Docker Image Tag Regex for JavaScript
/^[a-zA-Z0-9][a-zA-Z0-9._\-]{0,127}$/What this pattern does
This page provides a well-structured, multi-part regular expression for matching docker image tag, ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.
Javascript Implementation
// Docker Image Tag
// ReDoS-safe | RegexVault — Dev & Systems > Docker
const dockerImageTagRegex = /^[a-zA-Z0-9][a-zA-Z0-9._\-]{0,127}$/;
function validateDockerImageTag(input: string): boolean {
return dockerImageTagRegex.test(input);
}
// Example
console.log(validateDockerImageTag("latest")); // trueTest Cases
Matches (Valid) | Rejects (Invalid) |
|---|---|
latest | :latest |
1.0.0 | .latest |
v2.3.4-alpine | -latest |
20240101 | tag with spaces |
main | — |
sha-abc1234 | — |
When to use this pattern
This pattern is drawn from the Dev & Systems > Docker category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.
Common Pitfalls
Using 'latest' in production is a reliability risk — the image content can change without warning. Use explicit versioned tags or digest pinning.
Technical Notes
Tags cannot start with a period or hyphen. 'latest' is the default tag if none is specified. Always pin to a digest (sha256:...) for reproducible deployments in production.
Have a pattern that belongs in the vault?
Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.
Submit a Pattern