DEVELOPER REFERENCE

Regex Cheat Sheet: Patterns, Flags, and Safer Testing

This quick reference targets JavaScript regex syntax. A pattern match does not prove that input is real or trustworthy; email, identity, URL, and security checks still need domain rules and server-side validation.

Test in the live tool
01

Core building blocks

SyntaxMeaningExample
.Any single character except a line breaka.c
\d / \DDigit / non-digit\d{4}
\w / \WASCII word character / inverse\w+
[a-z] / [^a-z]Range / negated character class[A-F0-9]
^ / $Start / end of input or line^OK$
02

Repetition and grouping

SyntaxMeaningExample
* / + / ?Zero-or-more / one-or-more / optionalhttps?
{n} / {n,m}Exact or ranged repetition\d{2,4}
(abc) / (?:abc)Capturing / non-capturing group(?:png|webp)
(?<name>...)Named capture group(?<year>\d{4})
(?=...) / (?!...)Positive / negative lookahead\d+(?=px)
03

JavaScript flags

SyntaxMeaningExample
gFind all matches rather than stopping at the first
iCase-insensitive matching
mMake ^ and $ operate per line
sAllow . to match line breaks
u / vUnicode modes; check engine support
FAQ

Common questions

Can regex validate an email address?+

Regex checks only a format candidate. Deliverability and ownership require a verification email.

What is ReDoS risk?+

Poorly designed nested quantifiers can cause extreme backtracking. Bound input, test patterns, and isolate untrusted expressions.