eslint-plugin-redos-detector

An ESLint plugin that detects vulnerable regex using "RedosDetector". It processes all RegExp literals. I.e. /ab+c/ but not new RegExp('ab+c').

Installation

You'll first need to install ESLint:

npm i eslint --save-dev

npm i --save-dev eslint-plugin-redos-detector

Add redos-detector to the plugins section of your .eslintrc configuration file.

{
  "plugins": ["redos-detector"]
}

Then configure the rule under the rules section.

{
  "rules": {
    "redos-detector/no-unsafe-regex": "error"
  }
}

Or do the following to provide options.

{
  "rules": {
    "redos-detector/no-unsafe-regex": [
      "error",
      {
        "ignoreError": true
      }
    ]
  }
}

ignoreError: If true any error getting results be ignored. It's possible for the detection to fail with some patterns, or if the patten is malformed or uses unsupported features. See this doc for the type of errors. (Default: false)
maxSteps: See the option in this doc with the same name. (Default: See linked doc)
maxBacktracks: See the option in this doc with the same name. (Default: See linked doc)
timeout: See the option in this doc with the same name. (Default: See linked doc)

Name		Name	Last commit message	Last commit date
Latest commit History 998 Commits
.github		.github
.husky		.husky
src		src
.gitignore		.gitignore
.node-version		.node-version
.prettierrc.json		.prettierrc.json
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
README.md		README.md
jest.config.js		jest.config.js
lint-staged.config.js		lint-staged.config.js
package-lock.json		package-lock.json
package.json		package.json
renovate.json		renovate.json
rollup.config.mjs		rollup.config.mjs
tsconfig.json		tsconfig.json
tsconfig.test.json		tsconfig.test.json