{"id":19860,"library":"eslint-plugin-no-unsafe-regex","title":"ESLint Plugin No Unsafe Regex","description":"ESLint plugin that disallows potentially unsafe regular expressions. Version 1.0.0, stable. Uses the `safe-regex` library to detect regex patterns vulnerable to ReDoS attacks, such as nested quantifiers. Integrates as an ESLint plugin with a single rule `no-unsafe-regex/no-unsafe-regex`. Differentiates from other regex linting by focusing solely on security/performance, not style. Only validates regex literals and RegExp constructor with literal arguments. Regular maintenance, no known issues.","status":"active","version":"1.0.0","language":"javascript","source_language":"en","source_url":"git://github.com/kgryte/eslint-plugin-no-unsafe-regex","tags":["javascript","eslint","eslintplugin","plugin","js","style","guide","styleguide"],"install":[{"cmd":"npm install eslint-plugin-no-unsafe-regex","lang":"bash","label":"npm"},{"cmd":"yarn add eslint-plugin-no-unsafe-regex","lang":"bash","label":"yarn"},{"cmd":"pnpm add eslint-plugin-no-unsafe-regex","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"runtime dependency used to detect unsafe regex patterns","package":"safe-regex","optional":false}],"imports":[{"note":"CommonJS require; package has no default export for ESM.","symbol":"plugin","correct":"const plugin = require('eslint-plugin-no-unsafe-regex');"},{"note":"Rule must be prefixed with the plugin name when using ESLint plugins.","wrong":"rules: { 'no-unsafe-regex': 'error' }","symbol":"no-unsafe-regex rule","correct":"// in .eslintrc: { rules: { 'no-unsafe-regex/no-unsafe-regex': 'error' } }"},{"note":"ESLint automatically resolves the 'eslint-plugin-' prefix; just use the short name.","wrong":"plugins: ['eslint-plugin-no-unsafe-regex']","symbol":"Plugin reference","correct":"// in .eslintrc: { plugins: ['no-unsafe-regex'] }"}],"quickstart":{"code":"module.exports = {\n  plugins: ['no-unsafe-regex'],\n  rules: {\n    'no-unsafe-regex/no-unsafe-regex': 'error'\n  }\n};","lang":"javascript","description":"Configures ESLint to use the no-unsafe-regex plugin and enable its rule as an error."},"warnings":[{"fix":"Ensure that unsafe patterns are not built dynamically or manually review dynamic regex.","message":"The plugin only validates regex literals (e.g., /pattern/) and RegExp constructor with literal string arguments. It does not validate regex created from variables or dynamic strings.","severity":"gotcha","affected_versions":">=0"},{"fix":"If a false positive is encountered, consider disabling the rule for that specific line using an ESLint comment.","message":"The rule may produce false positives for complex but safe regex patterns, as the underlying safe-regex library uses a heuristic.","severity":"gotcha","affected_versions":">=0"},{"fix":"Consider using eslint-plugin-security instead which also covers unsafe regex.","message":"This plugin has not been updated since 2015 and may not be compatible with newer ESLint versions.","severity":"deprecated","affected_versions":">=0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Run 'npm install safe-regex' or check node_modules.","cause":"Missing dependency safe-regex.","error":"Error: Cannot find module 'safe-regex'"},{"fix":"Use 'no-unsafe-regex/no-unsafe-regex' and add 'no-unsafe-regex' to plugins.","cause":"Rule used without plugin prefix or plugin not registered.","error":"Configuration for rule \"no-unsafe-regex\" is invalid: Definition for rule 'no-unsafe-regex' was not found."},{"fix":"Install via npm and use short name 'no-unsafe-regex' in plugins.","cause":"Plugin not installed or wrong name in plugins array.","error":"ESLint couldn't find the plugin \"eslint-plugin-no-unsafe-regex\"."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}