no-unsafe-regex.md

Disallow unsafe regular expressions

Uses safe-regex to disallow potentially catastrophic exponential-time regular expressions.

Fail

const regex = /^(a?){25}(a){25}$/;
const regex = RegExp(Array(27).join('a?') + Array(27).join('a'));
const regex = /(x+x+)+y/;
const regex = /foo|(x+x+)+y/;
const regex = /(a+){10}y/;
const regex = /(a+){2}y/;
const regex = /(.*){1,32000}[bc]/;

Pass

const regex = /\bOakland\b/;
const regex = /\b(Oakland|San Francisco)\b/i;
const regex = /^\d+1337\d+$/i;
const regex = /^\d+(1337|404)\d+$/i;
const regex = /^\d+(1337|404)*\d+$/i;
const regex = RegExp(Array(26).join('a?') + Array(26).join('a'));