What does the File Extension Extraction regex match?

Extracts the file extension from a filename, handling dotfiles, multiple dots, and full paths.

Is the File Extension Extraction regex ReDoS-safe?

Yes. Verified through static analysis: no ambiguous alternations or nested quantifiers that could trigger exponential backtracking.

How do I use this regex in javascript?

// No imports required — RegExp is built into JavaScript const regex = /(?:^|\\/)([^\\/\s\.]+[\w.]*\.([a-zA-Z0-9]{1,10}))$/i; const isValid = regex.test(input);

Dev & Systems/File Paths

Verified Safe

File Extension Extraction Regex for JavaScript

/(?:^|\/)([^\/\s\.]+[\w.]*\.([a-zA-Z0-9]{1,10}))$/i

What this pattern does

This page provides a well-structured, multi-part regular expression for matching file extension extraction, ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// File Extension Extraction
// ReDoS-safe | RegexVault — Dev & Systems > File Paths

const fileExtensionExtractionRegex = /(?:^|\\/)([^\\/\s\.]+[\w.]*\.([a-zA-Z0-9]{1,10}))$/i;

function validateFileExtensionExtraction(input: string): boolean {
  return fileExtensionExtractionRegex.test(input);
}

// Example
console.log(validateFileExtensionExtraction("file.txt")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`file.txt`	`.gitignore`
`archive.tar.gz`	`noextension`
`/path/to/file.json`	`file.`
`document.PDF`	`file.toolongextension123`
`script.min.js`	—

When to use this pattern

This pattern is drawn from the Dev & Systems > File Paths category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

MIME type validation should use magic bytes (file content), not extension alone. Attackers use double extensions (invoice.pdf.exe) to disguise executables.

Technical Notes

Group 1 = final extension segment. For compound extensions like .tar.gz, extract the last segment (gz). Extension limited to 10 chars. Dotfiles (.gitignore) have no extension.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern