Detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1.
This is a fork of https://github.com/substack/safe-regex at 1.1.0.
WARNING: This module has both false positives and false negatives. It is not meant as a full checker, but it detects basic cases.
npm i safe-regex2You can use this module via npx without installing it globally:
Example:
npx safe-regex2 '(x+x+)+y'const safe = require('safe-regex2'); const regex = process.argv.slice(2).join(' '); console.log(safe(regex));$ node safe.js '(x+x+)+y' false $ node safe.js '(beep|boop)*' true $ node safe.js '(a+){10}' false $ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b' true const safe = require('safe-regex')Returns a boolean indicating whether the regex re is safe and not possibly catastrophic.
re can be a RegExp object or just a string.
If re is a string and is an invalid regex, it returns false.
opts.limit- maximum number of allowed repetitions in the entire regex. Default:25.
Licensed under MIT.
