braces
Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.
Please consider following this project's author, Jon Schlinkert, and consider starring the project to show your ❤️ and support.
Install
Install with npm:
$ npm install --save bracesv3.0.0 Released!!
See the changelog for details.
Why use braces?
Brace patterns make globs more powerful by adding the ability to match specific ranges and sequences of characters.
Accurate - complete support for the Bash 4.3 Brace Expansion specification (passes all of the Bash braces tests)
fast and performant - Starts fast, runs fast and scales well as patterns increase in complexity.
Organized code base - The parser and compiler are easy to maintain and update when edge cases crop up.
Well-tested - Thousands of test assertions, and passes all of the Bash, minimatch, and brace-expansion unit tests (as of the date this was written).
Safer - You shouldn't have to worry about users defining aggressive or malicious brace patterns that can break your application. Braces takes measures to prevent malicious regex that can be used for DDoS attacks (see catastrophic backtracking).
Supports lists - (aka "sets")
a/{b,c}/d=>['a/b/d', 'a/c/d']Supports sequences - (aka "ranges")
{01..03}=>['01', '02', '03']Supports steps - (aka "increments")
{2..10..2}=>['2', '4', '6', '8', '10']Supports escaping - To prevent evaluation of special characters.
Usage
The main export is a function that takes one or more brace patterns and options.
Brace Expansion vs. Compilation
By default, brace patterns are compiled into strings that are optimized for creating regular expressions and matching.
Compiled
Expanded
Enable brace expansion by setting the expand option to true, or by using braces.expand() (returns an array similar to what you'd expect from Bash, or echo {1..5}, or minimatch):
Lists
Expand lists (like Bash "sets"):
Sequences
Expand ranges of characters (like Bash "sequences"):
See fill-range for all available range-expansion options.
Steppped ranges
Steps, or increments, may be used with ranges:
When the .optimize method is used, or options.optimize is set to true, sequences are passed to to-regex-range for expansion.
Nesting
Brace patterns may be nested. The results of each expanded string are not sorted, and left to right order is preserved.
"Expanded" braces
"Optimized" braces
Escaping
Escaping braces
A brace pattern will not be expanded or evaluted if either the opening or closing brace is escaped:
Escaping commas
Commas inside braces may also be escaped:
Single items
Following bash conventions, a brace pattern is also not expanded when it contains a single character:
Options
options.maxLength
Type: Number
Default: 65,536
Description: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
options.expand
Type: Boolean
Default: undefined
Description: Generate an "expanded" brace pattern (alternatively you can use the braces.expand() method, which does the same thing).
options.nodupes
Type: Boolean
Default: undefined
Description: Remove duplicates from the returned array.
options.rangeLimit
Type: Number
Default: 1000
Description: To prevent malicious patterns from being passed by users, an error is thrown when braces.expand() is used or options.expand is true and the generated range will exceed the rangeLimit.
You can customize options.rangeLimit or set it to Inifinity to disable this altogether.
Examples
options.transform
Type: Function
Default: undefined
Description: Customize range expansion.
Example: Transforming non-numeric values
Example: Transforming numeric values
options.quantifiers
Type: Boolean
Default: undefined
Description: In regular expressions, quanitifiers can be used to specify how many times a token can be repeated. For example, a{1,3} will match the letter a one to three times.
Unfortunately, regex quantifiers happen to share the same syntax as Bash lists
The quantifiers option tells braces to detect when regex quantifiers are defined in the given pattern, and not to try to expand them as lists.
Examples
options.unescape
Type: Boolean
Default: undefined
Description: Strip backslashes that were used for escaping from the result.
What is "brace expansion"?
Brace expansion is a type of parameter expansion that was made popular by unix shells for generating lists of strings, as well as regex-like matching when used alongside wildcards (globs).
In addition to "expansion", braces are also used for matching. In other words:
brace expansion is for generating new lists
brace matching is for filtering existing lists
More about brace expansion (click to expand)
There are two main types of brace expansion:
lists: which are defined using comma-separated values inside curly braces:
{a,b,c}sequences: which are defined using a starting value and an ending value, separated by two dots:
a{1..3}b. Optionally, a third argument may be passed to define a "step" or increment to use:a{1..100..10}b. These are also sometimes referred to as "ranges".
Here are some example brace patterns to illustrate how they work:
Sets
Sequences
Combination
Sets and sequences can be mixed together or used along with any other strings.
The fact that braces can be "expanded" from relatively simple patterns makes them ideal for quickly generating test fixtures, file paths, and similar use cases.
Brace matching
In addition to expansion, brace patterns are also useful for performing regular-expression-like matching.
For example, the pattern foo/{1..3}/bar would match any of following strings:
But not:
Braces can also be combined with glob patterns to perform more advanced wildcard matching. For example, the pattern */{1..3}/* would match any of following strings:
Brace matching pitfalls
Although brace patterns offer a user-friendly way of matching ranges or sets of strings, there are also some major disadvantages and potential risks you should be aware of.
tldr
"brace bombs"
brace expansion can eat up a huge amount of processing resources
as brace patterns increase linearly in size, the system resources required to expand the pattern increase exponentially
users can accidentally (or intentially) exhaust your system's resources resulting in the equivalent of a DoS attack (bonus: no programming knowledge is required!)
For a more detailed explanation with examples, see the geometric complexity section.
The solution
Jump to the performance section to see how Braces solves this problem in comparison to other libraries.
Geometric complexity
At minimum, brace patterns with sets limited to two elements have quadradic or O(n^2) complexity. But the complexity of the algorithm increases exponentially as the number of sets, and elements per set, increases, which is O(n^c).
For example, the following sets demonstrate quadratic (O(n^2)) complexity:
But add an element to a set, and we get a n-fold Cartesian product with O(n^c) complexity:
Now, imagine how this complexity grows given that each element is a n-tuple:
Although these examples are clearly contrived, they demonstrate how brace patterns can quickly grow out of control.
More information
Interested in learning more about brace expansion?
Performance
Braces is not only screaming fast, it's also more accurate the other brace expansion libraries.
Better algorithms
Fortunately there is a solution to the "brace bomb" problem: don't expand brace patterns into an array when they're used for matching.
Instead, convert the pattern into an optimized regular expression. This is easier said than done, and braces is the only library that does this currently.
The proof is in the numbers
Minimatch gets exponentially slower as patterns increase in complexity, braces does not. The following results were generated using braces() and minimatch.braceExpand(), respectively.
Pattern
braces
[minimatch][]
{1..9007199254740991}[^1]
298 B (5ms 459μs)
N/A (freezes)
{1..1000000000000000}
41 B (1ms 15μs)
N/A (freezes)
{1..100000000000000}
40 B (890μs)
N/A (freezes)
{1..10000000000000}
39 B (2ms 49μs)
N/A (freezes)
{1..1000000000000}
38 B (608μs)
N/A (freezes)
{1..100000000000}
37 B (397μs)
N/A (freezes)
{1..10000000000}
35 B (983μs)
N/A (freezes)
{1..1000000000}
34 B (798μs)
N/A (freezes)
{1..100000000}
33 B (733μs)
N/A (freezes)
{1..10000000}
32 B (5ms 632μs)
78.89 MB (16s 388ms 569μs)
{1..1000000}
31 B (1ms 381μs)
6.89 MB (1s 496ms 887μs)
{1..100000}
30 B (950μs)
588.89 kB (146ms 921μs)
{1..10000}
29 B (1ms 114μs)
48.89 kB (14ms 187μs)
{1..1000}
28 B (760μs)
3.89 kB (1ms 453μs)
{1..100}
22 B (345μs)
291 B (196μs)
{1..10}
10 B (533μs)
20 B (37μs)
{1..3}
7 B (190μs)
5 B (27μs)
Faster algorithms
When you need expansion, braces is still much faster.
(the following results were generated using braces.expand() and minimatch.braceExpand(), respectively)
Pattern
braces
[minimatch][]
{1..10000000}
78.89 MB (2s 698ms 642μs)
78.89 MB (18s 601ms 974μs)
{1..1000000}
6.89 MB (458ms 576μs)
6.89 MB (1s 491ms 621μs)
{1..100000}
588.89 kB (20ms 728μs)
588.89 kB (156ms 919μs)
{1..10000}
48.89 kB (2ms 202μs)
48.89 kB (13ms 641μs)
{1..1000}
3.89 kB (1ms 796μs)
3.89 kB (1ms 958μs)
{1..100}
291 B (424μs)
291 B (211μs)
{1..10}
20 B (487μs)
20 B (72μs)
{1..3}
5 B (166μs)
5 B (27μs)
If you'd like to run these comparisons yourself, see test/support/generate.js.
Benchmarks
Running benchmarks
Install dev dependencies:
Latest results
Braces is more accurate, without sacrificing performance.
About
Contributing
Pull requests and stars are always welcome. For bugs and feature requests, please create an issue.
Running Tests
Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:
Contributors
Author
Jon Schlinkert
License
Copyright © 2019, Jon Schlinkert. Released under the MIT License.
This file was generated by verb-generate-readme, v0.8.0, on April 08, 2019.
Last updated