Regex Prepared Statements

SQL like prepared statements for regular expressions

Regex prepared statements helps with sanitizing user inputs for usage in regular expression statements.

Similar to SQL's ?, this library uses a sequence of special characters <_> that will be replaced with sanitized inputs via escape-string-regexp as a peer dependency.

npm install regex-prepared-statements

Additionally you'll need to install the peer dependency escape-string-regexp

npm install escape-string-regexp

Example usages

Simple replacement:

regexp('^foo<_>baz$')('bar') // Produces a regex '^foobarbaz$'

Passing flags:

regexp('^foo<_>baz$', 'i)'('bar') // Produces a regex '^foobarbaz$'

Multiple place holders:

regexp('^<_><_><_>$')('foo', 'bar', 'baz') // Produces a regex '^foobarbaz$'

Regex syntax within a placeholder:

regexp('_<>_<_>?/?_<_>?.*')('.*)*.*///', '<_>')) // Produces a regex '_<>_\\.\\*\\)\\*\\.\\*\\/\\/\\/?\\/?_<_>?.*'

For use cases where you just need a simple sanitization:

regexpSimple(".?") // Produces a regex '\\.\\?'

ESLint Rule

We suggest using this eslint rule to help enforce the usage of this regex library:

"no-restricted-syntax": ["error", {
  "selector": "NewExpression[callee.name='RegExp']",
  "message": "Use regexp() prepared regex function instead.",
}],