feat: add option to not use re2 (per spamscanner/url-regex-safe#28), bump deps, modernize config

Author: titanism

.commitlintrc.json

@@ -10,7 +10,6 @@ jobs:
         os:
           - ubuntu-latest
         node_version:
-          - 14
           - 16
           - 18
     name: Node ${{ matrix.node_version }} on ${{ matrix.os }}

.github/workflows/ci.yml

@@ -7,7 +7,7 @@
 [![license](https://img.shields.io/github/license/spamscanner/email-regex-safe.svg)](LICENSE)
 [![npm downloads](https://img.shields.io/npm/dt/email-regex-safe.svg)](https://npm.im/email-regex-safe)
 
-> Regular expression matching for email addresses. Maintained, configurable, more accurate, and browser-friendly alternative to [email-regex][]. Works in Node v14+ and browsers. **Made for [Spam Scanner][spam-scanner] and [Forward Email][forward-email]**
+> Regular expression matching for email addresses. Maintained, configurable, more accurate, and browser-friendly alternative to [email-regex][]. Works in Node v14+ and browsers. **Maintained for [Spam Scanner][spam-scanner] and [Forward Email][forward-email]**.
 
 
 ## Table of Contents
@@ -35,12 +35,12 @@ This package should hopefully more closely resemble real-world intended usage of
 
 ## Install
 
-**NOTE:** As of v2.0.0 you must also install `re2` as a peer dependency.  As of v3.0.0 `re2` is optional and it will default to using `RegExp`.
+**NOTE:** The default behavior of this package will attempt to load [re2](https://github.com/uhop/node-re2) (it is an optional peer dependency used to prevent regular expression denial of service attacks and more).  If you wish to use this behavior, you must have `re2` installed via `npm install re2` – otherwise it will fallback to using normal `RegExp` instances.  As of v4.0.0 we added an option if you wish to force this package to not even attempt to load `re2` (e.g. it's in your `node_modules` [but you don't want to use it](https://github.com/spamscanner/url-regex-safe/issues/28)) – simply pass `re2: false` as an option.
 
 [npm][]:
 
 ```sh
-npm install email-regex-safe re2
+npm install email-regex-safe
 ```
 
 
@@ -94,6 +94,7 @@ Assuming you are using [browserify][], [webpack][], [rollup][], or another bundl
 
 | Property       | Type    | Default Value                                                | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
 | -------------- | ------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `re2`          | Boolean | `true`                                                       | Attempt to load `re2` to use instead of `RegExp` for creating new regular expression instances.  If you pass `re2: false`, then `re2` will not even be attempted to be loaded.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | `exact`        | Boolean | `false`                                                      | Only match an exact String. Useful with `regex.test(str)` to check if a String is an email address. We set this to `false` by default as the most common use case for a RegExp parser is to parse out emails, as opposed to check strict validity; we feel this closely more resembles real-world intended usage of this package.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
 | `strict`       | Boolean | `false`                                                      | If `true`, then it will allow any TLD as long as it is a minimum of 2 valid characters. If it is `false`, then it will match the TLD against the list of valid TLD's using [tlds](https://github.com/stephenmathieson/node-tlds#readme).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
 | `gmail`        | Boolean | `true`                                                       | Whether or not to abide by Gmail's rules for email usernames (see Gmail's [Create a username article](https://support.google.com/mail/answer/9211434) for more insight). Note that since [RE2][] does not support negative lookahead nor negative lookbehind, we are leaving it up to you to filter out a select few invalid matches while using `gmail: true`.  Invalid matches would be those that end with a "." (period) or "+" (plus symbol), or have two or more consecutive ".." periods in a row anywhere in the username portion.  We recommend to use `str.matches(emailSafeRegex())` to get an Array of all matches, and then filter those that pass [validator.isEmail][validator-email] after having end period(s) and/or plus symbol(s) stripped from them, as well as filtering out matches with repeated periods. |
@@ -112,7 +113,7 @@ If you would like to validate email addresses found, then you should use the [va
 
 ## Limitations
 
-Since we cannot use regular expression's "negative lookbehinds" functionality (due to [RE2][] limitations), we could not merge the logic from this [pull request](https://github.com/kevva/url-regex/pull/67/commits/6c31d81c35c3bb72c413c6e4af92a37b2689ead2).  This would have allowed us to make it so `example.jpeg` would match only if it was `example.jp`, however if you pass `example.jpeg` right now it will extract `example.jp` from it (since `.jp` is a TLD).  An alternative solution may exist, and we welcome community contributions regarding this issue.
+**This limitation only applies if you are using `re2`**: Since we cannot use regular expression's "negative lookbehinds" functionality (due to [RE2][] limitations), we could not merge the logic from this [pull request](https://github.com/kevva/url-regex/pull/67/commits/6c31d81c35c3bb72c413c6e4af92a37b2689ead2).  This would have allowed us to make it so `example.jpeg` would match only if it was `example.jp`, however if you pass `example.jpeg` right now it will extract `example.jp` from it (since `.jp` is a TLD).  An alternative solution may exist, and we welcome community contributions regarding this issue.
 
 
 ## Contributors

.prettierrc

@@ -14,34 +14,34 @@
   ],
   "dependencies": {
     "ip-regex": "4",
-    "tlds": "^1.240.0"
+    "tlds": "^1.242.0"
   },
   "devDependencies": {
-    "@babel/cli": "^7.22.9",
-    "@babel/core": "^7.22.9",
-    "@babel/eslint-parser": "^7.22.9",
-    "@babel/preset-env": "^7.22.9",
-    "@commitlint/cli": "^17.6.7",
-    "@commitlint/config-conventional": "^17.6.7",
+    "@babel/cli": "^7.22.10",
+    "@babel/core": "^7.22.10",
+    "@babel/eslint-parser": "^7.22.10",
+    "@babel/preset-env": "^7.22.10",
+    "@commitlint/cli": "^17.7.1",
+    "@commitlint/config-conventional": "^17.7.0",
     "ava": "^4.3.0",
     "babelify": "^10.0.0",
     "browserify": "^17.0.0",
     "cross-env": "^7.0.3",
-    "eslint": "^8.46.0",
+    "eslint": "^8.47.0",
     "eslint-config-xo-lass": "^2.0.1",
     "eslint-plugin-compat": "^4.1.4",
     "eslint-plugin-node": "^11.1.0",
     "fixpack": "^4.0.0",
     "husky": "^8.0.3",
     "jsdom": "15",
-    "lint-staged": "^13.2.3",
+    "lint-staged": "^14.0.0",
     "nyc": "^15.1.0",
     "re2": "^1.20.1",
     "remark-cli": "^11.0.0",
     "remark-preset-github": "^4.0.4",
-    "rimraf": "^3.0.2",
+    "rimraf": "^5.0.1",
     "tinyify": "^3.1.0",
-    "xo": "^0.55.0"
+    "xo": "^0.56.0"
   },
   "engines": {
     "node": ">=14"

.remarkrc

@@ -1,45 +1,58 @@
 const ipRegex = require('ip-regex');
 const tlds = require('tlds');
 
-/* istanbul ignore next */
-const SafeRegExp = (() => {
-  try {
-    const RE2 = require('re2');
-    return typeof RE2 === 'function' ? RE2 : RegExp;
-  } catch {
-    return RegExp;
-  }
-})();
 const ipv4 = ipRegex.v4().source;
 const ipv6 = ipRegex.v6().source;
+const host = '(?:(?:[a-z\\u00a1-\\uffff0-9][-_]*)*[a-z\\u00a1-\\uffff0-9]+)';
+const domain = '(?:\\.(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)*';
+const strictTld = '(?:[a-z\\u00a1-\\uffff]{2,})';
+const defaultTlds = `(?:${tlds.sort((a, b) => b.length - a.length).join('|')})`;
+
+let RE2;
+let hasRE2;
 
 module.exports = (options) => {
-  // eslint-disable-next-line prefer-object-spread
-  options = Object.assign(
-    {
-      exact: false,
-      strict: false,
-      gmail: true,
-      utf8: true,
-      localhost: true,
-      ipv4: true,
-      ipv6: false,
-      tlds,
-      returnString: false
-    },
-    options
-  );
+  options = {
+    //
+    // attempt to use re2, if set to false will use RegExp
+    // (we did this approach because we don't want to load in-memory re2 if users don't want it)
+    // <https://github.com/spamscanner/url-regex-safe/issues/28>
+    //
+    re2: true,
+    exact: false,
+    strict: false,
+    gmail: true,
+    utf8: true,
+    localhost: true,
+    ipv4: true,
+    ipv6: false,
+    returnString: false,
+    ...options
+  };
 
-  const host = '(?:(?:[a-z\\u00a1-\\uffff0-9][-_]*)*[a-z\\u00a1-\\uffff0-9]+)';
-  const domain =
-    '(?:\\.(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)*';
+  /* istanbul ignore next */
+  const SafeRegExp =
+    options.re2 && hasRE2 !== false
+      ? (() => {
+          if (typeof RE2 === 'function') return RE2;
+          try {
+            RE2 = require('re2');
+            return typeof RE2 === 'function' ? RE2 : RegExp;
+          } catch {
+            hasRE2 = false;
+            return RegExp;
+          }
+        })()
+      : RegExp;
 
   // Add ability to pass custom list of tlds
   // <https://github.com/kevva/url-regex/pull/66>
   const tld = `(?:\\.${
     options.strict
-      ? '(?:[a-z\\u00a1-\\uffff]{2,})'
-      : `(?:${options.tlds.sort((a, b) => b.length - a.length).join('|')})`
+      ? strictTld
+      : options.tlds
+      ? `(?:${options.tlds.sort((a, b) => b.length - a.length).join('|')})`
+      : defaultTlds
   })`;
 
   // <https://github.com/validatorjs/validator.js/blob/master/src/lib/isEmail.js>