Regular expression for matching semver versions
npm install semver-regex
import semverRegex from 'semver-regex';
semverRegex().test('v1.0.0');
//=> true
semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow');
//=> true
semverRegex().exec('unicorn 1.0.0 rainbow')[0];
//=> '1.0.0'
'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex());
//=> ['1.0.0', '2.1.3']
If you run the regex against untrusted user input, it's recommended to truncate the string to a sensible length (for example, 50). And if you use this in a server context, you should also give it a timeout.
I do not consider ReDoS a valid vulnerability for this package. It's simply not possible to make it fully ReDoS safe. It's up to the user to set a timeout for the regex if they accept untrusted user input. However, I'm happy to accept pull requests to improve the regex.
- find-versions - Find semver versions in a string
- latest-semver - Get the latest stable semver version from an array of versions
- to-semver - Get an array of valid, sorted, and cleaned semver versions from an array of strings
-
semver-diff - Get the diff type of two semver versions:
0.0.1
0.0.2
→patch
-
semver-truncate - Truncate a semver version:
1.2.3
→1.2.0