micromatch is a highly optimized JavaScript glob matching library for wildcard and glob-pattern matching in Node.js. It’s designed as a faster drop-in alternative to minimatch and multimatch, providing functions for matching lists of strings and checking whether a single string matches one or more glob patterns.
Project status
- Maintenance status: micromatch appears not actively maintained as of today (2026-06-09), with the last upstream push on 2024-08-26 and no evidence of continued recent development after that point.
- Update cadence: updates are sporadic, with the most recent series clustered in May to August 2024, then a long silence since 2024-08-26.
AI summary generated
Recent updates
4.0.8
Release 4.0.8 is a patch release that claims to address security issues CVE-2024-4067 and CVE-2024-4068. The release notes do not document any other functional or API changes.
Security4.0.7
Release 4.0.7 has no provided release notes. The only observed change in the diff is in package.json, specifically updating the braces dependency and adjusting some JSON formatting for metadata.
4.0.6
Release 4.0.6 was published on 2024-05-21, but the publisher did not provide any release notes. As a result, there is no documented information here about new functionality, fixes, breaking changes, or security updates.
4.0.4
Version 4.0.4 is a small release that primarily bumps the micromatch dependency picomatch from ^2.2.1 to ^2.2.3. The only release note provided is that this updates picomatch to fix regression #179, without detailing the user-visible behavior change.
4.0.3
Release 4.0.3 is described as a dependency enforcement change, specifically “enforce newer version of picomatch with bugfixes.” The provided code diff, however, shows mostly repository and documentation/tooling changes, with no clearly visible public runtime API changes in the excerpted diffs.
2.3.7
Version 2.3.7 removes the use of the lazy-cache package. The change shifts how internal helper dependencies are loaded in lib/utils.js, replacing lazy-loaded cached requires with direct (eager) requires.
2.3.6
Release 2.3.6 claims only linting and minor formatting. The code diff and manifest show additional changes beyond formatting, including a major dependency bump (lazy-cache), changes to the lazy-cache require wiring in lib/utils.js, and a behavioral guard in index.js for non-string glob entries.
2.3.5
This release only bumps the micromatch package version to 2.3.5 and updates its dependency on kind-of. The release notes are minimal and only state that the kind-of dependency was bumped to ^3.0.2.
2.3.4
The release notes provide no documented changes. The code diff shows a version bump of micromatch from 2.3.3 to 2.3.4 and upgrades a single dependency, arr-diff, to ^2.0.0.
2.3.3
Version 2.3.3 addresses an issue where $ characters were not being treated as literals during pattern expansion, causing mismatches. The release notes are minimal and reference #49, but the code change clearly focuses on escaping dollar signs.
2.3.2
Version 2.3.2 includes a small behavioral fix related to matching literal plus signs, plus a minor test addition to cover that scenario. The diff also shows a development-only dependency change in package.json.
2.3.1
Version 2.3.1 improves filter performance in the project. The release notes point to GitHub PR #44 for implementation details, but do not describe any API or behavior changes.