Change Request: adopt `eslint-plugin-regexp`

[ericcornelissen]

ESLint version

v9.29.0

What problem do you want to solve?

ESLint is widely used in many different context, input (files) are extremely varied and in some contexts only semi-trusted (e.g. SaaS vendors in the software quality space running it). One challenge with handling this variety is writing robust regular expression - especially ones that avoid superlinear runtimes.

What do you think is the correct solution?

Use eslint-plugin-regexp to lint regular expressions in official ESLint projects to avoid problematic regular expressions. My primary recommendation is to follow this guide to help avoid regular expressions with superlinear runtimes. However, other rules, especially possible errors, may be of interest too.

While these rules can't catch all regular expressions with superlinear runtimes, it's pretty good at not flagging false positives (with the exception of cases where the input is somehow "sanitized" before it reaches the regular expression).

Participation

• I am willing to submit a pull request for this change.

Additional comments

This has been discussed before in GHSA-xffm-g5w8-qvg7

You may also want to take a look at eslint/rewrite#240 and eslint/markdown#463

[mdjermanovic]

I'm in favor of using eslint-plugin-regexp to lint regular expressions in ESLint projects 👍

@eslint/eslint-team thoughts?

[JoshuaKGoldberg]

+1 from me.

[lumirlumir]

+1 from me too 😄

(Maybe it would be nice to share the same configuration across repositories?)

[Pixel998]

+1 from me too and I would like to work on this if accepted.

[snitin315]

Marking as accepted.

[fasttime]

Sorry for the late reply, I'm also in favor of this change. I think the easiest way to use eslint-plugin-regexp across ESLint repos is extending eslint-config-eslint's base config with a new config as it's done for other plugins:

eslint/packages/eslint-config-eslint/base.js

Lines 297 to 312 in 7bc6c71

	/**
	* @type {import("eslint").Linter.Config[]}
	*/
	module.exports = [
	{
	name: "eslint-config-eslint/base",
	linterOptions: {
	reportUnusedDisableDirectives: "error",
	reportUnusedInlineConfigs: "error",
	},
	},
	...jsConfigs,
	...unicornConfigs,
	...jsdocConfigs,
	...eslintCommentsConfigs,
	];

Assigning to @Pixel998 as desired.