Regex Cheat Sheet 2026: Complete Reference for Regular Expressions

What is regex?

Regular expressions (regex or regexp) are patterns used to match character combinations in strings. They are one of the most powerful tools for text processing, validation, and extraction.

This cheat sheet covers everything from basic syntax to advanced patterns. Bookmark it for quick reference while building and debugging regular expressions.

Basic character matching

The simplest regex patterns match literal characters. Most characters match themselves, but some have special meaning.

• abc matches the exact string "abc"
• . matches any single character except newline
• \. matches a literal period (escape special characters with backslash)
• [abc] matches any one character: a, b, or c
• [^abc] matches any character except a, b, or c
• [a-z] matches any lowercase letter
• [A-Za-z0-9] matches any alphanumeric character

Quantifiers

Quantifiers specify how many times a character or group should match.

• * matches 0 or more times (greedy)
• + matches 1 or more times (greedy)
• ? matches 0 or 1 time (optional)
• {n} matches exactly n times
• {n,} matches n or more times
• {n,m} matches between n and m times
• *? +? ?? lazy versions (match as few as possible)

Anchors and boundaries

Anchors match positions, not characters. Use them to specify where in the string a match should occur.

• ^ matches start of string (or line with m flag)
• $ matches end of string (or line with m flag)
• \b matches word boundary
• \B matches non-word boundary
• (?=...) positive lookahead (followed by)
• (?!...) negative lookahead (not followed by)
• (?<=...) positive lookbehind (preceded by)
• (?<!...) negative lookbehind (not preceded by)

Character classes

Shorthand character classes match common character sets.

• \d matches any digit [0-9]
• \D matches any non-digit [^0-9]
• \w matches word character [A-Za-z0-9_]
• \W matches non-word character
• \s matches whitespace (space, tab, newline)
• \S matches non-whitespace
• \t matches tab
• \n matches newline

Groups and capturing

Groups allow you to apply quantifiers to multiple characters and capture matched text for later use.

• (abc) capturing group, matches "abc" and remembers it
• (?:abc) non-capturing group, matches but does not capture
• (?<name>abc) named capturing group
• \1 \2 backreference to captured group
• (a|b) alternation, matches "a" or "b"

Common regex flags

Flags modify how the regex engine interprets the pattern.

• g global: find all matches, not just the first
• i case-insensitive matching
• m multiline: ^ and $ match line start/end
• s dotall: . matches newline characters
• u unicode: enable full Unicode matching
• y sticky: match only at lastIndex position

Email validation pattern

Email validation with regex is notoriously complex. Here is a practical pattern that covers most valid addresses:

^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$

This pattern matches a local part with common characters, followed by @, a domain name with dots, and a TLD of at least 2 letters. For production use, consider using a library or sending a verification email.

URL matching pattern

Matching URLs requires handling protocols, domains, paths, and query strings:

https?:\/\/[\w.-]+(?:\.[\w.-]+)+[\w\-._~:/?#[\]@!$&'()*+,;=%]*

This matches http or https URLs with domain names and optional paths. For stricter validation, use the URL constructor in JavaScript.

Phone number patterns

Phone formats vary by country. Here are patterns for common formats:

• US: \(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}
• International: \+?\d{1,3}[-.\s]?\(?\d{1,4}\)?[-.\s]?\d{1,4}[-.\s]?\d{1,9}
• Digits only: ^\d{10,15}$

Date and time patterns

Common date format patterns:

• ISO 8601: \d{4}-\d{2}-\d{2}
• US format: \d{2}/\d{2}/\d{4}
• Time 24h: \d{2}:\d{2}(:\d{2})?
• Datetime: \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}

Password strength validation

Enforce password requirements with lookaheads:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

This requires at least 8 characters with lowercase, uppercase, digit, and special character. Adjust the character set and length based on your security requirements.

Greedy vs lazy matching

By default, quantifiers are greedy and match as much as possible. Add ? to make them lazy.

• <.*> greedy: matches "<div>content</div>" entirely
• <.*?> lazy: matches "<div>" only
• Use lazy quantifiers when extracting content between delimiters
• Greedy is faster when you expect long matches

Performance tips

Regex can be slow with complex patterns or long strings. Follow these tips:

• Avoid nested quantifiers like (a+)+ which cause catastrophic backtracking
• Use anchors (^ $) when matching whole strings
• Prefer specific character classes over .
• Use non-capturing groups (?:) when you do not need the match
• Compile regex once and reuse when matching multiple strings
• Consider atomic groups or possessive quantifiers if supported

JavaScript regex methods

JavaScript provides several methods for working with regex:

• test() returns true/false if pattern matches
• exec() returns match array with groups and index
• match() returns all matches (with g flag) or first match
• matchAll() returns iterator of all matches with groups
• replace() replaces matches with a string or function
• split() splits string by pattern matches
• search() returns index of first match or -1

Common mistakes to avoid

Watch out for these frequent regex pitfalls:

• Forgetting to escape special characters like . * + ? [ ] ( ) { } \ ^ $ |
• Using .* when you mean [^\n]* (greedy dot matches too much)
• Not anchoring patterns that should match whole strings
• Overcomplicating patterns that could be simpler
• Not testing edge cases like empty strings or special characters
• Assuming all regex flavors are identical (they differ between languages)