super-regex

super-regex

Make a regular expression time out if it takes too long to execute

This can be used to prevent ReDoS vulnerabilities when running a regular expression against untrusted user input.

This package also has a better API than the built-in regular expression methods. For example, none of the methods mutate the regex.

The timeout only works in Node.js. In the browser, it will simply not time out.

Install

npm install super-regex

Usage

import {isMatch} from 'super-regex';

console.log(isMatch(/\d+/, getUserInput(), {timeout: 1000}));

API

isMatch(regex, string, options?)

Returns a boolean for whether the given regex matches the given string.

If the regex takes longer to match than the given timeout, it returns false.

This method is similar to RegExp#test, but differs in that the given regex is never mutated, even when it has the /g flag.

firstMatch(regex, string, options?)

Returns the first Match or undefined if there was no match.

If the regex takes longer to match than the given timeout, it returns undefined.

matches(regex, string, options?)

Returns an iterable of Matches.

If the regex takes longer to match than the given timeout, it returns an empty array.

The regex must have the /g flag.

options

Type: object

timeout?

Type: number (integer)

The time in milliseconds to wait before timing out.

matchTimeout?

Type: number (integer)

Only works in matches().

The time in milliseconds to wait before timing out when searching for each match.

Match

{
	match: string;
	index: number;
	groups: string[];
	namedGroups: {string: string}; // object with string values
	input: string;
}

Related

• function-timeout - Make a synchronous function have a timeout