Unescaped identifiers regex causes DoS by heap exhaustion/infinite loop

[ghost]

It's prevalent to import Sanctuary as S and sanctuary-def as $, i.e:

import S from "sanctuary"
import $ from "sanctuary-def"

The problem is that esm's find-indexes is using the unescaped identifiers in a regex (e.g: S and $), which, in this case, causes an infinite loop, i.e:
pattern becomes new RegExp("\\b(?:S|$)\\b", "g") which matches 0 characters, and therefore matches infinitely (e.g in the while loop).

Suggested bug fix: escape the identifiers used in the regex.

[jdalton]

Thank you @leosbotelho!

Patched c41e001.

[ghost]

You are very welcome. I'm sorry to bother.

@jdalton, I think it's enough to identifiers.map(escapeRegExp).join("|") or similar. Maybe also filter(({length}) => length > 0) with empty error condition?

Regarding tests, this seems to fix the issue.