Nuclear Powered Marshmallows

safe-regex

2.0.1 • Public • Published

safe-regex

Detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1.

WARNING: This module has both false positives and false negatives. Use vuln-regex-detector for improved accuracy.

browser support

build status

Example

var safe = require('safe-regex');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));
$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

Methods

const safe = require('safe-regex')

const ok = safe(re, opts={})

Return a boolean ok whether or not the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If the re is a string and is an invalid regex, returns false.

  • opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

Install

With npm do:

npm install safe-regex

License

MIT

install

npm i safe-regex

Downloadsweekly downloads

612,120

version

2.0.1

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability