Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
wildcard-match
Advanced tools
A tiny and extremely fast library for compiling and matching basic glob patterns
The wildcard-match npm package is used for matching strings against wildcard patterns. It is useful for tasks such as filtering file paths, validating input strings, and more.
Basic Wildcard Matching
This feature allows you to check if a string matches a given wildcard pattern. In this example, 'foobar' matches the pattern 'foo*'.
const wildcard = require('wildcard-match');
const isMatch = wildcard('foo*')('foobar');
console.log(isMatch); // true
Case-Insensitive Matching
This feature allows for case-insensitive matching. In this example, 'FOOBAR' matches the pattern 'foo*' when case sensitivity is turned off.
const wildcard = require('wildcard-match');
const isMatch = wildcard('foo*', { caseSensitive: false })('FOOBAR');
console.log(isMatch); // true
Custom Wildcard Characters
This feature allows you to define custom wildcard characters. In this example, '#' is used as the wildcard character instead of the default '*'.
const wildcard = require('wildcard-match');
const isMatch = wildcard('foo#', { wildcard: '#' })('foo123');
console.log(isMatch); // true
Minimatch is a powerful glob matching library that supports a wide range of glob patterns. It is more feature-rich compared to wildcard-match, offering advanced pattern matching capabilities.
Micromatch is a fast and lightweight glob matcher that supports extended glob patterns and advanced matching features. It is known for its performance and flexibility, making it a good alternative to wildcard-match.
Multimatch is a library that allows you to match multiple glob patterns against a list of strings. It is built on top of minimatch and provides additional functionality for handling multiple patterns efficiently.
A tiny and extremely fast JavaScript library for compiling and matching basic glob patterns
Wildcard-match takes one or more basic glob patterns, compiles them into a RegExp and returns a function for matching strings with it.
Glob patterns are strings that contain ?
, *
and **
wildcards. When such a pattern is compared with another string, these wildcards can replace one or more symbols. For example, src/*
would match both src/foo
and src/bar
.
This library's goal is to be as small and as fast as possible while supporting only the most basic wildcards. If you need character ranges, extended globs, braces and other advanced features, check out outmatch.
npm install wildcard-match
import wcmatch from 'wildcard-match'
const isMatch = wcmatch('src/**/*.?s')
isMatch('src/components/header/index.js') //=> true
isMatch('src/README.md') //=> false
isMatch.pattern //=> 'src/**/*.?s'
isMatch.options //=> { separator: true }
isMatch.regexp //=> /^src[/\\]+?(?:[^/\\]*?[/\\]+?)*?[^/\\]*?\.[^/\\]s[/\\]*?$/
More details are available in the Installation, Usage and API sections.
🍃 | Lightweight No dependencies. Less than 1 KB when minified and gzipped |
🏎 | Fast Compiles and matches patterns faster than any other known library |
🌞 | Simple The API is a single function |
⚒ | Reliable Written in TypeScript. Covered by hundreds of unit tests |
🔌 | Compatible Works in any ES5+ environment including older versions of Node.js, Bun, Deno, React Native and browsers |
For comparison with the alternatives, see the corresponding section.
The package is distributed via the npm package registry. It can be installed using one of the compatible package managers or included directly from a CDN.
npm install wildcard-match
yarn add wildcard-match
pnpm install wildcard-match
When included from a CDN, wildcard-match is available as the global function wcmatch
.
Wildcard-match comes built in ESM, CommonJS and UMD formats and includes TypeScript typings. The examples use ESM imports, which can be replaced with the following line for CommonJS: const wcmatch = require('wildcard-match')
.
The default export is a function of two arguments, first of which can be either a single glob string or an array of such patterns. The second argument is optional and can be either an options object or a separator (which will be the value of the separator
option). Wildcard-match compiles them into a regular expression and returns a function (usually called isMatch
in the examples) that tests strings against the pattern. The pattern, options and the compiled RegExp object are available as properties on the returned function:
import wcmatch from 'wildcard-match'
const isMatch = wcmatch('src/?ar')
isMatch('src/bar') //=> true
isMatch('src/car') //=> true
isMatch('src/cvar') //=> false
isMatch.pattern //=> 'src/?ar'
isMatch.options //=> {}
isMatch.regexp //=> /^src[/\\]+?[^/\\]ar[/\\]*?$/
The returned function can be invoked immediately if there is no need to match a pattern more than once:
wcmatch('src/**/*.js')('src/components/body/index.js') //=> true
Compiling a pattern is much slower than comparing a string to it, so it is recommended to always reuse the returned function when possible.
Wildcard-match supports the following glob syntax in patterns:
?
matches exactly one arbitrary character excluding separators*
matches zero or more arbitrary characters excluding separators**
matches any number of segments when used as a whole segment in a separated pattern (e.g. /**/
if /
is the separator)\
escapes the following character making it be treated literallyMore features are available in the outmatch library.
Globs are most often used to search file paths, which are, essentially, strings split into segments by slashes. While other libraries are usually restricted to this use-case, wildcard-match is able to work with arbitrary strings by accepting a custom separator in the second parameter:
const matchDomain = wcmatch('*.example.com', { separator: '.' })
matchDomain('subdomain.example.com') //=> true
// Here, the second parameter is a shorthand for `{ separator: ',' }`
const matchLike = wcmatch('one,**,f?ur', ',')
matchLike('one,two,three,four') //=> true
The only limitation is that backslashes \
cannot be used as separators in patterns because
wildcard-match uses them for character escaping. However, when separator
is undefined
or true
, /
in patterns will match both /
and \
, so a single pattern with forward
slashes can match both Unix and Windows paths:
const isMatchA = outmatch('foo\\bar') // throws an error
const isMatchB = outmatch('foo/bar') // same as passing `true` as the separator
isMatchB('foo/bar') //=> true
isMatchB('foo\\bar') //=> true
const isMatchC = outmatch('foo/bar', '/')
isMatchC('foo/bar') //=> true
isMatchC('foo\\bar') //=> false
The matching features work with a segment rather than a whole pattern:
const isMatch = wcmatch('foo/b*')
isMatch('foo/bar') //=> true
isMatch('foo/b/ar') //=> false
Segmentation can be turned off completely by passing false
as the separator, which makes wildcard-match treat whole patterns as a single segment. Slashes become regular symbols and *
matches anything:
const isMatch = wcmatch('foo?ba*', false)
isMatch('foo/bar/qux') //=> true
A single separator in a pattern will match one or more separators in a sample string:
wcmatch('foo/bar/baz')('foo/bar///baz') //=> true
When a pattern has an explicit separator at its end, samples also require one or more trailing separators:
const isMatch = wcmatch('foo/bar/')
isMatch('foo/bar') //=> false
isMatch('foo/bar/') //=> true
isMatch('foo/bar///') //=> true
However, if there is no trailing separator in a pattern, strings will match even if they have separators at the end:
const isMatch = wcmatch('foo/bar')
isMatch('foo/bar') //=> true
isMatch('foo/bar/') //=> true
isMatch('foo/bar///') //=> true
Wildcard-match can take an array of glob patterns as the first argument instead of a single pattern. In that case a string will be considered a match if it matches any of the given patterns:
const isMatch = wcmatch(['src/*', 'tests/*'])
isMatch('src/utils.js') //=> true
isMatch('tests/utils.js') //=> true
The returned function can work with arrays of strings when used as the predicate of the native array methods:
const isMatch = wcmatch('src/*.js')
const paths = ['readme.md', 'src/index.js', 'src/components/body.js']
paths.map(isMatch) //=> [ false, true, false ]
paths.filter(isMatch) //=> [ 'src/index.js' ]
paths.some(isMatch) //=> true
paths.every(isMatch) //=> false
paths.find(isMatch) //=> 'src/index.js'
paths.findIndex(isMatch) //=> 1
Takes a single pattern string or an array of patterns and compiles them into a regular expression. Returns an isMatch function that takes a sample string as its only argument and returns true if the string matches the pattern(s).
Tests if a sample string matches the patterns that were used to compile the regular expression and create this function.
The compiled regular expression.
The original pattern or array of patterns that was used to compile the regular expression and create the isMatch function.
The options object that was used to compile the regular expression and create the isMatch function.
Option | Type | Default Value | Description |
---|---|---|---|
separator | string | boolean | true | Separator to be used to split patterns and samples into segments
|
flags | string | undefined | Flags to pass to the RegExp. For example, setting this option to 'i' will make the matching case-insensitive |
Node.js v22
Pattern: src/test/**/*.?s
Sample: src/test/foo/bar.js
Compilation
wildcard-match v5.1.4 1,000,947 ops/sec
picomatch v4.0.2 216,903 ops/sec
Matching
wildcard-match v5.1.4 24,330,069 ops/sec
picomatch v4.0.2 7,776,730 ops/sec
FAQs
A tiny and extremely fast library for compiling and matching basic glob patterns
The npm package wildcard-match receives a total of 404,573 weekly downloads. As such, wildcard-match popularity was classified as popular.
We found that wildcard-match demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.