Suggestion: Detect regexes vulnerable to catastrophic backtracking

[davisjam]

It doesn't look like your scanner checks for regexes vulnerable to catastrophic backtracking (-> REDOS).

To do that you could use some tools I built here. The underlying detectors incur dependencies (2 rely on Java, one relies on OCaml).

If dependencies are a problem, I am hosting a server that answers queries, see docs and code here. This requires shipping regexes to my server though.

[KevinHock]

This is interesting 👍 Thanks for the idea