This RegExp would also match mydataTables.js. There's a reason all the others uses a ^.*\/-like pattern at the start, please do similar.

Also note all the other patterns are lower-cased. I believe the path is normalized to lowercase before the regexp is applied. Please follow this pattern also, else it may not match due to casing.

Fixed. Notice that the jquery library is also missing that same pattern. Let me know if that is expected or should be fixed.

No need to add this to the baked in default safelist also. It's not that common a library. Just having it in the typesMap.json should be fine.

Removed.

Please note that ace.js has a very generic folder name, ranging between "src", "src-min", "src-noconflict", etc. thus the need to match any folder name as a user is very likely to append the name.

In the data analyzed a user use the name "ace-src-min".

It's interesting looking at the repo at https://github.com/ajaxorg/ace-builds . I see multiple folders with different builds all including ace.js, so I get why this is needed. Does the safelist mechanism detect and exclude multiple folders for the same filename? It would be good to (have a) test to make sure. cc @RyanCavanaugh .

It does, I tested manually having an src-min folder and on another path src-noconflict, and it excluded both of the folders. I will work on an automated test on another PR.