Beware the 4 Evil Regex Patterns That Can Crash Your Node.js App
The article highlights four dangerous regular expression patterns that can cause severe performance degradation in Node.js, turning millisecond operations into minutes, potentially leading to timeouts, event‑loop blocking, and broader security risks, and points to additional encoding and cookie safety recommendations.
NodeSource blog posted nine security tips, one of which warns about four “evil” regular expressions that can cause catastrophic performance issues in Node.js applications.
Evil regex patterns
Grouping with repetition
Inside the repeated group
Repetition
Alternation with overlapping
Problematic examples
(a+)+
(a-zA-Z+)* - (a|aa)+
(a|a?)+
(.*a)x | for x > 10
When these patterns are used to match strings such as aaaaaaaaaaaaaaaaaaaaaaaa!, the engine may exhibit extreme slowdown, turning operations that should take milliseconds into minutes, potentially causing timeouts or blocking the Node.js event loop.
Additional recommendations in the original article cover HTML/CSS/JS encoding and cookie security; see the original post for more details.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Node Underground
No language is immortal—Node.js isn’t either—but thoughtful reflection is priceless. This underground community for Node.js enthusiasts was started by Taobao’s Front‑End Team (FED) to share our original insights and viewpoints from working with Node.js. Follow us. BTW, we’re hiring.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.