Security: Mitigating ReDoS (Regular Expression Denial of Service) in Node.js

ReDoS occurs when a complex regex takes exponential time to evaluate against a malicious string, blocking the single-threaded Event Loop.

V8's regex engine uses a backtracking algorithm. Certain patterns, specifically nested quantifiers (e.g., (a+)+$), can lead to 'catastrophic backtracking' when matched against a long string of 'a's that does not end in a 'b'. Since Node.js is single-threaded, a single ReDoS attack can freeze the entire server for minutes. Mitigation strategies include: 1. Using safe-regex to check patterns, 2. Implementing timeouts for regex execution via vm module or external libraries, and 3. Favoring string methods (indexOf, includes) over regex where possible.