Detect potentially catastrophic exponential-time regular expressions by limiting the star height to 1.

This is a fork of https://github.com/substack/safe-regex at 1.1.0.

WARNING: This module has both false positives and false negatives. It is not meant as a full checker, but it detects basic cases.

npm i safe-regex2

You can use this module via npx without installing it globally:

Example:

npx safe-regex2 '(x+x+)+y'

const safe = require('safe-regex2');
const regex = process.argv.slice(2).join(' ');
console.log(safe(regex));

$ node safe.js '(x+x+)+y'
false
$ node safe.js '(beep|boop)*'
true
$ node safe.js '(a+){10}'
false
$ node safe.js '\blocation\s*:[^:\n]+\b(Oakland|San Francisco)\b'
true

const safe = require('safe-regex')

Returns a boolean indicating whether the regex re is safe and not possibly catastrophic.

re can be a RegExp object or just a string.

If re is a string and is an invalid regex, it returns false.

• opts.limit - maximum number of allowed repetitions in the entire regex. Default: 25.

Licensed under MIT.