This JavaScript library implements brace expansion syntax similar to sh/bash (as documented for Bash). It provides an `expand(str, [options])` function that returns an array of all valid expanded strings, with an optional `max` limit to cap the number of generated expansions.
Project status
- The repo appears actively maintained, with very recent updates on 2026-05-25 and 2026-05-26, and a recent upstream push on 2026-05-26. Recent changes are not just metadata, they include parser and sequence-behavior adjustments.
- Update cadence looks currently “burst-active” (at least two version lines updated within about a day), and historically there were substantial maintenance updates around 2025-06-11, followed by fewer changes in 2024-2023. This suggests ongoing work rather than maintenance-only, with periodic bursts.
AI summary generated
Recent updates
v1.1.15
v1.1.15 is described in release notes only as a backport of a change from v5.0.6. The actual code diff shows substantive behavior changes, including a new (optional) max truncation mechanism for brace expansions and a fix for numeric sequence step handling that previously could cause runaway/infinite looping or extreme execution for inputs like {1..2..0}.
SecurityFeaturesv2.1.1
v2.1.1 is described only as a backport of a change from v5.0.6 to the v2 line (PR #109). The actual code changes include adding a max-truncation mechanism to expansion, plus parser and sequence-generation logic adjustments that affect behavior for certain edge cases.
SecurityFeaturesv1.1.12
Release v1.1.12 updates brace-expansion packaging and includes a regex fix intended to prevent ReDoS and improve performance. The code changes are small, affecting the parsing logic inside expand, and add a regression/performance test.
Securityv2.0.2
v2.0.2 primarily targets a potential ReDoS or inefficient regular expression issue (#65). Release notes also mention minor formatting changes and a change to publish the package on the 2.x tag. The code diff shows additional internal refactoring and behavior changes around how brace expansions interact with `$`-prefixed sequences.
Securityv3.0.1
Release v3.0.1 is described as a formatting change and a fix for a potential ReDoS/inefficient regular expression. However, the actual diff shows a much larger set of changes, including a migration from CommonJS to ES modules and a dependency major version bump.
Securityv4.0.1
v4.0.1 primarily targets a potential ReDoS/inefficient regular expression issue (as noted in the release notes). The code diff also includes internal refactoring of brace escaping/unescaping logic and adds a regression test to measure execution time.
Securityv4.0.0
v4.0.0 bumps the library version and includes a change in how brace escaping and unescaping are implemented. The release notes also add a new tea.yaml file used for Tea configuration/release tooling.
Featuresv3.0.0
This release (v3.0.0) converts the library to ES Modules, updates the balanced-match dependency, and modernizes the project tooling and CI (GitHub Actions). The test setup is migrated away from tape to Node's built-in node:test runner, and the codebase is updated to use modern JS syntax and formatting.
BreakingFeaturesv1.1.11
The provided release notes for v1.1.11 do not describe any specific code changes, fixes, or upgrade-related differences. They only restate the brace-expansion package purpose and its current API entry point (expand(str)) and behavior examples.
1.1.11
Release 1.1.11 has no publisher-provided release notes. The only code diff shows a CI configuration change, adding Node.js 10 to the Travis build matrix.