chore: update recheck script to check rules.other

[UziTech]

Description

Update recheck script to check rules.other regexps for backtracking

Also convert to typescript.

Contributor

• Test(s) exist to ensure functionality and minimize regression (if no tests added, list tests covering this PR); or,
• no tests required for this PR.
• If submitting new feature, it has been documented in the appropriate places.

Committer

In most cases, this should be a different person than the contributor.

• CI is green (no forced merge required).
• Squash and Merge PR following conventional commit guidelines.

[vercel]

@UziTech is attempting to deploy a commit to the MarkedJS Team on Vercel.

A member of the Team first needs to authorize it.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the recheck script by extending its analysis to include rules.other regular expressions, thereby increasing the detection scope for ReDoS vulnerabilities. Concurrently, the script has been migrated to TypeScript, which improves code quality, readability, and future maintainability.

Highlights

• Recheck Script Enhancement: The recheck script has been updated to include checks for regular expressions defined in rules.other, expanding its coverage for potential backtracking vulnerabilities.
• TypeScript Conversion: The recheck script has been refactored and converted from JavaScript to TypeScript, improving maintainability and type safety.

Changelog

• package.json
  • Updated the test:redos npm script to execute the new TypeScript version of the recheck script (test/recheck.ts).
• test/recheck.js
  • Removed the deprecated JavaScript version of the recheck script.
• test/recheck.ts
  • Introduced a new TypeScript file for the recheck script.
  • Added checks for regular expressions within rules.other.
  • Implemented an interface RegexpObj for better type definition of regular expression objects.
  • Enhanced the output to explicitly state whether a regex is 'safe', 'vulnerable', or if an 'error' occurred during checking.
  • Included a temporary skip for function types within the checkRegexp utility.

Activity

• The pull request was created by UziTech.
• The description indicates that no tests were required for this PR, and the contributor checklist was marked accordingly.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
marked-website	Ready	Preview, Comment	Mar 8, 2026 3:49am

[gemini-code-assist]

Code Review

This pull request updates the ReDoS check script by converting it to TypeScript and extending it to check the rules.other object. The conversion to TypeScript is a good improvement, and the new script has better logging. However, I've found a critical issue where the script will fail to run because it's a TypeScript file being executed by node directly. I've also pointed out that the script currently skips checking regexes generated by functions, which leaves a significant part of rules.other unchecked.

[gemini-code-assist]

The script currently skips checking any regexes that are generated by functions, as noted by the TODO. While this is a reasonable starting point, a significant portion of the regexes in rules.other (which this PR aims to add checks for) are generated by functions. This means the script doesn't fully check for ReDoS vulnerabilities in rules.other.

To make this check more comprehensive, you should consider implementing logic to call these functions with sample/default arguments to get the RegExp object and check it. For example, for a function that takes an indent level, you could call it with a typical value like 4.
This is not a blocking issue, but it's a significant gap in the functionality this PR introduces.