Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine
From: Jérémy Lal <kapouer@melix.org>
Date: Wed, 24 Apr 2019 12:42:37 +0200
Message-id: <[🔎] 155610255783.12284.1814461619982325572.reportbug@localhost.localdomain>
Reply-to: Jérémy Lal <kapouer@melix.org>, 927866@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal <kapouer@melix.org>

* Package name    : node-re2
  Version         : 1.8.4
  Upstream Author : Eugene Lazutkin <eugene.lazutkin@gmail.com> (http://lazutkin.com/)
* URL             : http://github.com/uhop/node-re2
* License         : BSD-3-Clause
  Programming Lang: JavaScript
  Description     : Node.js bindings for RE2, a fast and safe regular expression engine

This package provides bindings to a safer alternative to the native
JavaScript regular expression engine, without supporting features
that are targets for Denial-Of-Service attacks, like backreferences
and lookahead assertions.

It is particularly of interest because Regular Expression Denial of Service
plagues v8, the JavaScript engine at the core of Node.js and Chromium:

https://snyk.io/vuln/SNYK-UPSTREAM-NODE-72328
https://bugs.chromium.org/p/v8/issues/detail?id=287
https://github.com/nodejs/node/issues/9337

Reply to:

Prev by Date: Re: Hurd-i386 and kfreebsd-{i386,amd64} removal
Next by Date: Re: Bug#927725: Please build with --enable-mmdblookup
Previous by thread: Re: debhelper and friends for LTS
Next by thread: Bug#927869: ITP: python-webvtt -- Read, write and segment WebVTT caption files
Index(es):
- Date
- Thread