$ gnpm install semver-regex
Regular expression for matching semver versions
npm install semver-regex
import semverRegex from 'semver-regex';
semverRegex().test('v1.0.0');
//=> true
semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow');
//=> true
semverRegex().exec('unicorn 1.0.0 rainbow')[0];
//=> '1.0.0'
'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex());
//=> ['1.0.0', '2.1.3']
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also give it a timeout.
I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input. However, I'm happy to accept pull requests to improve the regex.
0.0.1
0.0.2
→ patch
1.2.3
→ 1.2.0
Copyright 2013 - present © cnpmjs.org | Home |