Make Tools
2026-04-05

Regex Cheat Sheet 2026

A practical regular expression reference with syntax, common patterns, and real-world examples. From basics to advanced lookaheads and named groups.

RegexPattern MatchingDeveloper Tools

Why Regex Still Matters in 2026

Regular expressions remain the most efficient way to validate, search, and transform text. Despite newer alternatives like parser combinators and PEG grammars, regex is embedded everywhere — form validation, log parsing, IDE find-and-replace, grep, sed, and data pipelines.

The challenge is memorizing the syntax. This cheat sheet gives you the patterns that cover 90% of real-world use cases, with examples you can test immediately in our Regex Tester.

Basic Syntax Reference

Character Classes

.       Any character (except newline)
\d      Digit [0-9]
\w      Word character [a-zA-Z0-9_]
\s      Whitespace (space, tab, newline)
\D      Non-digit
\W      Non-word character
\S      Non-whitespace
[abc]   Any of a, b, or c
[^abc]  Not a, b, or c
[a-z]   Any lowercase letter
[a-zA-Z] Any letter

Quantifiers

*       0 or more (greedy)
+       1 or more (greedy)
?       0 or 1
{3}     Exactly 3
{3,}    3 or more
{3,6}   Between 3 and 6
*?      0 or more (lazy)
+?      1 or more (lazy)

Anchors and Boundaries

^       Start of string (or line with /m flag)
$       End of string (or line with /m flag)
\b      Word boundary
\B      Non-word boundary

Essential Patterns You Will Actually Use

Email Validation

^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$

This catches most valid emails. For RFC 5322 compliance, the pattern gets much longer — but for practical form validation, this works well. Test it against your expected inputs using the Regex Tester.

URL Extraction

https?://[^\s<>"{}|\\^\`\[\]]+

Matches HTTP and HTTPS URLs without over-matching. Useful for link extraction from text content.

Phone Number (International)

^\+?[1-9]\d{1,14}$

Follows the E.164 format. For specific country formats, you will need more targeted patterns.

IPv4 Address

^(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)$

Validates each octet is 0-255. The alternation handles the range constraints that simple \d{1,3} cannot.

Date Formats

# ISO 8601: 2026-04-05
^\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])$

# US format: 04/05/2026
^(?:0[1-9]|1[0-2])/(?:0[1-9]|[12]\d|3[01])/\d{4}$

Hex Color Codes

# Matches #RGB, #RRGGBB, and #RRGGBBAA
^#(?:[0-9a-fA-F]{3,4}){1,2}$

Capture Groups and Backreferences

Capture groups let you extract parts of a match and reorganize text:

# Swap first and last name
Find:    (\w+)\s+(\w+)
Replace: $2, $1

# Result: "John Smith" → "Smith, John"

Named Groups

Named groups improve readability, especially in complex patterns:

# Named capture (JavaScript)
(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2})

# Access in JavaScript
const match = "2026-04-05".match(/(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2})/);
console.log(match.groups.year);  // "2026"

Non-Capturing Groups

Use (?:...) when you need grouping without capturing. This is faster and avoids polluting your capture list:

# Match "Mr." or "Mrs." or "Ms." without capturing the title
(?:Mr|Mrs|Ms)\.\s+\w+

Lookahead and Lookbehind

These zero-width assertions match positions without consuming characters:

# Positive lookahead: match "foo" only if followed by "bar"
foo(?=bar)

# Negative lookahead: match "foo" NOT followed by "bar"
foo(?!bar)

# Positive lookbehind: match "bar" only if preceded by "foo"
(?<=foo)bar

# Negative lookbehind: match "bar" NOT preceded by "foo"
(?<!foo)bar

Practical Example: Password Validation

# At least 8 chars, one uppercase, one lowercase, one digit, one special
^(?=.*[a-z])(?=.*[A-Z])(?=.\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

Each lookahead enforces one constraint without advancing the position. The final character class defines the allowed characters and minimum length.

Flags (Modifiers)

g  Global — find all matches, not just the first
i  Case-insensitive
m  Multiline — ^ and $ match line boundaries
s  Dotall — . matches newlines too
u  Unicode support (enables \p{} classes)
x  Verbose/extended — allows whitespace and comments

Greedy vs Lazy Matching

By default, quantifiers are greedy — they match as much as possible. Add ? to make them lazy:

# Input: <p>hello</p><p>world</p>

# Greedy (matches too much)
<.*>     →  "<p>hello</p><p>world</p>"

# Lazy (matches minimum)
<.*?>    →  "<p>", then "</p>", then "<p>", then "</p>"

In most cases, lazy matching is what you want for tag and delimiter extraction.

Common Mistakes

  1. Not escaping special characters: Use \. to match a literal dot, \( for a literal parenthesis.
  2. Using regex for structured data: Do not parse HTML or JSON with regex. Use proper parsers.
  3. Catastrophic backtracking: Nested quantifiers like (a+)+ can hang on non-matching input. Use atomic groups or possessive quantifiers.
  4. Forgetting anchors: Without ^ and $, your pattern matches partial strings. \d+ matches "abc123" — ^\d+$ does not.

Testing Your Regex

Never deploy a regex without testing it against edge cases. Our Regex Tester provides real-time matching, group highlighting, and replacement preview — all running in your browser.

Conclusion

Regex is a power tool: incredibly effective when used correctly, dangerous when misused. Start with simple patterns, test thoroughly, and escalate to more complex constructs only when needed. Keep this cheat sheet bookmarked, and reach for the Regex Tester whenever you need to verify a pattern.

Ready to try it?

Open Tool →
← Back to Blog