search

davisjam / vuln-regex-detector

Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
MIT License
320 stars 29 forks source link

breakage on falsey regexes #6

Closed davisjam closed 6 years ago

davisjam commented 6 years ago

I scanned the npm project

$ cat /tmp/npm.json 
{"url":"git@github.com:npm/npm.git"}
$ ./check-repo.pl /tmp/npm.json

and it broke on the regex /0/.

davisjam commented 6 years ago

Fixed in #7