James C. (Jamie) Davis
James C. (Jamie) Davis
See examples in this [substack/safe-regex issue](https://github.com/substack/safe-regex/issues/12).
That way there's backwards compatibility, though we still want to release as v2 because it will flag a bunch of regexes.
When invoked with no args, gzemnid will now print a usage message.
This is a proposal, not a bug report. As such it's a bit unfocused, mostly brainstorming. - Filter the `package.json`s from `meta/` - Filter the `.tgz`s from `current/`, optionally based...
Hi all, I'm a systems/security researcher at Virginia Tech and have been studying the incidence of vulnerable regexes in the wild. This plugin's [unsafe regex detector](https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-unsafe-regex.js) relies on [safe-regex](https://github.com/substack/safe-regex), which...
When the detector prints SKIPPED, it would be nice if it printed enough information for users to see *why* it skipped.
On the regex `/.+@.+\..+/`, Weideman suggests: ``` "evilInput":{"ida":{"pumpPairs":[{"pump":"@a","prefix":"a"},{"prefix":"a","pump":".a"}],"suffix":"a" ``` This is a poor recommendation. The input `@@@@@@@....@a` is far more effective.