From 206eb4a89a5ab7e87a82f8e073b2956221a6dcb8 Mon Sep 17 00:00:00 2001
From: Lovell Fuller <github@lovell.info>
Date: Sat, 18 Oct 2025 14:52:17 +0100
Subject: [PATCH] Limit colour strings to 200 chars, helps reduce effect of
 potential ReDoS

---
 lib/colour.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/colour.js b/lib/colour.js
index 8de8d332..b8b19b56 100644
--- a/lib/colour.js
+++ b/lib/colour.js
@@ -139,7 +139,10 @@ function toColorspace (colorspace) {
  * @throws {Error} Invalid value
  */
 function _getBackgroundColourOption (value) {
-  if (is.object(value) || is.string(value)) {
+  if (
+    is.object(value) ||
+    (is.string(value) && value.length >= 3 && value.length <= 200)
+  ) {
     const colour = color(value);
     return [
       colour.red(),