📦 safe-regex2

detect possibly catastrophic, exponential-time regular expressions

Author

James Halliday

License

MIT

Unpacked Size

8.99 KB

Packed Size

4.13 KB

Last Activity

10 days ago

Wkly Downloads

322K

Unpacked Size

8.99 KB

Packed Size

4.13 KB

License

MIT

Author

James Halliday

Last Activity

10 days ago

Dependencies Overview

Dependencies (1)

ret ~0.5.0

Peer Dependencies (0)

There are not dependencies

Dev Dependencies (6)

@fastify/pre-commit ^2.1.0 c8 ^10.1.3 eslint ^9.17.0 neostandard ^0.12.0 tape ^5.7.5 tsd ^0.31.0

Versions Overview

Last Version

5.0.0

Last Version Released

7 months ago

N. of Versions

Repository Overview

Default Branch

main

Is Archived?

Is Disabled?

Is Fork?

Is Locked?

Security Policy Enabled?

YES

Latest Commits

Last 10 commits in the repository

build(deps-dev): remove @fastify/pre-commit (#65)

Frazer Smith

10 days ago

chore(.npmrc): ignore scripts (#64)

Frazer Smith

14 days ago

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#63) Bumps [tsd](https://github.com/tsdjs/tsd) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/tsdjs/tsd/releases) - [Commits](https://github.com/tsdjs/tsd/compare/v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: tsd dependency-version: 0.33.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

about 1 month ago

chore(license): update date ranges; standardise style (#62)

Frazer Smith

3 months ago

feat: extract walk function out of safeRegex (#61) * feat: extract walk function out of safeRegex * shorter * make function monomorphic * Update index.js Co-authored-by: Frazer Smith <frazer.dev@icloud.com> Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com> --------- Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com> Co-authored-by: Frazer Smith <frazer.dev@icloud.com>

Aras Abbasi

4 months ago

feat: make it possible to be run via packageRunner (#60) * feat: make it possible to be run via packageRunner * Apply suggestions from code review Co-authored-by: KaKa <23028015+climba03003@users.noreply.github.com> Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com> * Apply suggestions from code review Co-authored-by: Frazer Smith <frazer.dev@icloud.com> Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com> * add documentation * fix pr comemnt --------- Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com> Co-authored-by: KaKa <23028015+climba03003@users.noreply.github.com> Co-authored-by: Frazer Smith <frazer.dev@icloud.com>

Aras Abbasi

4 months ago

test: migrate to node:test (#59) * test: migrate to node:test * chore: remove async

Sahachai

5 months ago

build(deps-dev): bump tsd from 0.31.2 to 0.32.0 (#58) Bumps [tsd](https://github.com/tsdjs/tsd) from 0.31.2 to 0.32.0. - [Release notes](https://github.com/tsdjs/tsd/releases) - [Commits](https://github.com/tsdjs/tsd/compare/v0.31.2...v0.32.0) --- updated-dependencies: - dependency-name: tsd dependency-version: 0.32.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

5 months ago

ci: restore job level permissions (#57)

Frazer Smith

6 months ago

ci: set permissions at workflow level (#56)

Frazer Smith

6 months ago

Top Contributors

The top contributors considering the last 100 commits & PRs

Fdawgs

dependabot[bot]

mcollina

dependabot-preview[bot]

greenkeeper[bot]

Open PRs (0)

Currently active PR in the repository

There are not PRs to display

Open Issues (0)

Currently active PR in the repository

There are not issues to display

Open Discussions (0)

Currently open discussions in the repository

There are not discussions to display

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Package Summary

safe-regex2 reliably determines if a regular expression is safe from catastrophic backtracking. This crucial security tool safeguards against ReDoS (Regular expression Denial of Service) attacks by analyzing regex patterns. It returns true if safe and false otherwise. Use it to prevent malicious or unintentionally complex regexes from crippling your Node.js applications. Mitigate potential performance bottlenecks and security vulnerabilities with this improved version of the original safe-regex library.

Release Frequency

Historycal data about package versions

Releases Summary

The npm package safe-regex2 has seen infrequent releases. Version 2.0.0 was released in February 2019. After more than three years version 3.0.0 was released in May 2022, followed by 3.1.0 in December 2022. Releases continued sporadically in July/December 2024. The latest release of the package, version 5.0.0, was in March 2025, and no releases have occurred since then.

All Versions

Popularity Overview

GH Stars

GH Forks

GH Watchers

Downloads History

Historycal data about package downloads in the last 18 months

Popularity Summary

Safe-regex2 downloads show consistent growth. From March 2024 to August 2025, downloads increased from ~7 million to over 12 million. There's a clear upward trend, with the highest recorded downloads in July 2025. August 2025 data is incomplete so this month could be above previous months.

Security Overview

Vulnerabilities

Last Version with Vulnerabilities

N/A

Vulnerabilities Tracker

Historycal data about package vulnerabilities across all the stable versions

Vulnerabilites Summary

The npm package `safe-regex2` shows no reported security vulnerabilities across versions 2.0.0, 3.0.0, 3.1.0, 4.0.0, 4.0.1, and 5.0.0, indicating a good security track record for these versions.

Complete Security Overview