Web lists-archives.com

Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine




Package: wnpp
Severity: wishlist
Owner: Jérémy Lal <kapouer@xxxxxxxxx>

* Package name    : node-re2
  Version         : 1.8.4
  Upstream Author : Eugene Lazutkin <eugene.lazutkin@xxxxxxxxx> (http://lazutkin.com/)
* URL             : http://github.com/uhop/node-re2
* License         : BSD-3-Clause
  Programming Lang: JavaScript
  Description     : Node.js bindings for RE2, a fast and safe regular expression engine

This package provides bindings to a safer alternative to the native
JavaScript regular expression engine, without supporting features
that are targets for Denial-Of-Service attacks, like backreferences
and lookahead assertions.

It is particularly of interest because Regular Expression Denial of Service
plagues v8, the JavaScript engine at the core of Node.js and Chromium:

https://snyk.io/vuln/SNYK-UPSTREAM-NODE-72328
https://bugs.chromium.org/p/v8/issues/detail?id=287
https://github.com/nodejs/node/issues/9337