fix: consistent and likely safer regex escaping

[ghostdevv]

Replaces random regex escaping with @li/regexp-escape-polyfill, a spec-compliant polyfill for RegExp.escape(). I searched for every RegExp call, and replaced the ones that needed them. Most didn't use any dynamic strings, but the couple that did are updated here or didn't need it

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Apr 5, 2026 3:54am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Apr 5, 2026 3:54am
npmx-lunaria	Ignored		Apr 5, 2026 3:54am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a TypeScript global augmentation declaring RegExp.escape(str: string) in global.d.ts and includes that file in Nuxt TypeScript config. Replaces direct interpolation into regexes with RegExp.escape(...) in useMarkdown.ts, useStructuredFilters.ts and shared/utils/emoji.ts. Also adds global.d.ts to knip's ignore list. No runtime logic changes beyond using escaped strings when building regular expressions.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description accurately describes the changeset, explaining the migration to RegExp.escape() polyfill and documenting the scope of changes across the codebase.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch gd/regex-escape

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[danielroe]

I'm not sure that the benefit is worth the cost in terms of browser compatibility.

wdyt @ghostdevv?

[ghostdevv]

I'm not sure that the benefit is worth the cost in terms of browser compatibility.

yeaaa maybe, perhaps there is a minimal ponyfill that achieves the same result 🤔 (because we need something for this, and I'd like to avoid having multiple fns for it over the codebase)

[ghostdevv]

some initial findings, need to step away for a bit so will take another look later

• https://jsr.io/@li/regexp-escape-polyfill
• https://github.com/zloirock/core-js/blob/master/packages/core-js/modules/es.regexp.escape.js

[wojtekmaj]

I'm not sure that the benefit is worth the cost in terms of browser compatibility.

wdyt @ghostdevv?

On the other hand, I don't think a large percentage of npmx audience is using IE or is 11 Chrome versions behind.

[danielroe]

regexp.escape won't work on iOS 17 devices. I agree we need a canonical single escape function but it's a tiny one-liner, for our purposes. (https://github.com/lionel-rowe/regexp-escape-polyfill (linked by @ghostdevv above) is just 498 B)

[ghostdevv]

updated to use @li/regexp-escape-polyfill

[ghostdevv]

For some reason the vercel preview is crashing when you access a package page directly 🤔 it doesn't happen in dev or local preview

[43081j]

i caught up from main, and the preview seems to work now too FYI