Node.js?

[jedwards1211]

I saw in your fork of safe-regex that you recommend this project instead. But is it designed to work on Node regular expressions? And in any case, maybe we should make a Node.js version to use with tools like ESLint?

[lirantal]

Yes, JavaScript regular expressions are supported too.

[jedwards1211]

I see, how much does the file scanning support JS? I don't see anything in the readme about how it would scan JS files for regexes or what the limitations would be on dynamically constructed regexes like new RegExp(foo + bar) where foo and bar are just constants initialized to string literals

[davisjam]

Regex extraction and regex analysis are separate problems.

Regex extraction

The extraction relies on simple static analysis. It only finds regexes declared /like this/ or as constant strings in the constructor, like new Regexp("foo"). See section 5.A."Extraction through static analysis" of this paper.

PRs to improve the static extraction are welcome. I'm not sure if the static analysis framework I used for JS handles dataflow analysis.

Regex analysis

The super-linear regex detection ensemble exposed by this project is much more powerful than safe-regex's heuristic.