A search feature that inserts raw user text into new RegExp() can turn a name like a+b into an unintended pattern. TypeScript 6 knows about the standardized RegExp.escape helper, making the safer operation easier to use correctly.

The useful question is not whether the release sounds modern. It is whether the changed default or capability affects the way your project installs, compiles, resolves modules, or runs in production.

Quick answer

Escape text that should be matched literally before combining it with trusted regex syntax. Confirm the runtime supports RegExp.escape; use a tested polyfill when it does not.

const query = "price (USD)";
const pattern = new RegExp(RegExp.escape(query), "i");
console.log(pattern.test("Price (USD) today"));

what changed

TypeScript 6 adds standard-library types for RegExp.escape. The method turns a string into text safe for literal use inside a regular-expression pattern.

This is a version-specific change. Pin the tool or runtime while migrating so a teammate and CI do not test a different contract by accident.

where teams will notice it

Search boxes, log filters, test utilities, and route tools often construct patterns from text. Escaping prevents metacharacters from broadening the match or causing syntax errors.

A small smoke test is more useful than assuming the changelog covers your architecture. Reproduce the workflow from a clean checkout with the same command production uses.

a safe migration

  1. Separate trusted pattern syntax from untrusted text.
  2. Escape only the literal fragments.
  3. Check runtime support.
  4. Test punctuation, backslashes, brackets, and Unicode input.

Change one resolution or security boundary at a time. That keeps failures attributable and makes rollback straightforward.

the mistake to avoid

Do not escape an entire expression when part of it is intentionally regex syntax. That converts operators and groups into literals and changes the feature.

Avoid broad compatibility switches unless they are temporary, documented, and assigned a removal date. A migration that merely hides the warning will return as a harder TypeScript, Node, or npm upgrade later.

how to verify the result

Test inputs such as ., *, a+b, [test], parentheses, slashes, and line breaks. Every input intended as text should match itself and nothing broader.

Record the tool version and verification command in the pull request. That gives reviewers evidence and gives the next upgrade a known baseline.

rollout note

Ship the change in a small pull request that records the old behavior, the new behavior, and the rollback command. For an application, test the production image rather than only the developer machine. For a library, install the packed tarball in a tiny consumer project. Keep the previous lockfile or compiler configuration available until CI, deployment, and one real workflow have all passed.

That evidence makes the upgrade reviewable. It also prevents a later failure from being blamed vaguely on the entire major release when one setting or experimental flag was responsible.

official reference

Check the linked documentation again before upgrading production. Current-release features and announced security timelines can change in later patch releases.