EPSS
Percentile
43.0%
timespan is vulnerable to regular expression denial of service (ReDoS) attacks. The library does not restrict the type of characters in a timestamp before parsing it, allowing a malicious user to pass a timestamp to cause a ReDoS.
github.com/indexzero/TimeSpan.js/blob/master/lib/time-span.js#L168
github.com/indexzero/TimeSpan.js/issues/10
nodesecurity.io/advisories/533