An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/