fix: consistent and likely safer regex escaping (#1439)

Co-authored-by: James Garbutt <43081j@users.noreply.github.com>

Author: ghostdevv

package.json

@@ -57,6 +57,7 @@
     "@iconify-json/svg-spinners": "1.2.4",
     "@iconify-json/vscode-icons": "1.2.45",
     "@intlify/shared": "11.3.0",
+    "@li/regexp-escape-polyfill": "jsr:0.3.4",
     "@lunariajs/core": "https://pkg.pr.new/lunariajs/lunaria/@lunariajs/core@904b935",
     "@napi-rs/canvas": "0.1.97",
     "@nuxt/a11y": "1.0.0-alpha.1",

pnpm-lock.yaml

@@ -1,3 +1,5 @@
+import { regExpEscape } from '@li/regexp-escape-polyfill'
+
 export type DevDependencySuggestionReason = 'known-package' | 'readme-hint'
 
 export interface DevDependencySuggestion {
@@ -59,15 +61,11 @@ function isKnownDevDependencyPackage(packageName: string): boolean {
   )
 }
 
-function escapeRegExp(text: string): string {
-  return text.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
-}
-
 function hasReadmeDevInstallHint(packageName: string, readmeContent?: string | null): boolean {
   if (!readmeContent) return false
 
-  const escapedName = escapeRegExp(packageName)
-  const escapedNpmName = escapeRegExp(`npm:${packageName}`)
+  const escapedName = regExpEscape(packageName)
+  const escapedNpmName = regExpEscape(`npm:${packageName}`)
   const packageSpec = `(?:${escapedName}|${escapedNpmName})(?:@[\\w.-]+)?`
 
   const patterns = [

shared/utils/dev-dependency.ts

@@ -1,3 +1,5 @@
+import { regExpEscape } from '@li/regexp-escape-polyfill'
+
 // copied from https://github.com/markdown-it/markdown-it-emoji/blob/master/lib/data/full.mjs
 const emojis = {
   '100': '💯',
@@ -1907,7 +1909,7 @@ const emojis = {
 
 const emojisKeysRegex = new RegExp(
   Object.keys(emojis)
-    .map(key => `:${key}:`)
+    .map(key => `:${regExpEscape(key)}:`)
     .join('|'),
   'g',
 )