The Regex Cheat Sheet Every Developer Should Bookmark (2026)

·9 min read

Regex is one of those skills where the 20% you use covers 95% of the work. This cheat sheet collects that 20% — the anchors, character classes, quantifiers, groups and lookarounds you'll reach for weekly — with copy-paste examples that work in JavaScript, Python and grep.

Anchors: where the match happens

  • ^ — start of the string (or line, in multiline mode).
  • $ — end of the string (or line).
  • \b — word boundary. \bcat\b matches "cat" but not "category".
  • \B — non-word boundary.

Character classes

  • . — any character except newline.
  • \d / \D — digit / not a digit.
  • \w / \W — word character (letters, digits, underscore) / not a word character.
  • \s / \S — whitespace / not whitespace.
  • [abc] — a, b or c. [^abc] — anything except those. [a-z] — a range.

Quantifiers

  • ? — zero or one.
  • * — zero or more.
  • + — one or more.
  • {n}, {n,}, {n,m} — exactly, at least, between.
  • Add ? after any quantifier to make it lazy: .*? matches as little as possible.

Groups and alternation

  • (abc) — capturing group. Reference in a replacement as $1, $2, etc.
  • (?:abc) — non-capturing group. Use this by default; only capture when you need the value.
  • (?<name>abc) — named group. Reference as $<name> in replacements.
  • a|b — alternation. (cat|dog) matches either.

Lookarounds

  • (?=abc) — positive lookahead. Match must be followed by abc, but abc isn't consumed.
  • (?!abc) — negative lookahead.
  • (?<=abc) — positive lookbehind. Match must be preceded by abc.
  • (?<!abc) — negative lookbehind.

Lookarounds are the tool for "match X but only when Y" without polluting your capture groups.

Ten patterns you'll reuse

// Email (good enough, not RFC-perfect)
/^[^\s@]+@[^\s@]+\.[^\s@]+$/

// URL (http/https)
/^https?:\/\/[^\s/$.?#].[^\s]*$/i

// UUID v4
/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i

// ISO date YYYY-MM-DD
/^\d{4}-\d{2}-\d{2}$/

// Hex color (#fff or #ffffff)
/^#(?:[0-9a-f]{3}|[0-9a-f]{6})$/i

// Slug (letters, digits, hyphens)
/^[a-z0-9]+(?:-[a-z0-9]+)*$/

// Strong-ish password (min 12, upper, lower, digit, symbol)
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\w\s]).{12,}$/

// Trim leading/trailing whitespace
/^\s+|\s+$/g

// Duplicate consecutive words
/\b(\w+)\s+\1\b/gi

// Extract quoted string
/"([^"\\]|\\.)*"/g

Language quirks

  • JavaScript: no lookbehind in old Safari. Named groups ((?<name>...)) are supported in modern browsers.
  • Python: use raw strings — r"\bword\b" — so the backslashes reach the regex engine intact.
  • grep: default is basic regex. Use grep -E or egrep for the syntax above; \d and \w need grep -P (PCRE).

Debug regex safely

Never write a complex regex in a single pass. Build it incrementally, test each addition, and use a visual tool. Our Regex Tester highlights matches and named groups in real time, and stays in your browser — no pasting sensitive patterns into a third-party site.

Keep reading