Gathering detailed insights and metrics for approx-string-match
Gathering detailed insights and metrics for approx-string-match
Fast approximate string matching library for JavaScript
Installations
npm install approx-string-matchDeveloper Guide
BETA
Typescript
No
Module System
ESM
Score
80
Supply Chain
95.7
Quality
75.7
Maintenance
100
Vulnerability
100
License
Releases
6
Languages
1
TypeScript
TypeScript (100%)
Developer
robertknight
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
53 Stars
69 Commits
4 Forks
3 Watchers
2 Branches
2 Contributors
Updated on Jun 12, 2025
Maintainers
1
Package Meta Information
Latest Version
2.0.0
Package Id
approx-string-match@2.0.0
Unpacked Size
19.04 kB
Size
6.95 kB
File Count
9
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
6
approx-string-match
A library for approximate string matching.
This can be used to find occurrences of a pattern P (of length m) in a text T (of length n) allowing for up to a given number of errors (k), where errors may include insertions, substitutions or deletions of characters from the pattern.
For example the pattern "annd" occurs in the string "four score and seven" with one error.
The implementation uses a bit-parallel algorithm by G. Myers [1] which, to the best of my knowledge, is the state of the art algorithm for the online version of the problem (where the text and pattern cannot be preprocessed in advance). It runs in O((k/w) * n) expected-time where k <= m and w is the word size (32 in JavaScript). It also includes some additional optimizations suggested in [3]. See comments in the code for more details.
Usage
npm install --save approx-string-match
1import search from "approx-string-match";
2
3const text = "Four score and seven";
4const pattern = "annd";
5const matches = search(text, pattern, 2 /* max errors */);
6console.log(matches);
7
8// Outputs `[{ start: 11, end: 14, errors: 1 }]`API
The library exports a single function search(text, pattern, maxErrors) which
returns an array of the closest matches for pattern in text allowing up to
maxErrors errors.
1interface Match { 2 start: number; 3 end: number; 4 errors: number; 5} 6 7search(text: string, pattern: string, maxErrors: number): Match[]
Implementation notes
Word size
The algorithm uses bitwise operations on integers. Since JavaScript only supports bitwise operations on 32-bit integers, that is the word size, regardless of the platform.
If JS gains support for bitwise operations on larger integers in future, that support could be used to speed up this library.
Unicode
The library currently works on code units rather than code points, where the
code unit is a UTF-16 value. What this means is that a change to a unicode
character which requires multiple characters to represent in a JavaScript
string, such as emoji, would actually count as two changes rather than one. This
is because such chars require two elements to represent in a string (eg.
"😊".length is 2).
Related reading
For an overview of the different approaches to approximate string matching and the history of the development of solutions, there is a good survey paper [2].
References
[1] G. Myers, “A Fast Bit-Vector Algorithm for Approximate String Matching Based on Dynamic Programming,” vol. 46, no. 3, pp. 395–415, 1999.
[2] G. Navarro, “A guided tour to approximate string matching,” ACM Comput. Surv., vol. 33, no. 1, pp. 31–88, 2001.
[3] Šošić, M. (2014). "An SIMD dynamic programming c/c++ library" (Doctoral dissertation, Fakultet Elektrotehnike i računarstva, Sveučilište u Zagrebu).
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/15 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/robertknight/approx-string-match-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/robertknight/approx-string-match-js/ci.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
2.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More