GHSA-xgh6-85xh-479p
Regular Expression Denial of Service in npm-user-validate
Details
`npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.
### Impact The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service.
### Patches The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit.
### Workarounds Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.
Are you affected?
Enter the version of the package you're using.