Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine
Package: wnpp
Severity: wishlist
Owner: Jérémy Lal <kapouer@melix.org>
* Package name : node-re2
Version : 1.8.4
Upstream Author : Eugene Lazutkin <eugene.lazutkin@gmail.com> (http://lazutkin.com/)
* URL : http://github.com/uhop/node-re2
* License : BSD-3-Clause
Programming Lang: JavaScript
Description : Node.js bindings for RE2, a fast and safe regular expression engine
This package provides bindings to a safer alternative to the native
JavaScript regular expression engine, without supporting features
that are targets for Denial-Of-Service attacks, like backreferences
and lookahead assertions.
It is particularly of interest because Regular Expression Denial of Service
plagues v8, the JavaScript engine at the core of Node.js and Chromium:
https://snyk.io/vuln/SNYK-UPSTREAM-NODE-72328
https://bugs.chromium.org/p/v8/issues/detail?id=287
https://github.com/nodejs/node/issues/9337
Reply to: