@redlotus/super-regex
v1.0.1
Published
Make a regular expression time out if it takes too long to execute
Downloads
18
Maintainers
Readme
@redlotus/super-regex
Make a regular expression time out if it takes too long to execute
This can be used to prevent ReDoS vulnerabilities when running a regular expression against untrusted user input.
This package also has a better API than the built-in regular expression methods. For example, none of the methods mutate the regex.
The timeout only works in Node.js. In the browser, it will simply not time out.
Install
npm install @redlotus/super-regex
yarn add @redlotus/super-regex
Usage
import {isMatch} from 'super-regex';
console.log(isMatch(/\d+/, getUserInput(), {timeout: 1000}));
API
isMatch(regex, string, options?)
Returns a boolean for whether the given regex
matches the given string
.
If the regex takes longer to match than the given timeout, it returns false
.
This method is similar to RegExp#test
, but differs in that the given regex
is never mutated, even when it has the /g
flag.
firstMatch(regex, string, options?)
Returns the first Match
or undefined
if there was no match.
If the regex takes longer to match than the given timeout, it returns undefined
.
matches(regex, string, options?)
Returns an iterable of Match
es.
If the regex takes longer to match than the given timeout, it returns an empty array.
The regex
must have the /g
flag.
options
Type: object
timeout?
Type: number
(integer)
The time in milliseconds to wait before timing out.
matchTimeout?
Type: number
(integer)
Only works in matches()
.
The time in milliseconds to wait before timing out when searching for each match.
Match
{
match: string;
index: number;
groups: string[];
namedGroups: {string: string}; // object with string values
input: string;
}
Related
- function-timeout - Make a synchronous function have a timeout