Research: TRE Python binding — ReDoS robustness demo (https://github.com/simonw/research/tree/main/tre-python-binding#readme)

    If it's good enough for antirez (https://simonwillison.net/2026/May/4/redis-array/) to add to Redis I figured Ville Laurikari's TRE (https://github.com/laurikari/tre/) regular expression engine was worth exploring in a little more detail.

I had Claude Code build an experimental Python binding (it used ctypes) and try some malicious regular expression attacks against the library. TRE handles those much better than Python’s standard library implementation, thanks mainly to the lack of support for backtracking.

    Tags: security (https://simonwillison.net/tags/security), python (https://simonwillison.net/tags/python), regular-expressions (https://simonwillison.net/tags/regular-expressions), c (https://simonwillison.net/tags/c), ctypes (https://simonwillison.net/tags/ctypes)