NodeJS/decamelize/1.1.0

Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow

https://www.npmjs.com/package/decamelize
MIT

2 Security Vulnerabilities

Regular Expression Denial of Service in decamelize

Published date: 2018-07-24T20:00:17Z
CVE: CVE-2017-16023
Links:

Affected versions of decamelize are susceptible to a denial of service vulnerability when user input is passed directly into decamelize.

Recommendation

Update to version 1.1.2 or later.

Affected versions: ["1.1.1", "1.1.0"]
Secure versions: [1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 6.0.1]
Recommendation: Update to version 6.0.1.

Regular Expression Denial of Service

Published date: 2017-04-14
Coordinating vendor: ^Lift Security
Links:

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase.

Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.

Affected versions: ["1.1.0", "1.1.1", "NodeJS/decamelize/1.1.1", "NodeJS/decamelize/1.1.0"]
Secure versions: [1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 6.0.1]
Recommendation: Upgrade to version 1.1.2 or later.

15 Other Versions

Version License Security Released
6.0.1 MIT 2025-08-19 - 14:50 4 months
6.0.0 MIT 2021-10-01 - 02:34 about 4 years
5.0.1 MIT 2021-09-29 - 10:26 about 4 years
5.0.0 MIT 2021-01-11 - 07:35 almost 5 years
4.0.0 MIT 2020-01-26 - 03:03 almost 6 years
3.2.0 MIT 2019-04-05 - 21:30 over 6 years
3.1.1 MIT 2019-03-22 - 10:46 over 6 years
3.1.0 MIT 2019-03-21 - 15:48 almost 7 years
3.0.0 MIT 2019-03-06 - 16:08 almost 7 years
2.0.0 MIT 2018-01-08 - 19:09 almost 8 years
1.2.0 MIT 2016-03-05 - 08:49 almost 10 years
1.1.2 MIT 2015-12-23 - 01:05 almost 10 years
1.1.1 MIT 2 2015-10-29 - 16:21 about 10 years
1.1.0 MIT 2 2015-10-25 - 19:24 about 10 years
1.0.0 MIT 2015-01-24 - 11:12 almost 11 years