individual IDE configs should go in your global gitignore, not in every project you happen to touch.

Best advice I've gotten all day.

it's dangerous to pass user input into RegExp; this is a DOS attack vector, for example.

@ljharb In case you come around to the idea of adding this option, might you suggest how I could resolve this issue? I've copied the behavior of the ignorePattern almost exactly: https://github.com/airbnb/babel-plugin-inline-react-svg/pull/63/files#diff-1fdf421c05c1140f6d71444ea2b27638R65

Instead of supporting regex, it should only support globs (gitignore syntax) - you can use https://npmjs.com/glob for that, i think

Ok cool I'll give that a shot

Actually I've been trying to find some literature about this vulnerability - this is the best I can do so far: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS.

It doesn't seem to me that this is a DOS risk (not like that at least). Is there precedent for protecting the engineer from doing this to his/herself? I suppose another babel preset could end up doing this - but still I'd have to have deliberately installed a malicious preset, right? Thoughts?

In general, I’d consider a self-DOS to be a non-problem - however, avoiding footguns is a UX concern, and i consider regexes in configs to be an attractive pit of failure.