Regex Cheat Sheet & Tester

About this tool

Search, copy, and test regular expressions instantly.

Search 80+ ready-to-copy regex patterns and test your own regex against sample text — all in your browser.

RT-DEV-065 · Developer Tools

Pattern library

Live tester

Pattern

Test against

How to use the regex cheat sheet

Search or filter the library

Type a keyword in the search box (e.g. "email", "URL", "Singapore postal") or click a category pill to narrow the list. Every pattern shows a one-line example of what it matches.

Copy a pattern

Click Copy to grab the pattern as text, or click Use to push it straight into the tester on the right with the flags already set.

Paste your sample text

Drop the text you want to search into the "Test against" box. The tool runs your regex against the text on every keystroke and highlights every match in yellow.

Adjust flags as needed

The flags box accepts g (global), i (case-insensitive), m (multi-line), s (dot matches newline) and u (unicode). The match count updates live; an invalid regex shows a red error line.

Regular expressions — the developer's swiss-army knife

Regular expressions ("regex") are tiny domain-specific languages for describing patterns in text. A pattern like \b\d{3}-\d{4}\b describes "three digits, a hyphen, four digits, as a whole word." Once written, regex engines built into PHP, JavaScript, Python, Java, Ruby, Go, Rust, and every modern command-line tool can find, validate, split, or replace text matching that pattern at high speed. For developers, regex is the difference between writing thirty lines of string-walking code and writing one line that does the same job, faster.

Where regex shines

The honest answer is: anywhere you'd otherwise write a parser-by-hand for a small, well-defined format. Validating that an email looks roughly right, extracting all URLs from a markdown document, splitting a phone number into country code and local digits, finding all occurrences of a UUID in a log file, replacing every Singapore NRIC with a redacted placeholder before sending logs offshore — these are all 1-to-3-line regex problems. The tool above ships with 80+ patterns covering most of the common cases so you don't have to redesign them from scratch each time.

Where regex stops being the right tool

The classic example is parsing HTML or JSON with regex. These languages are nested, and regex (with the textbook computer-science definition of "regular") cannot match arbitrarily nested structures. Real-world engines like PCRE add features that bend the rule — backreferences, recursive subpatterns — but the maintainability cost is enormous. If you find yourself writing more than 60 characters of regex for a single pattern, or nesting capture groups three levels deep, stop and use a proper parser. DOMDocument in PHP, BeautifulSoup in Python, cheerio in Node — they exist for a reason.

ASEAN-specific patterns

Many regex collections online focus on US/UK formats. The library here includes patterns calibrated for Southeast Asian use: Singapore NRIC (S/T/F/G/M-prefix plus seven digits plus a checksum letter), Singapore postal code (six digits, but only certain three-digit prefixes are valid sector codes), Malaysia IC number (twelve digits in YYMMDD-PB-#### format), Indonesian KTP (sixteen digits), Singapore phone numbers (eight digits starting with 6, 8, or 9), and Singaporean GST registration numbers. Bookmark these — the regional-format ones are the patterns most often missing from the generic Stack Overflow answers.

Flags, anchors, and the global flag

Two small details cause more confusion than they should. First, the g (global) flag does not change what a pattern matches — it only tells the engine "find all matches" rather than "find the first." If your live tester is showing only one highlight when you expect many, you have probably forgotten the g. Second, anchors. ^ and $ mean "start" and "end" of the input by default. Add the m (multi-line) flag and they become "start" and "end" of each line. Knowing which one you need before you start writing the pattern saves hours of "why isn't this matching" debugging.

When regex is the wrong tool

Three flags that say "stop and reach for a real parser": you are matching balanced brackets at arbitrary depth, you are extracting structured data from JSON or HTML, or your pattern has grown past one screen of text. Use a proper parser library for those. Regex is brilliant for flat, regular patterns inside a single line; it is fragile and slow for grammars.

10 regex facts every developer should know

Regular expressions were introduced by mathematician Stephen Kleene in 1951 as a way to formalise pattern matching in automata theory — three decades before they became a programming staple.

The Unix tool grep was written by Ken Thompson in 1973 and got its name from the ed editor command g/re/p — "globally search a regular expression and print." It still ships with every Unix-like OS today.

JavaScript's regex engine uses backtracking, which means catastrophically bad patterns can take exponential time on certain inputs. The (a+)+b pattern against "aaaaaaaaaaaaaaaaX" can hang a tab for minutes.

The shortest valid email regex per RFC 5322 is over 6,400 characters long. Almost no one uses it; most production code accepts a simpler 30-character approximation and verifies via a confirmation email instead.

The Singapore NRIC checksum is computed by multiplying each digit by a fixed weight, summing, mod 11, then mapping to a letter — making a "syntactically valid" NRIC regex possible but a "really valid" check requires the math too.

Python's re module compiles patterns to bytecode and caches the most-recent 512 compilations. Repeated calls to re.search(pattern, text) with the same pattern are nearly free.

The g flag is JavaScript-specific. In PHP, you pass preg_match_all instead of preg_match. In Python, you use re.findall instead of re.search. Same concept, different syntax.

Cloudflare suffered a major outage in 2019 caused by a single regex that took exponential time on certain inputs. The post-mortem became required reading for backend engineers everywhere.

Named capture groups (?<name>pattern) are supported in modern JavaScript (since 2018), PHP, Python, and .NET — making complex extraction patterns dramatically more readable than numbered groups.

The "Greek question mark" ; looks identical to a regular semicolon. Regex written to clean source code that doesn't normalise unicode first will silently miss every line that uses one — a classic invisible-bug source.

Frequently asked questions

Why doesn't my pattern match all occurrences?

You're missing the g (global) flag. Without it, the engine returns after the first match. Add g to the flags box on the right side of the pattern input.

In ASCII contexts they are identical. With the unicode flag (u) enabled, \d in some engines additionally matches digit characters from other scripts (Arabic-Indic, etc.). For predictable English-only matching, prefer [0-9].

Use regex for flat, well-defined patterns: emails, phone numbers, IDs, dates, simple log lines. Use a real parser for nested structures: HTML, JSON, XML, source code. If your regex exceeds about 60 characters or nests groups three levels deep, switch to a parser.

No — regex can only validate format. The patterns confirm a Singapore NRIC looks like an NRIC (correct length, valid prefix letter), but checking the final checksum letter requires arithmetic. Use a dedicated validator for full validation.

Also called the "dotall" flag. By default, the . metacharacter matches any character except a newline. With s enabled, . matches newlines too — useful for matching across multiple lines.

It depends on the m (multi-line) flag. Without m, ^ matches only the start of the entire input and $ the end. With m, both match at every line boundary. Same for $.

In the strict sense, no — that requires a context-free grammar. Real-world engines like PCRE add recursive subpatterns ((?R)) that handle limited nesting, but the patterns become unreadable. For nested structures, write a proper parser.

A pattern like (a+)+b on input "aaaaX" — the engine tries every possible split of the a's before giving up. Inputs that look harmless can take minutes to fail. Avoid nested quantifiers; prefer atomic groups or possessive quantifiers if your engine supports them.

Yes. The tool uses the browser's built-in RegExp object. Your pattern and test text never leave the page; nothing is sent to any server. You can verify this by opening the browser network tab — no requests fire while you type.

Most do. The library uses syntax that is portable across PCRE (PHP), Python re, Java java.util.regex, and JavaScript. A few JavaScript-specific shortcuts (e.g. lookbehind support varies) are noted in the pattern description where relevant.