Add option to not use `re2` even if it's in the dependency tree
sindresorhus opened this issue · comments
Describe the feature
I want to use this package, but I never want to use the re2
package. However, the re2
package may be in node_modules
even if I don't depend on it. So whether it's used, is out of my control.
I have my own way of ensuring safety, and re2
is problematic, as the regex it returns is not a proper RegExp instance.
It would be useful with an option to force using normal RegExp
.
Checklist
- I have searched through GitHub issues for similar issues.
- I have completely read through the README and documentation.
Will fix today, thanks for the suggestion
Hi @sindresorhus - apologies for the delay. We decided to do this in a way that wouldn't even require
the package re2
if the user supplied the option re2: false
, as opposed to doing an approach like this at top level root scope:
const SafeRegExp = (() => {
try {
const RE2 = require('re2');
return typeof RE2 === 'function' ? RE2 : RegExp;
} catch {
return RegExp;
}
})();
Now instead this logic is conditionally loaded inside invocation, and if users want re2 and it's already loaded, it won't re-require it twice. This should be a much more performant solution (in terms of saving memory as well and not loading an extra library that you don't want in the first place, e.g. as you mentioned if it's already in node_modules but you don't want to use it).
We are wrapping up this implementation now and will publish a version shortly and ping you back!
v4.0.0 released with this, thank you @sindresorhus – simply pass re2: false
release notes @ https://github.com/spamscanner/url-regex-safe/releases/tag/v4.0.0
note: this version now requires node v14+