athea

Repositories Projects Packages

safe-regex (1.1.0)

Published 2026-02-24 14:04:41 +00:00 by atheaadmin

Installation

Setup this registry in your project .npmrc file:

registry=

To install the package using npm, run the following command:

npm install safe-regex@1.1.0

or add it to the package.json file:

"safe-regex": "1.1.0"

For more information on the npm registry, see the documentation.

About this package

safe-regex

detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1

WARNING: This module merely seems to work given all the catastrophic regular expressions I could find scouring the internet, but I don't have enough of a background in automata to be absolutely sure that this module will catch all exponential-time cases.

example

var safe = require('safe-regex');
var regex = process.argv.slice(2).join(' ');
console.log(safe(regex));

$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

methods

var safe = require('safe-regex')

var ok = safe(re, opts={})

Return a boolean ok whether or not the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If the re is a string and is an invalid regex, returns false.

• opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

install

With npm do:

npm install safe-regex

license

MIT

Dependencies

Dependencies

ID	Version
ret	~0.1.10

Development Dependencies

ID	Version
tape	^3.5.0

Keywords

catastrophic exponential regex safe sandbox

Details

npm

2026-02-24 14:04:41 +00:00

0

James Halliday

Project Site

MIT

latest

2.8 KiB

Assets (1)

safe-regex-1.1.0.tgz 2.8 KiB

Versions (1) View all

1.1.0 2026-02-24