All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Regolith: A ReDoS-Immune TypeScript/JavaScript Regex Library Using Rust for Linear Time Complexity

By

roggenbuck

9mo ago· 13 min readenCode
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypenewsSentimentpositive

Summary

Regolith is a server-side TypeScript and JavaScript library designed to prevent Regular Expression Denial of Service (ReDoS) attacks by using Rust and linear regular expressions under the hood. It serves as a drop-in replacement for standard RegExp with linear worst-case time complexity instead of exponential, making it immune to ReDoS vulnerabilities while requiring minimal code changes.

Key quotes

· 4 pulled
A server-side TypeScript and JavaScript library immune to Regular Expression Denial of Service (ReDoS) attacks by using Rust and linear RegEx under the hood
Regolith has a linear worst case time complexity, compared to the default RegExp found in TypeScript and JavaScript, which has an exponential worst case
I wanted a Regex library for TypeScript and JavaScript where I didn't have to worry about ReDoS attacks
Regolith attempts to be a drop-in replacement for RegExp and requires minimal (to no) changes to be used instead
Snippet from the RSS feed
A server-side TypeScript and JavaScript library immune to Regular Expression Denial of Service (ReDoS) attacks by using Rust and linear RegEx under the hood. Regolith has a linear worst case time c...

You might also wanna read

Rust Programming Language Faces Inevitable Supply Chain Security Threats

The article warns about inevitable supply chain attacks targeting the Rust programming language ecosystem, predicting that malicious actors

kerkour.com·1mo ago

Astral's Security Practices for Open Source Developer Tools

Astral, a company that builds developer tools, shares its security practices in response to growing concerns about supply chain attacks. The

astral.sh·1mo ago

Real-Time Investigation of LiteLLM 1.82.8 PyPI Supply Chain Attack on March 24, 2026

This article documents a real-time investigation and response to the LiteLLM 1.82.8 supply chain attack on March 24, 2026. It presents a min

futuresearch.ai·2mo ago

NanoClaw Adopts OneCLI Agent Vault for Enhanced Security and Credential Management

NanoClaw is adopting OneCLI's Agent Vault as its default credential and proxying layer, replacing its previous credential proxy system. The

nanoclaw.dev·2mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

socket.dev·2mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·2mo ago