What does the Conventional Commit Message regex match?

Validates a Conventional Commits 1.0.0 message: type(scope)!: description.

Is the Conventional Commit Message regex ReDoS-safe?

Yes. Manually audited and tested against ReDoS attack strings. Anchors and possessive-style constraints prevent runaway backtracking paths.

Dev & Systems/Git

Verified Safe

Conventional Commit Message Regex for JavaScript

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching conventional commit message, ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// Conventional Commit Message
// ReDoS-safe | RegexVault — Dev & Systems > Git

const conventionalCommitMessageRegex = /^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert|wip)(?:\(([a-zA-Z0-9\-_\/]+)\))?(!)?: (.+)$/;

function validateConventionalCommitMessage(input: string): boolean {
  return conventionalCommitMessageRegex.test(input);
}

// Example
console.log(validateConventionalCommitMessage("feat: add user authentication")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`feat: add user authentication`	`add feature`
`fix(auth): resolve token expiry bug`	`FIX: resolve bug`
`feat(api)!: remove deprecated endpoint`	`feat(): empty scope`
`docs: update README`	`feat:`
`chore(deps): bump lodash to 4.17.21`	`unknown: message type`

When to use this pattern

This pattern is drawn from the Dev & Systems > Git category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

The ! indicator is separate from 'BREAKING CHANGE:' in the footer — both must be detected. A commit with feat!: triggers a major version bump in semantic-release tooling.

Technical Notes

Group 1 = type, group 2 = scope (optional), group 3 = ! breaking change (optional), group 4 = description. BREAKING CHANGE can also appear in the footer. Conventional commits enable automated changelog generation.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern