pillarjs
diff --git a/‎Readme.md
+4-3 b/‎Readme.md
+4-3
diff --git a/‎package-lock.json
+109-7 b/‎package-lock.json
+109-7
diff --git a/‎package.json
+2-1 b/‎package.json
+2-1
diff --git a/‎scripts/redos.ts
+36 b/‎scripts/redos.ts
+36
@@ -32,12 +32,12 @@ The `pathToRegexp` function returns a regular expression with `keys` as a proper
 - **path** A string.
 - **options** _(optional)_
   - **sensitive** Regexp will be case sensitive. (default: `false`)
-  - **trailing** Regexp allows an optional trailing delimiter to match. (default: `true`)
+  - **trailing** Allows optional trailing delimiter to match. (default: `true`)
   - **end** Match to the end of the string. (default: `true`)
   - **start** Match from the beginning of the string. (default: `true`)
-  - **loose** Allow the delimiter to be repeated an arbitrary number of times. (default: `true`)
+  - **loose** Allow the delimiter to be arbitrarily repeated, e.g. `/` or `///`. (default: `true`)
   - **delimiter** The default delimiter for segments, e.g. `[^/]` for `:named` parameters. (default: `'/'`)
-  - **encodePath** A function to encode strings before inserting into `RegExp`. (default: `x => x`, recommended: [`encodeurl`](https://github.com/pillarjs/encodeurl))
+  - **encodePath** A function for encoding input strings. (default: `x => x`, recommended: [`encodeurl`](https://github.com/pillarjs/encodeurl) for unicode encoding)
 
 ```js
 const regexp = pathToRegexp("/foo/:bar");
@@ -247,6 +247,7 @@ toPathRegexp({ id: "123" }); //=> "/user/123"
 - If you are rewriting paths with match and compiler, consider using `encode: false` and `decode: false` to keep raw paths passed around.
 - To ensure matches work on paths containing characters usually encoded, consider using [encodeurl](https://github.com/pillarjs/encodeurl) for `encodePath`.
 - If matches are intended to be exact, you need to set `loose: false`, `trailing: false`, and `sensitive: true`.
+- Enable `strict: true` to detect ReDOS issues.
 
 ### Parse
 
 
@@ -34,8 +34,9 @@
     "@types/node": "^20.4.9",
     "@types/semver": "^7.3.1",
     "@vitest/coverage-v8": "^1.4.0",
+    "recheck": "^4.4.5",
     "size-limit": "^11.1.2",
-    "typescript": "^5.1.6"
+    "typescript": "^5.5.3"
   },
   "engines": {
     "node": ">=16"
 
@@ -0,0 +1,36 @@
+import { checkSync } from "recheck";
+import { pathToRegexp } from "../src/index.js";
+
+const TESTS = [
+  "/abc{abc:foo}?",
+  "/:foo{abc:foo}?",
+  "{:attr1}?{:attr2/}?",
+  "{:attr1/}?{:attr2/}?",
+  "{:foo.}?{:bar.}?",
+  "{:foo([^\\.]+).}?{:bar.}?",
+  ":foo(a+):bar(b+)",
+];
+
+for (const path of TESTS) {
+  try {
+    const re = pathToRegexp(path, { strict: true });
+    const result = checkSync(re.source, re.flags);
+    if (result.status === "safe") {
+      console.log("Safe:", path, String(re));
+    } else {
+      console.log("Fail:", path, String(re));
+    }
+  } catch (err) {
+    try {
+      const re = pathToRegexp(path);
+      const result = checkSync(re.source, re.flags);
+      if (result.status === "safe") {
+        console.log("Invalid:", path, String(re));
+      } else {
+        console.log("Pass:", path, String(re));
+      }
+    } catch (err) {
+      console.log("Error:", path, err.message);
+    }
+  }
+}