Inefficient Regular Expression Complexity
The package is.js is a general-purpose check library. It contains one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). The "is.js" uses a regex copy-pasted from gist to validate URLs. Trying to validate a malicious string can cause the regex to loop "forever". This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is_js has no patch for this issue.
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.