Show HN: Regolith – Regex library that prevents ReDoS CVEs in TypeScript
15 days ago
- #ReDoS
- #Rust
- #TypeScript
- Regolith is a server-side TypeScript and JavaScript library designed to be immune to Regular Expression Denial of Service (ReDoS) attacks by leveraging Rust and linear Regex.
- The library aims to be a drop-in replacement for the default RegExp in TypeScript and JavaScript, requiring minimal to no changes for adoption.
- ReDoS attacks exploit inefficient Regex patterns, causing services to become unavailable due to excessive computation time.
- Unlike TypeScript and JavaScript's default RegExp, which has an exponential worst-case time complexity, Regolith guarantees linear time execution.
- Regolith excludes features like backreferences and look-around to maintain linear time execution, following the Rust Regex library's approach.
- The project is still in early development and seeks community support for building and adoption.
- Regolith is currently focused on server-side applications, as servers are common targets for ReDoS attacks.
- The library is available via npm and can be installed with `npm i @regolithjs/regolith`.
- Examples of usage include pattern matching, replacing, searching, and splitting strings with linear time complexity.
- The project includes comprehensive testing with 93 tests and supports multiple platforms.
- Future goals include expanding to client-side applications, possibly using WebAssembly (WASM).
- The library's name, Regolith, is inspired by the top layer of a planet made of dust and rock, reflecting its foundational security role.