`minimatch`

Ecosystem:
npm

Package URL:
pkg:npm/minimatch

Total PRs:
30,449 Dependabot PRs

Latest PR:
about 17 hours ago

Unique Repositories:
16,289 repositories

Unique Repos (30 days):
566 repositories

Security Advisories

Regular Expression Denial of Service in minimatch

GHSA-hxm2-r34f-qmc5 CVE-2016-10540 HIGH published over 7 years ago • updated about 2 months ago

Affected versions of `minimatch` are vulnerable to regular expression denial of service attacks when user input is passed into the `pattern` argume...

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

GHSA-3ppc-4f35-3m26 CVE-2026-26996 HIGH published 3 months ago • updated 2 days ago

### Summary `minimatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive `*` wildcards f...

minimatch ReDoS vulnerability

GHSA-f8q6-p94x-37v3 CVE-2022-3517 HIGH published over 3 years ago • updated about 1 hour ago

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand fu...

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

GHSA-23c5-xmqv-rm74 CVE-2026-27904 HIGH published 3 months ago • updated about 4 hours ago

### Summary Nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtrackin...

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

GHSA-7r86-cg39-jmmj CVE-2026-27903 HIGH published 3 months ago • updated about 4 hours ago

### Summary `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and...

Recent PRs

RSS Feed

Bump minimatch and serve

e0da/brain #11

3.0.4 → 3.1.5 Minor PR

Closed about 17 hours ago 3 comments

Bump the npm_and_yarn group across 1 directory with 16 updates

ali963git/keycloak-nodejs-connect #11

3.0.4 → 3.1.5 Minor PR

Open about 17 hours ago 3 comments

Bump the npm_and_yarn group across 1 directory with 25 updates

sam1am/auth-boilerplate #1

3.1.2 → 3.1.5 Patch PR

Open about 19 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates

groupthinking/EventRelay #210

3.1.2 → 3.1.5 Patch PR

Open about 21 hours ago 3 comments

npm(deps): bump minimatch from 10.1.2 to 10.2.5

FreeForCharity/FFC-EX-slopestohope.org #26

10.1.2 → 10.2.5 Minor PR

Open about 23 hours ago 1 comment

chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5

malamutemayhem/unclick #1090

3.1.2 → 3.1.5 Patch PR

Open 1 day ago 8 comments

chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates

theinsightcentre/generative-ai-google #9

3.1.2 → 3.1.5 Patch PR

Closed 1 day ago 1 comment

chore(deps): bump the production-dependencies group with 23 updates

PYRENEES-BIEN-COMMUN/documentation #2

10.1.1 → 10.2.5 Minor PR

Closed 2 days ago 1 comment

chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5

fathom-global/background-action #6

3.1.2 → 3.1.5 Patch PR

Closed 2 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 31 updates

muhammadali1995/muck-23 #6

3.0.4 → 3.1.5 Minor PR

Open 2 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 9 updates

Aswincloud/portfolio #60

9.0.5 → 9.0.9 Patch PR

Closed 3 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

insthync/nodejs-in-app-purchase #6

3.1.2 → 3.1.5 Patch PR

Open 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 8 updates

GlacierEQ/supermemory #24

5.1.6 → 5.1.9 Patch PR

Open 3 days ago 3 comments

Bump the npm_and_yarn group across 1 directory with 8 updates

mathiasborsatto/workflow #2

3.1.2 → 3.1.5 Patch PR

Open 3 days ago 2 comments

Bump the npm_and_yarn group across 1 directory with 6 updates

NeuraAdm/Portfolio #4

9.0.5 → 9.0.9 Patch PR

Closed 3 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 3 updates

actualbudget/wrapped #18

10.1.1 → 10.2.5 Minor PR

Closed 3 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 4 updates

gradle-update/update-gradle-wrapper-action #1027

3.1.2 → 3.1.5 Patch PR

Closed 3 days ago 2 comments

build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

tadanobutubutu/my-ai-powered-actions-exercise #4

9.0.5 → 9.0.9 Patch PR

Open 3 days ago 17 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 18 updates

harpertoken/autofix #49

3.1.2 → 3.1.5 Patch PR

Closed 3 days ago 3 comments

Bump the npm_and_yarn group across 1 directory with 9 updates

usa-glitch/eat-group-asset #1

9.0.5 → 9.0.9 Patch PR

Open 4 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 14 updates

bobvarkey/diabetes-buddy #6

3.1.2 → 3.1.5 Patch PR

Open 4 days ago 1 comment

Bump the npm_and_yarn group across 16 directories with 19 updates

Future-whitehat7/react #10

3.0.4 → 3.1.4 Minor PR

Closed 4 days ago 1 comment

Bump the npm_and_yarn group across 16 directories with 20 updates

jcstein/next.js #21

3.0.4 → 3.1.4 Minor PR

Closed 4 days ago 1 comment

Bump minimatch and mocha

datastructures-js/trie #22

3.0.4 → 3.1.5 Minor PR

Closed 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 9 directories with 13 updates

nosportugal/codesandbox-client #19

3.1.2 → 3.1.4 Patch PR

Closed 4 days ago 1 comment

build(deps): Bump the npm_and_yarn group across 1 directory with 7 updates

botfusions/BOTCRm #3

9.0.5 → 9.0.9 Patch PR

Open 4 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 15 updates

adrianwedd/gpt4-pdf-chatbot-langchain #4

3.1.2 → 3.1.5 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 11 directories with 16 updates

Web3Auth/core #25

3.1.2 → 3.1.5 Patch PR

Closed 4 days ago 1 comment

Bump the npm_and_yarn group across 13 directories with 20 updates

jcstein/next.js #19

3.0.4 → 3.1.4 Minor PR

Closed 4 days ago 1 comment

Bump minimatch

hw4n/mapletools #1

3.1.2 → 3.1.5 Patch PR

Closed 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

GlacierEQ/langgraph #9

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 4 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

HarleyCoops/ai #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 2 comments

build(deps): Bump the npm_and_yarn group across 1 directory with 10 updates

aref-vc/theme-generator #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 1 comment

chore(deps): Bump the npm_and_yarn group across 1 directory with 6 updates

aref-vc/pod-explorer #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 1 comment

Bump minimatch in /github-authentication-sample

Allsafeafrica/ASA-Stack #9

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 10 directories with 12 updates

nikomatt69/nikcli #78

10.0.3 → 10.2.3 Minor PR

Closed 5 days ago 4 comments

build(deps): bump the npm_and_yarn group across 1 directory with 11 updates

support371/whimsy-trade-bot #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 2 comments

Bump the npm_and_yarn group across 1 directory with 6 updates

laspearx/Whiskora #2

3.1.2 → 3.1.5 Patch PR

Closed 5 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 16 updates

conor-spec/goose #17

9.0.5 → 9.0.9 Patch PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 6 updates

MomenMushtaha/worldcup-betting #3

5.1.6 → 5.1.9 Patch PR

Open 5 days ago 1 comment

Bump the npm_and_yarn group across 2 directories with 14 updates

MomenMushtaha/worldcup-betting #1

3.1.2 → 3.1.5 Patch PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 13 updates

HarleyCoops/gemini-google-extension #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 1 comment

build(deps): bump the npm_and_yarn group across 3 directories with 21 updates

ahump20/gemini-cli #25

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 2 comments

Bump the npm_and_yarn group across 2 directories with 17 updates

jianminy931020-coder/my-official-site #1

3.1.2 → 3.1.5 Patch PR

Open 5 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 8 updates

jianminy931020-coder/financeflow #1

9.0.5 → 9.0.9 Patch PR

Open 5 days ago 2 comments

Bump the npm_and_yarn group across 2 directories with 21 updates

rorymclaughlin432/admin-dashboard-charts #2

3.1.2 → 3.1.5 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates

cosmiccareer/terminai #13

3.1.2 → 3.1.5 Patch PR

Closed 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates

GlacierEQ/mcp-playwright #5

3.1.2 → 3.1.5 Patch PR

Open 6 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 5 directories with 15 updates

pellera9/firecrawl #4

3.1.2 → 3.1.5 Patch PR

Closed 6 days ago 1 comment

Build(deps): bump the npm_and_yarn group across 3 directories with 10 updates

alpro1000/STAVAGENT #1216

3.1.2 → 3.1.5 Patch PR

Open 6 days ago 1 comment

Package Details

Name:	`minimatch`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/minimatch`
JSON API:	View JSON

Security Advisories

5

Active advisories

HIGH 5

View All npm Advisories

Package Information

Description:

a glob matcher in javascript

Repository:	https://github.com/isaacs/minimatch
Homepage:	https://github.com/isaacs/minimatch#readme
Latest Release:	`10.0.1` almost 2 years ago
Dependent Repos:	2,198,462
Dependent Packages:	9,743
Downloads:	1,223,937,395
Ranking:	Top 0.0126% by dependent repos Top 0.0004% by downloads Top 0.0099% by dependent pkgs

PR Status

Open 12,547 (41.2%)

Merged 240 (0.8%)

Closed 17,544 (57.6%)

PR Types

Major 797 (2.6%)

Minor 8,804 (28.9%)

Patch 20,638 (67.8%)

Removal 62 (0.2%)