REGEXVAULTv2.0
$regexvaultinit--verified --redos-safe

Regex that won't
embarrass you in production.

Stop copying from Stack Overflow. 417 battle-tested patterns audited for security, performance, and ReDoS safety.
5 engines. Free to use.

417

PATTERNS

100%

REDOS SAFE

5

ENGINES

417

AUDITED

Live Integration Lab
0.07ms
1 match
//i
Test Payload
Match
Match Highlighting
hello@regexvault.io

FEATURED PATTERNS

Curated selection across 6 categories

Browse Full Library — 417 Patterns
NET-IPV4|Web & Network/IPv4|SAFE

IPv4 Address (Strict 0–255)

Validates a complete IPv4 address, strictly enforcing that each octet is between 0 and 255. Rejects leading zeros, out-of-range values, and malformed syntax.

/^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])$/
complex|
JSPYGOPC
VIEW
NET-IPV4|Web & Network/IPv4|SAFE

IPv4 with CIDR Notation

Matches an IPv4 address in CIDR block notation (e.g. 192.168.1.0/24). Validates both the address portion (strict 0–255) and the prefix length (0–32).

/^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\/(?:3[0-2]|[12][0-9]|[0-9])$/
complex|
JSPYGOPC
VIEW
NET-IPV4|Web & Network/IPv4|SAFE

IPv4 Private Address Ranges

Matches only RFC 1918 private IPv4 addresses: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

/^(?:10\.(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){2}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])|172\.(?:1[6-9]|2[0-9]|3[01])\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])|192\.168\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9]))$/
complex|
JSPYGOPC
VIEW
DEV-CRON|Dev & Systems/Cron|SAFE

Cron Expression (Standard 5-Field)

Matches a standard 5-field Unix cron expression: minute hour day-of-month month day-of-week. Each field accepts a number, range, step, list, or wildcard.

/^(\*|[0-9]|[1-5][0-9])(?:[-/,](?:[0-9]|[1-5][0-9]))? (\*|[01]?[0-9]|2[0-3])(?:[-/,](?:[01]?[0-9]|2[0-3]))? (\*|[1-9]|[12][0-9]|3[01])(?:[-/,](?:[1-9]|[12][0-9]|3[01]))? (\*|[1-9]|1[0-2])(?:[-/,](?:[1-9]|1[0-2]))? (\*|[0-7])(?:[-/,][0-7])?$/
complex|
JSPYPC
VIEW
DEV-CRON|Dev & Systems/Cron|SAFE

Cron Minute Field

Validates the minute field of a cron expression: 0-59, wildcard, range, list, or step.

/^(?:\*(?:/[1-9]|/[1-5][0-9])?|(?:[0-9]|[1-5][0-9])(?:-(?:[0-9]|[1-5][0-9]))?(?:/[1-9]|/[1-5][0-9])?(?:,(?:[0-9]|[1-5][0-9]))*)$/
complex|
JSPYGOPC
VIEW
DEV-CRON|Dev & Systems/Cron|SAFE

Cron Hour Field

Validates the hour field of a cron expression: 0-23, wildcard, range, list, or step.

/^(?:\*(?:/[1-9]|/1[0-9]|/2[0-3])?|(?:[01]?[0-9]|2[0-3])(?:-(?:[01]?[0-9]|2[0-3]))?(?:/[1-9]|/1[0-9]|/2[0-3])?(?:,(?:[01]?[0-9]|2[0-3]))*)$/
complex|
JSPYGOPC
VIEW
FIN-CUR-|Finance/Currency & Money|SAFE

ISO 4217 Currency Code

Matches a 3-letter ISO 4217 currency code.

/^[A-Z]{3}$/
simple|
JSPYGOPC
VIEW
FIN-CUR-|Finance/Currency & Money|SAFE

Decimal Monetary Amount

Matches a monetary amount with up to 2 decimal places and optional thousands separators.

/^-?(?:(?:[1-9][0-9]{0,2}(?:,[0-9]{3})*)|0)(?:\.[0-9]{1,2})?$/
moderate|
JSPYGOPC
VIEW
FIN-CUR-|Finance/Currency & Money|SAFE

Monetary Amount with Currency Code

Matches a monetary amount prefixed or suffixed with an ISO 4217 currency code.

/^(?:([A-Z]{3})\s)?-?(?:(?:[0-9]+(?:,[0-9]{3})*)|0)(?:\.[0-9]{1,4})?(?:\s([A-Z]{3}))?$/
complex|
JSPYGOPC
VIEW
LOC-DATE|Localization/Date Formats|SAFE

ISO 8601 Date (YYYY-MM-DD)

Matches a calendar date in ISO 8601 basic date format with full validation of month and day ranges.

/^((?:19|20)[0-9]{2})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$/
moderate|
JSPYGOPC
VIEW
LOC-DATE|Localization/Date Formats|SAFE

US Date Format (MM/DD/YYYY)

Matches a US-style date in M/D/YYYY or MM/DD/YYYY format.

/^(0?[1-9]|1[0-2])/(0?[1-9]|[12][0-9]|3[01])/((?:19|20)[0-9]{2})$/
moderate|
JSPYGOPC
VIEW
LOC-DATE|Localization/Date Formats|SAFE

UK / European Date Format (DD/MM/YYYY)

Matches a UK/European-style date in D/M/YYYY or DD/MM/YYYY format.

/^(0?[1-9]|[12][0-9]|3[01])/(0?[1-9]|1[0-2])/((?:19|20)[0-9]{2})$/
moderate|
JSPYGOPC
VIEW
PII-EMAI|Identity & PII/Email Address|SAFE

Email Address (RFC 5321 Practical)

Matches a practical email address: local part + @ + domain. Balances RFC compliance with real-world usage.

/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$/i
complex|
JSPYGOPC
VIEW
PII-EMAI|Identity & PII/Email Address|SAFE

Email Local Part Only

Matches only the local part of an email address (before the @), with common character set.

/^(?![^@]*\.\.)[a-zA-Z0-9][a-zA-Z0-9._%+\-]{0,62}[a-zA-Z0-9]$|^[a-zA-Z0-9]$/
complex|
JSPYGOPC
VIEW
PII-EMAI|Identity & PII/Email Address|SAFE

Email Domain Part Only

Matches only the domain part of an email address (after the @).

/^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$/i
complex|
JSPYGOPC
VIEW
SEC-API-|Security/API Keys & Tokens|SAFE

Generic Bearer Token (Authorization Header)

Matches an HTTP Bearer token in an Authorization header value.

/^Bearer\s+([A-Za-z0-9\-._~+/]+=*)$/i
moderate|
JSPYGOPC
VIEW
SEC-API-|Security/API Keys & Tokens|SAFE

JSON Web Token (JWT) — Structure Validation

Matches a JWT string: three base64url-encoded segments separated by dots.

/^([A-Za-z0-9_-]+)\.([A-Za-z0-9_-]+)\.([A-Za-z0-9_-]+)$/
moderate|
JSPYGOPC
VIEW
SEC-API-|Security/API Keys & Tokens|SAFE

JWT Header (Decoded Algorithm Field)

Matches a decoded JWT header JSON string for algorithm validation.

/^\{"alg":"(HS256|HS384|HS512|RS256|RS384|RS512|ES256|ES384|ES512|PS256|PS384|PS512|EdDSA)","typ":"JWT"(?:,"kid":"[^"]{1,100}")?\}$/
complex|
JSPYGOPC
VIEW

API Access

Programmatic access to verified patterns for CI/CD pipelines.

FREQUENTLY ASKED QUESTIONS

Yes. All 417 patterns are free to browse, search, and copy as JavaScript implementations. No account required. Pro ($79/year) unlocks all 5 engine implementations (Python, Go, Java, PHP/PCRE), bookmarks, and priority pattern submission review.

Every pattern is formally audited for catastrophic backtracking using static analysis and dynamic stress testing with adversarial inputs. Patterns that pass are marked "Verified Safe" — patterns that fail are rejected, not published.

Yes. That's exactly what they're designed for. Each pattern includes test cases, known edge cases, and engine-specific implementation notes so you can deploy with confidence.

Visit /submit and fill out the form with your pattern, test cases, and documentation. Free submissions are reviewed in order. Pro subscribers get priority review within 48 hours.