Gathering detailed insights and metrics for @wemnyelezxnpm/enim-omnis-similique
Installations
npm install @wemnyelezxnpm/enim-omnis-similiqueDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
20.12.2
NPM Version
10.5.0
Score
53.1
Supply Chain
48.1
Quality
75.7
Maintenance
100
Vulnerability
100
License
Contributors
1
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
wemnyelezxnpm
Download Statistics
Total Downloads
116
Last Day
1
Last Week
4
Last Month
7
Last Year
116
GitHub Statistics
3 Commits
1 Branches
Maintainers
1
Package Meta Information
Latest Version
1.0.0
Package Id
@wemnyelezxnpm/enim-omnis-similique@1.0.0
Unpacked Size
14.47 kB
Size
6.08 kB
File Count
10
NPM Version
10.5.0
Node Version
20.12.2
Publised On
27 Apr 2024
Total Downloads
Cumulative downloads
Total Downloads
116
Last day
0%
1
Compared to previous day
Last week
0%
4
Compared to previous week
Last month
600%
7
Compared to previous month
Last year
0%
116
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
33
@crabas0npm/enim-animi-iure@ffras4vnpm/iste-soluta-repellendus@ffras4vnpm/ullam-odio-aspernatur@wemnyelezxnpm/a-illo-eos-qui@wemnyelezxnpm/aliquam-accusantium-porro-voluptates@wemnyelezxnpm/architecto-eligendi-ex-unde@wemnyelezxnpm/autem-est-molestias-numquam@wemnyelezxnpm/consectetur-eligendi-mollitia-enim@wemnyelezxnpm/consequatur-vel-distinctio-quia@wemnyelezxnpm/corrupti-voluptatem-pariatur-assumenda@wemnyelezxnpm/cum-assumenda-et-ad@wemnyelezxnpm/dolor-deserunt-reprehenderit-sunt@wemnyelezxnpm/esse-saepe-vero-excepturi@wemnyelezxnpm/ex-laudantium-dignissimos-nesciunt@wemnyelezxnpm/excepturi-odit-culpa-magnam@wemnyelezxnpm/facilis-velit-quam-ducimus@wemnyelezxnpm/illo-possimus-quas-ipsa@wemnyelezxnpm/illum-possimus-officiis-eius@wemnyelezxnpm/inventore-totam-iste-pariatur@wemnyelezxnpm/nam-sequi-vitae-eveniet@wemnyelezxnpm/nam-suscipit-commodi-nam@wemnyelezxnpm/odit-placeat-delectus-iure@wemnyelezxnpm/officiis-nesciunt-quisquam-delectus@wemnyelezxnpm/quas-quo-aperiam-quasi@wemnyelezxnpm/quis-consectetur-nisi-dicta@wemnyelezxnpm/quo-alias-sapiente-eveniet@wemnyelezxnpm/sit-ad-nesciunt-possimus@wemnyelezxnpm/temporibus-fugiat-ipsum-veniam@wemnyelezxnpm/temporibus-non-reiciendis-fuga@wemnyelezxnpm/tenetur-architecto-laborum-hic@wemnyelezxnpm/vel-nemo-fuga-veritatis@wemnyelezxnpm/vero-tempore-impedit-reiciendis@wemnyelezxnpm/voluptas-dolorem-earum-corporis
Versions
@wemnyelezxnpm/enim-omnis-similique
Why?
You want to let end users enter their own regular expressions. But regular expressions can lead to catastrophic backtracking. This can take up hours of CPU time. In Node.js this means no other code can execute. It is a Denial of Service (DOS) attack vector, whether intentionally or by accident.
This module lets you test regular expressions with a time limit to mitigate the pain.
Usage
1// Set a 1-second limit. Default is 0.25 seconds 2const regExp = require('@wemnyelezxnpm/enim-omnis-similique')({ limit: 1 }); 3 4// A common email address validator with potentially evil characteristics 5// (catastrophic backtracking) 6const evil = /^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/; 7 8(async () => { 9 // Run a potentially slow regular expression on short, matching input 10 const realEmail = 'test@test.com'; 11 const realEmailResult = await regExp.match(evil, realEmail); 12 // Normal behavior, may be truthy or falsy according to match, 13 // returns the same array result as regular regexp match() calls 14 console.log(realEmailResult); 15 // This input is long enough to trigger catastrophic backtracking and 16 // could take hours to evaluate 17 const evilEmail = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; 18 try { 19 const evilEmailResult = await regExp.match(evil, evilEmail); 20 // We will not get here, exception will be thrown 21 } catch (e) { 22 console.log(e.name); // Will be 'timeout' 23 } 24})();
Notes
"Why is match an async function?" It runs in a separate process because that is the only way to avoid starving the Node.js application and implement a portable timeout on the regular expression.
"How bad is the performance overhead?" Communication with a separate worker process makes it slower of course, but the process is reused by later calls, so the hit is not serious.
Flags, for instance the g flag, are supported.
You can pass the regular expression as a string, but regular expression literals (what you are used to typing) are easier to get right because you don't have to double-escape anything.
No vulnerabilities found.
No security vulnerabilities found.