Tech blog and developer tools
^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&/=]*)$^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$^\+?[1-9]\d{1,14}$^\(?\d{2}\)?\s?9?\d{4}[-\s]?\d{4}$^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$^\d{3}\.?\d{3}\.?\d{3}-?\d{2}$^\d{2}\.?\d{3}\.?\d{3}\/?\d{4}-?\d{2}$^\d{5}-?\d{3}$^\d{3}-?\d{2}-?\d{4}$^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})$^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$^(0[1-9]|[12]\d|3[01])\/(0[1-9]|1[0-2])\/\d{4}$^([01]\d|2[0-3]):[0-5]\d(:[0-5]\d)?$^#([0-9a-fA-F]{3}|[0-9a-fA-F]{6}|[0-9a-fA-F]{8})$^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$^[a-z0-9]+(?:-[a-z0-9]+)*$^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-[a-zA-Z0-9.]+)?(\+[a-zA-Z0-9.]+)?$^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$^Bearer\s+[A-Za-z0-9\-._~+/]+=*$^(sk|pk|api|key|token)_(live|test|prod|dev)_[A-Za-z0-9]{16,}$^[0-9a-fA-F]{64}$^[A-Za-z0-9+/]+=*$^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&#])[A-Za-z\d@$!%*?&#]{8,}$^[a-zA-Z0-9_-]{3,20}$^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$Regular expressions (regex) are patterns used to match character combinations in strings. The concept was introduced by mathematician Stephen Cole Kleene in 1951 as part of formal language theory. Ken Thompson brought regex into computing in 1968 when he implemented them in the QED text editor, which later influenced grep, one of the most important Unix commands ever created.
The name "grep" literally stands for "globally search for a regular expression and print matching lines" (g/re/p). Today, regex is built into virtually every programming language, text editor, and IDE. It is one of the most powerful tools in a developer's arsenal, though it has a reputation for being hard to read, leading to the famous Jamie Zawinski quote: "Some people, when confronted with a problem, think 'I know, I'll use regular expressions.' Now they have two problems."
Fun fact: regex engines come in two main flavors. NFA (Nondeterministic Finite Automaton) engines, used by Perl, Python, and JavaScript, try every possible match path. DFA (Deterministic Finite Automaton) engines, used by grep and awk, are faster but less feature-rich. Some patterns can cause NFA engines to take exponential time, a vulnerability called ReDoS (Regular Expression Denial of Service).
The official regex for validating email addresses according to RFC 5322 is over 6,000 characters long. In practice, most developers use a simplified pattern because the full spec allows bizarre but valid addresses like "user@[IPv6:::1]".
Web Application Firewalls (WAFs) use regex patterns to detect SQL injection, XSS attacks, and other threats. Security tools like Snort and ModSecurity maintain extensive regex rule sets. Many secret scanners also use regex to find leaked API keys in code.
Advanced regex features like lookaheads (?=...) and lookbehinds (?<=...) let you match patterns based on what comes before or after without including it in the match. Password validation often uses lookaheads to check for multiple requirements simultaneously.
Tools like regex101.com and regexr.com let you test patterns interactively with explanations. regex101 even shows you the match steps, which is invaluable for debugging complex patterns. These are essential tools in every developer's bookmarks.