capturing groups that match parts of the string. The result is an iterator of matches, where each match includes the full matched text and the text matched by each capturing group.
"test1test2".matchAll(/(te)(st\d)/g)
XRegExp provides augmented, extensible regular expressions. You can use it for more complex matching and replacing operations than what's possible with native JavaScript RegExp. It includes support for additional syntax and flags. While it offers more features overall, it doesn't specifically focus on the `matchAll` functionality but can achieve similar results with its APIs.
This package offers a polyfill for the `RegExp.prototype.exec` method to include match indices in the result objects. It's similar to `string.prototype.matchall` in that it enhances the capabilities of regular expressions in JavaScript, but it focuses on providing match position information rather than iterating over all matches.
ES Proposal spec-compliant shim for String.prototype.matchAll. Invoke its "shim" method to shim String.prototype.matchAll
if it is unavailable or noncompliant.
This package implements the es-shim API interface. It works in an ES3-supported environment, and complies with the proposed spec.
Most common usage:
const assert = require('assert');
const matchAll = require('string.prototype.matchall');
const str = 'aabc';
const nonRegexStr = 'ab';
const globalRegex = /[ac]/g;
const nonGlobalRegex = /[bc]/i;
// non-regex arguments are coerced into a global regex
assert.deepEqual(
[...matchAll(str, nonRegexStr)],
[...matchAll(str, new RegExp(nonRegexStr, 'g'))]
);
assert.deepEqual([...matchAll(str, globalRegex)], [
Object.assign(['a'], { index: 0, input: str, groups: undefined }),
Object.assign(['a'], { index: 1, input: str, groups: undefined }),
Object.assign(['c'], { index: 3, input: str, groups: undefined }),
]);
assert.deepEqual([...matchAll(str, nonGlobalRegex)], [
Object.assign(['b'], { index: 2, input: str, groups: undefined }),
]);
matchAll.shim(); // will be a no-op if not needed
// non-regex arguments are coerced into a global regex
assert.deepEqual(
[...str.matchAll(nonRegexStr)],
[...str.matchAll(new RegExp(nonRegexStr, 'g'))]
);
assert.deepEqual([...str.matchAll(globalRegex)], [
Object.assign(['a'], { index: 0, input: str, groups: undefined }),
Object.assign(['a'], { index: 1, input: str, groups: undefined }),
Object.assign(['c'], { index: 3, input: str, groups: undefined }),
]);
assert.deepEqual([...str.matchAll(nonGlobalRegex)], [
Object.assign(['b'], { index: 2, input: str, groups: undefined }),
]);
Simply clone the repo, npm install
, and run npm test
FAQs
Spec-compliant polyfill for String.prototype.matchAll
The npm package string.prototype.matchall receives a total of 17,386,336 weekly downloads. As such, string.prototype.matchall popularity was classified as popular.
We found that string.prototype.matchall demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.