super-regex
Make a regular expression time out if it takes too long to execute
This can be used to prevent ReDoS vulnerabilities when running a regular expression against untrusted user input.
This package also has a better API than the built-in regular expression methods. For example, none of the methods mutate the regex.
The timeout only works in Node.js. In the browser, it will simply not time out.
Install
npm install super-regex
Usage
import {isMatch} from 'super-regex';
console.log(isMatch(/\d+/, getUserInput(), {timeout: 1000}));
API
isMatch(regex, string, options?)
Returns a boolean for whether the given regex
matches the given string
.
If the regex takes longer to match than the given timeout, it returns false
.
This method is similar to RegExp#test
, but differs in that the given regex
is never mutated, even when it has the /g
flag.
firstMatch(regex, string, options?)
Returns the first Match
or undefined
if there was no match.
If the regex takes longer to match than the given timeout, it returns undefined
.
matches(regex, string, options?)
Returns an iterable of Match
es.
If the regex takes longer to match than the given timeout, it returns an empty array.
The regex
must have the /g
flag.
options
Type: object
timeout?
Type: number
(integer)
The time in milliseconds to wait before timing out.
matchTimeout?
Type: number
(integer)
Only works in matches()
.
The time in milliseconds to wait before timing out when searching for each match.
Match
{
match: string;
index: number;
groups: string[];
namedGroups: {string: string};
input: string;
}
Related