eslint-plugin-redos-detector
v3.0.2
Published
An eslint plugin that detects vulnerable regex using "https://github.com/tjenkinson/redos-detector".
Downloads
6,105
Maintainers
Readme
eslint-plugin-redos-detector
An ESLint plugin that detects vulnerable regex using "RedosDetector". It processes all RegExp literals. I.e. /ab+c/
but not new RegExp('ab+c')
.
Installation
You'll first need to install ESLint:
npm i eslint --save-dev
Next, install eslint-plugin-redos-detector
:
npm i --save-dev eslint-plugin-redos-detector
Usage
Add redos-detector
to the plugins section of your .eslintrc
configuration file.
{
"plugins": ["redos-detector"]
}
Then configure the rule under the rules section.
{
"rules": {
"redos-detector/no-unsafe-regex": "error"
}
}
Or do the following to provide options.
{
"rules": {
"redos-detector/no-unsafe-regex": [
"error",
{
"ignoreError": true
}
]
}
}
Options
ignoreError
: Iftrue
any error getting results be ignored. It's possible for the detection to fail with some patterns, or if the patten is malformed or uses unsupported features. See this doc for the type of errors. (Default:false
)maxSteps
: See the option in this doc with the same name. (Default: See linked doc)maxScore
: See the option in this doc with the same name. (Default: See linked doc)timeout
: See the option in this doc with the same name. (Default: See linked doc)