VulnerableCode Package Details - pkg:npm/npm-user-validate@1.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/npm-user-validate@1.0.0

Essentials
History (1)

purl	pkg:npm/npm-user-validate@1.0.0

Next non-vulnerable version	1.0.1
Latest non-vulnerable version	1.0.1
Risk	1.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-khpz-njyn-5qd1 Aliases: GHSA-xgh6-85xh-479p	Regular Expression Denial of Service in npm-user-validate `npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters. ### Impact The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service. ### Patches The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit. ### Workarounds Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.	1.0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:58:55.425592+00:00	GHSA Importer	Affected by	VCID-khpz-njyn-5qd1	https://github.com/advisories/GHSA-xgh6-85xh-479p	38.0.0