EPSS
Percentile
44.0%
string.js is vulnerable to regular expression denial of service (ReDoS) attacks. The library does not restrict the type of characters that get parsed, allowing a malicious user to pass a string to cause a ReDoS.
github.com/jprichardson/string.js/blob/master/lib/string.js#L618
github.com/jprichardson/string.js/issues/212
nodesecurity.io/advisories/536