npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ericcornelissen/lregexp

v1.0.8

Published

Transparent linear-time (non-backtracking) regular expressions for libraries

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ericcornelissenericcornelissen

Keywords

regexpregexlinearflag

Readme

lRegExp

Transparent linear-time (non-backtracking) regular expressions for libraries.

Usage

This library exports a drop-in replacement for the built-in RegExp (caveats apply).

  1. Install

    npm install @ericcornelissen/lregexp

  2. Import

    import RegExp from "@ericcornelissen/lregexp";

  3. Use

    new RegExp("[linear]{6}");

Runtimes

This library is compatible with Node.js, Deno, Bun, and major browsers. It only takes effect in V8-based runtimes (Node.js, Deno, Chromium-based browsers) when the experiment linear-time engine is enabled. Otherwise it falls back to the default RegExp constructor.

Why

Backtracking regular expressions can take exponential time to evaluate, leading to the dreaded ReDoS vulnerability. Linear-time regular expressions avoid this by not backtracking.

In Node.js, linear-time regular expressions can be created using the l flag provided the --enable-experimental-regexp-engine CLI option is used. This makes it difficult for library authors to tap into. Using this package, a library can use the RegExp constructor as usual and benefit from the linear time regular expression engine when its users enable it. If they don't, it gracefully falls back to the default constructor.

Caveats

Not all valid JavaScript regular expressions are supported when using the --enable-experimental-regexp-engine CLI option. This library won't tell you if your regular expressions are incompatible, unless you run it with that CLI option. If a regular expression is incompatible the constructor will throw a SyntaxError.

To support users of this package in writing compatible regular expressions we're interested in:

  • an ESLint plugin to lint regular expressions and raise warnings for the use of regex features not supported by the non-backtracing engine; (#4)
  • a tool (CLI/web) to check a given regular expression for compatibility with the non-backtracing engine. (#21)

How

If --enable-experimental-regexp-engine is used, the RegExp constructor from this package automatically adds the l flag to all regular expressions it constructs. If not, the RegExp constructor behavior is unchanged.

Example

A classic example of a ReDoS-vulnerable regular expression is (a*)*b. Using this with vanilla Node.js on a pathological input string takes some time, test it for yourself with (add an a and the runtime doubles):

node -e '/(a*)*b/.test("aaaaaaaaaaaaaaaaaaaaaaaaac")'

When the non-backtracking regular expression engine is enabled, the expression evaluates instantly:

node -e '/(a*)*b/l.test("aaaaaaaaaaaaaaaaaaaaaaaaac")' --enable-experimental-regexp-engine