Meta tweaks

sindresorhus · Jun 5, 2022 · 4bb055f · 4bb055f
1 parent e93d9c8
commit 4bb055f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -33,7 +33,7 @@
 		"semantic"
 	],
 	"devDependencies": {
-		"ava": "^4.2.0",
+		"ava": "^4.3.0",
 		"tsd": "^0.20.0",
 		"xo": "^0.49.0",
 		"semver": "^7.3.7"

diff --git a/readme.md b/readme.md
@@ -4,8 +4,8 @@
 
 ## Install
 
-```
-$ npm install semver-regex
+```sh
+npm install semver-regex
 ```
 
 ## Usage
@@ -26,7 +26,9 @@ semverRegex().exec('unicorn 1.0.0 rainbow')[0];
 //=> ['1.0.0', '2.1.3']
 ```
 
-**Note:** For versions coming from user-input, you are recommended to truncate the string to a sensible length to prevent abuse. For example, 100 length.
+## Important
+
+If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 100). And if you use this in a server context, you should also [give it a timeout](https://github.com/sindresorhus/super-regex).
 
 ## Related
 

diff --git a/test.js b/test.js
@@ -192,28 +192,33 @@ test('invalid version does not cause catatrophic backtracking', t => {
 	for (let index = 1; index <= 100; index++) {
 		const start = Date.now();
 		const shuffle = array => array.sort(() => Math.random() - 0.5);
+
 		// Adapted from https://gist.github.com/6174/6062387
-		const rndstr = (() => {
+		const randomString = (() => {
 			const gen = (min, max) => max++ && Array.from({length: max - min}).map((s, i) => String.fromCodePoint(min + i));
+
 			const sets = {
 				num: gen(48, 57),
 				alphaLower: gen(97, 122),
 				alphaUpper: gen(65, 90),
 				special: [...'~!@#$%^&*()_+-=[]{}|;:\'",./<>?'],
 			};
+
 			function * iter(length, set) {
 				if (set.length === 0) {
 					set = Object.values(sets).flat();
 				}
 
-				for (let i = 0; i < length; i++) {
+				for (let index = 0; index < length; index++) {
 					yield set[Math.trunc(Math.random() * set.length)];
 				}
 			}
 
 			return Object.assign(((length, ...set) => [...iter(length, set.flat())].join('')), sets);
 		})();
-		const fuzz = Array.from({length: 100}).map(() => rndstr(100 * Math.random(), rndstr.alphaUpper, rndstr.special, rndstr.alphaLower, rndstr.num));
+
+		const fuzz = Array.from({length: 100}).map(() => randomString(100 * Math.random(), randomString.alphaUpper, randomString.special, randomString.alphaLower, randomString.num));
+
 		const fixture = shuffle(Array.from({length: index}).map(() => [validStrings, invalidStrings, fuzz]).flat(2)).join(' ');
 
 		semverRegex().test(fixture);