In non-Unicode mode, the regex /\c/ is equivalent to /\\c/. The \ in /\c/ is a literal backslash. It would probably be good to have a rule that detects this rather strange behavior.

New users may use /[A-f]/, to match [A-Za-f] or [A-Fa-F], but it's neither, there are other strings in this range, they just don't know.

/[A-f]/.test('[')
true

Fail

/[A-z]/

Any range include Z-a

Pass

/[A-Za-z]/

See #188 comments.

If a pattern can be simplified by adding the i flag (e.g. /[a-fA-F]/ -> /[a-f]/i), it might be a good idea to suggest that to the user.

The conditions for this rule to add the i flag (and subsequently simplify the pattern) are:

1. The i flag isn't present.
2. All characters, character classes, and character sets match the same character(s) regardless of the i flag (aka. the flag doesn't change the meaning of the pattern.)
3. There is at least one character class that can be simplified because of the added i flag. E.g. a character range can be removed, or a character class can be replaced by a character or character set, or similar.

The list of supported rules is getting long (56 rules) and will only get longer in the future.

I think we should categorize our rules so our users can quickly find rules with somewhat similar functionality.

For now, I think the categories "Possible Errors", "Best Practices", and "Stylistic Issues" (taken from the ESLint website) might be a good fit.

@ota-meshi What do you think about this?

Maybe we could provide a suggestion to replace an octal escape with a hexadecimal escape (e.g. \04 -> \x04)?

We can't apply fixes automatically for this rule but we can suggest a fix the user can apply themself.

I noticed we use typeTracer.isString to make sure .split is used on string, but it can't get the type in many cases, can we just assume all .split calls are safe to report? Or at least under an option.

Example:

/[^\s\S]/

The worst thing about this bug is that the rule is auto-fixable.

We track variables with some rules to determine how to use regular expressions, but we have to decide that variables declared by the exported directive will be used externally and handle them as unclear.

https://eslint.org/docs/rules/no-unused-vars#exported

#224 (comment)

Some regexes contain (potentially long) lists of words. E.g. almost every language over at Prism has at least one regex like this.

For many of those lists, the order of alternatives doesn't matter. I.e. most word lists in Prism are surrounded with \bs. In this case, we are free to reorder (=sort) the alternatives.

Sorting these lists is beneficial because it makes it easier for humans to find words. This makes it easier to maintain the regexes containing these lists.

Another additional advantage is that compression algorithms (e.g. gzip) are typically able to better compress sorted lists. I tested this with a few examples and sorted lists were around 10% smaller when compressed with gzip.

This rule is basically order-in-character-class but for groups.

I think we have almost done all the work needed to release v1.0.0 🎉

@RunDevelopment
I think the next release could be v1.0.0, what do you think?

Milestone v1.0

See the following example:

var re1 = /\p{Ll}/iu;

This report is incorrect as \p{Ll} matches all lower-case letters. The i flag is very much necessary.

Let's insert ?:?

Hello, no-dupe-characters-character-class rule seems to crash in certain cases. This issue was spotted by automated CI run - it is not blocking my development or anything. https://github.com/AriPerkkio/eslint-remote-tester/actions/runs/795820693

"eslint-plugin-regexp": "^0.9.0",

{
  "root": true,
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": 2020,
    "sourceType": "module",
    "ecmaFeatures": {
      "jsx": true
    }
  },
  "plugins": ["regexp"],
  "rules": {
    "regexp/no-dupe-characters-character-class": "error"
  }
}

Minimal repro:

new RegExp(`[^\\w\\s\u00C0-\u00F6\u00F8-\u017E]`, "gi");

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:1
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)

  70 |                     type: validatorTypes.PATTERN,
  71 |                     message: 'Invalid email address',
> 72 |                     pattern: /^(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/i,
  73 |                 },
  74 |             ],
  75 |         },

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:72
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)
    at reportIntersect (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:89:47)
    at onCharacterClassEnter (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:177:37)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:105:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)

> 1 | const JOB_NAME_MAX_LENGTH = 100;
  2 | const JOB_DESCRIPTION_MAX_LENGTH = 300;
  3 | const STREAMS_JOB_NAME_MAX_LENGTH = 1024;
  4 | const STREAMS_JOB_NAME_REGEX = new RegExp(

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:1
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)
    at reportIntersect (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:89:47)
    at onCharacterClassEnter (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:177:37)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:105:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)

  1 | /*! For license information please see component---src-pages-index-js-1209acb7120be946afae.js.LICENSE.txt */
> 2 | (window.webpackJsonp=window.webpackJsonp||[]).push([[3],{"++L3":function(e,t,n){"...
  3 | //# sourceMappingURL=component---src-pages-index-js-1209acb7120be946afae.js.map

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:2
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)
    at reportIntersect (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:89:47)
    at onCharacterClassEnter (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:177:37)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:105:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)

  1 | /*! For license information please see component---src-pages-index-js-1d4c46f63ded03d7f5e1.js.LICENSE.txt */
> 2 | (window.webpackJsonp=window.webpackJsonp||[]).push([[3],{"++L3":function(e,t,n){"use strict";...
  3 | //# sourceMappingURL=component---src-pages-index-js-1d4c46f63ded03d7f5e1.js.map

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:2
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)
    at reportIntersect (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:89:47)
    at onCharacterClassEnter (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:177:37)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:105:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)

  1 | /*! For license information please see component---src-pages-index-js-fda99f169ba46368955c.js.LICENSE.txt */
> 2 | (window.webpackJsonp=window.webpackJsonp||[]).push([[3],{"++L3":function(e,t,n){"use strict";var a=n("VOTz"),r=n(...
  3 | //# sourceMappingURL=component---src-pages-index-js-fda99f169ba46368955c.js.map

Error: Incompatible flags: The i flag is forbidden to create a literal but required by the options.
Occurred while linting <text>:2
    at fl (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:715985)
    at Object.toLiteral (/home/<removed>/eslint-remote-tester/ci/node_modules/refa/index.js:1:733343)
    at Object.toCharSetSource (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:487:22)
    at reportIntersect (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:89:47)
    at onCharacterClassEnter (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/rules/no-dupe-characters-character-class.js:177:37)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:105:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)
    at handler.<computed> (/home/<removed>/eslint-remote-tester/ci/node_modules/eslint-plugin-regexp/dist/utils/index.js:104:25)

I noticed that regex expressions are quoted inconsistently. Sometime single quotes are used and sometimes double quotes are used. We should use one quoting style consistently instead.

(This rule even uses backticks but not for regexes.)

Which quoting style do we want? Single, double, or backticks?

I plan to release the minor version about once every two weeks.
However, this plugin repository has already incorporated many changes since v0.8.0. v0.8.0...master
So it hasn't been long since the release of v0.8.0, but I would like to release v0.9.0.
@RunDevelopment Could you let me know if you think it's okay to release v0.9.0?

While writing tests, I found that getUsageOfPattern behaves strangely around unknown functions.

The following test cases pass.

{
    code: `foo(/[a-zA-Z]\\w*/)`,
    results: [UsageOfPattern.whole],
},
{
    code: `foo({ pattern: /[a-zA-Z]\\w*/ })`,
    results: [UsageOfPattern.unknown],
},

Both should have the same result: unknown. We do not know how foo is implemented. It might use the regex as is or it might return its source.

I was wondering whether we should rename the rule to be consistent with sort-flags and sort-alternatives. What do you think @ota-meshi?

For the character class [\xA0-\uFFFF\s] (all spaces and non-ascii), I get the following error message:

Unexpected intersection of "\xA0-\uFFFF" and "\s" was found "\u00a0".

I find it a little strange that this gets reported as an error. Is this correct?

Assuming that it is, I can just skip \xA0 easily, so let's re-run the rule on /[\xA1-\uFFFF\s]/.

No Errors.

Now that is strange. \xA1-\uFFFF and \s aren't disjoint. They both share quite a few characters. Why doesn't \u1680 get reported as well?

The tooling scripts shouldn't create files with Windows line ends. CRLF just makes everything more complex:

• We have to rely on Windows developers to have their git configured correctly to commit LF. (I luckily did)
• We have to support reading CRLF line ends. This isn't the case right now. The tooling just breaks.

Would we even accept PRs that add files with CRLF line ends?

As mentioned by @ota-meshi here:

[...] we may need another rule to convert it [\x0a] to \n.

I want to add that we could make a rule to consistently escape control characters.

We already have prefer-t which does exactly this for \t. We should probably deprecate prefer-t in favor of a more general rule that handles \t, \r, \n, and \f.

(The rule should also be aware of rules like no-obscure-range, so we don't have two rules fighting each other.)

The order of alternatives matters in JS regexp. The easiest example of this is that /a|aa/ != /aa|a/. This library even has a rule to detect this case but it will falsely automatically "fix" the regex /a(?:|a)/ to /a(?:a)?/. The problem here is that /a|aa/ == /a(?:|a)/ != /a(?:a)?/ == /a(?:a|)/ == /aa|a/.

const jsxWhitespaceChars = " \n\r\t";
const matchJsxWhitespaceRegex = new RegExp("([" + jsxWhitespaceChars + "]+)");
                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The problem is reported here

The location is miss leading, because there is no \n there.

Is it hard? I didn't read code, but I think strings are concated, lost original node info?

Another problem \n/\t/ should be escaped in message, they are invisible.

Characters that can use hexadecimal escape can use both hexadecimal escape and unicode escape.
I think it useful to have a new rule that enforces the consistent use of hexadecimal escapes.

Rule Name: regexp/hexadecimal-escape
Options:

• "always" ... Expects that the hexadecimal escape will be used whenever possible. This is default.
• "never" ... Ensures that no hexadecimal escape is used in any characters.

Here are some character classes that will be fixed incorrectly:

/[,--b]/ -> /[,-b]/
/[\c-d]/ -> /[\cd]/

These examples are very artificial but should be fixed at some point. This is a low-priority bug.

I think we should add a rule that reports cases for exponential backtracking and polynomial backtracking.

However, there are two problems standing in our way:

Performance

Detecting exponential backtracking is computationally expensive.

Static analysis methods might only take a few milliseconds per regex but this will quickly add up for a large codebase (e.g. Prism has about 2k regexes). Fuzzers will usually take about one second or more per regex and are completely impractical for our purposes.

Solutions

• Since the detection itself is deterministic, a simple cache might largely solve the performance problem.

  However, I am not aware of ESLint providing such a feature.

Detection

I am not aware of any existing detector implementation in JavaScript (time of writing: 2021-04-19).

safe-regex isn't practical. It implements a detection method that simply doesn't work. Star height has little to do with exponential runtime. I.e. (a|a)*b has a star height of 1 and the (a|a)* will cause exponential backtracking, and (ab+)*c has a star height of 2 without any form of exponential backtracking.

Solutions

• Right now, we could use my library scslre to detect at least some polynomial and exponential backtracking quickly. scslre even offers fixes for simple cases.

• There is also this method I implemented for Prism. This method is currently used in PrismJS and Highlight.JS. The upside of this method is that it is quick. It can analyze the >2.5k regexes of Prism in less than 5 seconds. The downside of this method is that there are false negatives and it cannot offer fixes. However, the positives it does find are mostly true positives.

  I should note that half of this method is already partially implemented by the no-dupe-disjunctions rule. If we find two alternatives that are not disjoint and both are children of a star quantifier, then we can reasonably assume that this will cause exponential backtracking (e.g. (a|a)*). Changing the no-dupe-disjunctions to add this information should be fairly easy.

• Given that refa recently added ENFAs (not published yet), someone could probably implement a detection method like RXXR fairly easily.

• I am currently writing my Bachelor thesis on a new static analysis method for exponential and polynomial backtracking. Part of this will be a JS library implementing my new detection method. We could also use this when it's ready (probably in 3-4 months or so).

Related:

• eslint-community/eslint-plugin-security#28
• sindresorhus/eslint-plugin-unicorn#153

Why does regexp/no-octal allow octal escapes that do not start with a 0? These octal escapes are especially harmful because they look like backreferences.

In fact, whether \2 is an octal escape or a backreference depends on the number of capturing groups in the pattern. This is a big problem because this means that adding capturing groups might change some octal escapes into backreferences. Similarly, removing capturing group might leave backreferences that are now interpreted as octal escapes.

Could you add an option to make this rule work only with obvious cases, but not with cases like those?

/[!'()~]|%20/g

Unexpected multiple adjacent characters. Use "'-)" instead

/^[\u0000-\u001F ]+|[\u0000-\u001F ]+$/g

Unexpected multiple adjacent characters. Use "\u0000- " instead

See the following example:

var re2 = /[^\P{Ll}]/iu;

Ignoring the strange suggested fix (this will be a separate issue), the report is incorrect.

/[^\P{Ll}]/iu != /\p{Ll}/iu:
The Canonicalize operation of the i flag is applied before the character class is inverted. This example, \P{Ll} means "all character that are not lower-case letters". Since\p{Ll} contains all upper-case letters, it will also contain all lower-case letters after the Canonicalize operation (not quite right but almost), so \P{Ll} matches (almost) all characters. The character class will then match (almost) no character because it is inverted. This is obviously very different from /\p{Ll}/iu which matches (almost) all letter characters.

Currently, the only configuration available is recommended (see).
The alternative the user has is to manually configure the rules he wants.

My suggestion is to offer an additional all configuration.

For reference, ESLint itself offers both recommended and all (see) configuration:

With the active development taking place for this plugin and the wide range of rules,
I believe it would be useful for the user to be able to try the all configuration on his project,
to see which more rules he would like to enable.

Avoid capture unneeded groups.

Fail

'I love unicorn! I hate unicorn?'.replace(/(?<before>love )unicorn(?<after>!)/, '$<before>🦄$<after>');

'I love unicorn! I hate unicorn?'.replace(/(love )unicorn(!)/, '$1🦄$2');

Pass

'I love unicorn! I hate unicorn?'.replace(/(?<=love )unicorn(?=!)/, '🦄');

Original posted in sindresorhus/eslint-plugin-unicorn#1113, can we implement it here?

Deprecate regexp/no-useless-exactly-quantifier rule after adding the no-zero-quantifier rule.
It rule can be replaced with no-useless-quantifier(#197) and no-zero-quantifier rules.

We have so many good features but we don't show them to people. We should change that!

Add more examples to the playground. The examples should highlight cool rules/rule combinations and show how this plugin finds real issues.

Is there an easy way to start the website locally? There doesn't seem to be a script that does it.

It's also quite difficult to just start a local server because all paths in the website itself are prefixed with "/eslint-plugin-regexp/". Removing that prefix will cause Vue to generate different absolute paths. This enables me that start the website locally but it will break the live website.

With the settings:

settings: {
	regexp: {
		// allow alphanumeric and cyrillic ranges
		allowedCharacterRanges: ['alphanumeric', 'а-я', 'А-Я']
	}
},

prefer-range will combine [а-яА-Я] into [А-я] which then gets reported by no-obscure-range as an error. Clearly, perfer-range is a little too eager.

To implement sort-alternatives, I had to implement a method to decide whether two alternatives can be reordered.

We can use this method to improve the reporting of no-dupe-disjunctions. Right now, superset alternatives are not reported by default (e.g. /\b(?:Foo|\w+)\b/). But if the alternatives can be reordered, a superset alternative can be become a subset alternative (e.g. /\b(?:Foo|\w+)\b/ == /\b(?:\w+|Foo)\b/).

If the regex is only used once on RegExp#test(), the g flag is useless.

Fail

/foo/g.test(bar);

new RegExp('foo', 'g').test(bar);

Pass

const regex = /foo/g;
regex.test(bar);

I original make this proposal here, but feel better put RegExp related rules together in this codebase.

RegExp match indices has reached stage-4.

tc39/proposals@f0adbe1
https://github.com/tc39/proposal-regexp-match-indices

The standard eslint parser still cannot parse the d flag, but this plugin should support the d flag if needed.
eslint/eslint#14640

refa package seems to have many useful utilities for regular expressions.
I think we can remove a lot of code from eslint-plugin-regexp by refactoring with it.

Change the argument of createVisitor to context only.

See #148 (comment)

We also need to consider whether we can add other helper functions. e.g. getRegexpLocation()

I found a false positive the isCoveredNodemethod produces.

  /(^|\s)[+-]?(?:\d*\.\d+|\d+\.\d*|\d+)(?:e[+-]?\d+)?(?=\s|$)/i
//               ^~~~~~~~ ^~~~~~~~
//                   ^       / 
//                    \_____/ is covered by

isCoveredNode thinks that \d+\.\d* (2nd alt) is covered by \d*\.\d+ (1st alt).

I found this bug because of a false positive the no-dupe-disjunction rule produced because of it.

The String.prototype.match function allows non-RegExp arguments which isn't accounted for. This causes incorrect auto fixes.

For more information, see sindresorhus/eslint-plugin-unicorn#1150.

Backreferences to named groups should probably refer to the group by name and not by number.

// valid
- /(a)\1/u
- /(?<foo>a)\k<foo>/u

// invalid
- /(?<foo>a)\1/u
//          ^~

The rule should be auto-fixable.

I just learned that RegExp.prototype [ @@split ] automatically adds a y flag to the regexp. As noted:

The @@split method ignores the value of the "global" and "sticky" properties of this RegExp object.

This means that "str".split(/re/) and "str".split(/re/gy) are equivalent. The no-useless-flag rule current does report the g flag but not the y flag.

Discussion here.

This is because of a condition I added to all aa?. I forgot to consider a?a.

This might not look like a problem but it's just really strange when you see it happen in practice:

The 'g' flag is unnecessary because not using global testing.

The current error message doesn't really say anything. A better error message would be: "The 'g' flag is unnecessary because String.prototype.split ignores the 'g' flag." or something like that.

Same problem for other string methods and flags.

Also, now that I got the error message: What's "global testing" @ota-meshi?

I wound how we could fix this.

The current implementation seems to mark flags as used. Maybe we could keep a list of everything that uses the regex? If we know that the regex is used by exactly one method and that method doesn't use a flag, we can give a more specific error message. Would that work?

Check each rule that eslint-plugin-clean-regex has, add the missing rule, and if eslint-plugin-regexp already has a similar rule, check for missing validation is needed.
Also, if we keep a note of the rule correspondence, it may be a document when creating a migration tool.

If we want to discuss one rule, we can also open a new issue.

Problems

• clean-regex/confusing-quantifier ... Warn about confusing quantifiers.
  • #93 Add new rule regexp/confusing-quantifier.
• clean-regex/disjoint-alternatives ... Disallow different alternatives that can match the same words.
  • Handled by #179.
• clean-regex/no-empty-alternative ... Disallow alternatives without elements.
  • #95 Add new rule regexp/no-empty-alternative.
• clean-regex/no-empty-backreference ... Disallow backreferences that will always be replaced with the empty string.
  • #111 makes no-useless-backreference functionally equivalent to clean-regex/no-empty-backreference.
• clean-regex/no-empty-lookaround ... Disallow lookarounds that can match the empty string.
  • Similar to regexp/no-empty-lookarounds-assertion, but it doesn't catch potential empty assertions. regexp/no-empty-lookarounds-assertion needs to be changed. (#113)
• clean-regex/no-lazy-ends ... Disallow lazy quantifiers at the end of an expression.
  • #96 Add new rule regexp/no-lazy-ends.
• clean-regex/no-obscure-range ... Disallow obscure ranges in character classes.
  • #122 adds this rule.
• clean-regex/no-octal-escape ... Disallow octal escapes outside of character classes.
  • Similar to regexp/no-octal, but with some differences. We probably need to add options.
  • #108 makes regexp/no-octal even stricter than clean-regex/no-octal-escape.
• clean-regex/no-optional-assertion ... Disallow optional assertions.
  • #135 Add new rule regexp/no-optional-assertion.
• clean-regex/no-potentially-empty-backreference ... Disallow backreferences that reference a group that might not be matched.
  • #136 Add new rule regexp/no-potentially-useless-backreference.
• clean-regex/no-unnecessary-assertions ... Disallow assertions that are known to always accept (or reject).
  • #137 Add new rule regexp/no-useless-assertions.
• clean-regex/no-zero-quantifier ... Disallow quantifiers with a maximum of 0.
  • Can check with the regexp/no-useless-exactly-quantifier rule.
  • #199 & #200
• clean-regex/optimal-lookaround-quantifier ... Disallows the alternatives of lookarounds that end with a non-constant quantifier.
  • #97 Add new rule regexp/optimal-lookaround-quantifier.

Suggestions

• clean-regex/consistent-match-all-characters ... Use one character class consistently whenever all characters have to be matched.
  • #103 handles some of it but we still need to add some options.
• clean-regex/identity-escape ... How to handle identity escapes.
  • #220 regexp/strict rule instead
• clean-regex/no-constant-capturing-group ... Disallow capturing groups that can match only one word.
  • #188 brings over half of the rule.
• clean-regex/no-trivially-nested-lookaround ... Disallow lookarounds that only contain another assertion.
  • #120 adds this rule.
• clean-regex/no-trivially-nested-quantifier ... Disallow nested quantifiers that can be rewritten as one quantifier.
  • #146 adds this rule.
• clean-regex/no-unnecessary-character-class ... Disallow unnecessary character classes.
  • Already fully covered by regexp/no-useless-character-class.
• clean-regex/no-unnecessary-flag ... Disallow unnecessary regex flags.
  • #139 Add new rule regexp/no-useless-flag.
• clean-regex/no-unnecessary-group ... Disallow unnecessary non-capturing groups.
  • #154 adds most of the functionality of clean-regex/no-unnecessary-group but it doesn't handle empty groups.
• clean-regex/no-unnecessary-lazy ... Disallow unnecessarily lazy quantifiers.
  • #143
• clean-regex/no-unnecessary-quantifier ... Disallow unnecessary quantifiers.
  • #197 adds this rule.
• clean-regex/optimal-concatenation-quantifier ... Use optimal quantifiers for concatenated quantified characters.
  • Added by #207.
• clean-regex/optimized-character-class ... Disallows unnecessary elements in character classes.
  • Mostly covered by no-dupe-characters-character-class after #191.
  • The rest is already covered by no-useless-range and prefer-range.
• clean-regex/prefer-character-class ... Prefer character classes wherever possible instead of alternations.
  • #158 updates regexp/prefer-character-class.
• clean-regex/prefer-predefined-assertion ... Prefer predefined assertions over equivalent lookarounds.
  • #171 adds this rule.
• clean-regex/prefer-predefined-character-set ... Prefer predefined character sets instead of their more verbose form.
  • Already covered by regexp/prefer-w and regexp/prefer-d.
• clean-regex/prefer-predefined-quantifiers ... Prefer predefined quantifiers (+*?) instead of their more verbose form.
  • This is already covered by regexp/prefer-question-quantifier, regexp/prefer-star-quantifier, and regexp/prefer-plus-quantifier.
• clean-regex/simple-constant-quantifier ... Prefer simple constant quantifiers over the range form.
  • #109 makes no-useless-two-nums-quantifier functionally equivalent to clean-regex/simple-constant-quantifier.
• clean-regex/sort-flags ... Requires the regex flags to be sorted.
  • #164 Add new rule regexp/sort-flags.