ESLint Plugin No Unsafe Regex
raw JSON → 1.0.0 verified Sat Apr 25 auth: no javascript
ESLint plugin that disallows potentially unsafe regular expressions. Version 1.0.0, stable. Uses the `safe-regex` library to detect regex patterns vulnerable to ReDoS attacks, such as nested quantifiers. Integrates as an ESLint plugin with a single rule `no-unsafe-regex/no-unsafe-regex`. Differentiates from other regex linting by focusing solely on security/performance, not style. Only validates regex literals and RegExp constructor with literal arguments. Regular maintenance, no known issues.
Common errors
error Error: Cannot find module 'safe-regex' ↓
cause Missing dependency safe-regex.
fix
Run 'npm install safe-regex' or check node_modules.
error Configuration for rule "no-unsafe-regex" is invalid: Definition for rule 'no-unsafe-regex' was not found. ↓
cause Rule used without plugin prefix or plugin not registered.
fix
Use 'no-unsafe-regex/no-unsafe-regex' and add 'no-unsafe-regex' to plugins.
error ESLint couldn't find the plugin "eslint-plugin-no-unsafe-regex". ↓
cause Plugin not installed or wrong name in plugins array.
fix
Install via npm and use short name 'no-unsafe-regex' in plugins.
Warnings
gotcha The plugin only validates regex literals (e.g., /pattern/) and RegExp constructor with literal string arguments. It does not validate regex created from variables or dynamic strings. ↓
fix Ensure that unsafe patterns are not built dynamically or manually review dynamic regex.
gotcha The rule may produce false positives for complex but safe regex patterns, as the underlying safe-regex library uses a heuristic. ↓
fix If a false positive is encountered, consider disabling the rule for that specific line using an ESLint comment.
deprecated This plugin has not been updated since 2015 and may not be compatible with newer ESLint versions. ↓
fix Consider using eslint-plugin-security instead which also covers unsafe regex.
Install
npm install eslint-plugin-no-unsafe-regex yarn add eslint-plugin-no-unsafe-regex pnpm add eslint-plugin-no-unsafe-regex Imports
- plugin
const plugin = require('eslint-plugin-no-unsafe-regex'); - no-unsafe-regex rule wrong
rules: { 'no-unsafe-regex': 'error' }correct// in .eslintrc: { rules: { 'no-unsafe-regex/no-unsafe-regex': 'error' } } - Plugin reference wrong
plugins: ['eslint-plugin-no-unsafe-regex']correct// in .eslintrc: { plugins: ['no-unsafe-regex'] }
Quickstart
module.exports = {
plugins: ['no-unsafe-regex'],
rules: {
'no-unsafe-regex/no-unsafe-regex': 'error'
}
};