10 Common Regex Patterns Every Developer Should Know

Feb 18, 2026 · 8 min read

TL;DR: Here are 10 ready-to-use regex patterns for emails, URLs, IP addresses, dates, phone numbers, passwords, hex colors, HTML tags, whitespace cleanup, and number extraction. Copy them, tweak them, ship them.

Let's be honest — most developers don't memorize regex. They keep a collection of patterns they've tested, and they copy-paste the right one when needed. Consider this your collection. Each pattern below is battle-tested, explained in plain English, and ready to use.

😄

Dev Joke: Regex is like a superpower — with great power comes great responsibility, and also great confusion when you look at your own code three months later.

1. Email Address

^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$

What it catches: user@example.com, first.last+tag@sub.domain.org

How to read it: "One or more valid characters, then @, then domain parts, then a dot, then at least 2 letters for the TLD."

💡

Reality check: The full email spec (RFC 5322) is way more complex than any regex can handle. This covers 99% of real emails. For production, always confirm with a verification email too.

2. URL (HTTP/HTTPS)

https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)

What it catches: https://example.com, http://www.test.co.uk/path?q=1#section

Simpler version if you just need to spot URLs in text:

https?:\/\/\S+

This won't validate the URL perfectly, but it'll find everything that starts with "http://" or "https://" and grabs all non-whitespace characters after it. Good enough for most link-finding tasks.

3. IPv4 Address

^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$

Accepts: 192.168.1.1, 0.0.0.0, 255.255.255.255

Rejects: 256.1.1.1, 192.168.1 (only 3 octets), 1.2.3.4.5 (too many)

The clever part here is how it validates each number is 0-255. It uses three alternatives: 25[0-5] for 250-255, 2[0-4]\d for 200-249, and [01]?\d\d? for 0-199. It's one of those patterns that looks intimidating but is actually very methodical.

🌐 Validating IP addresses: because "999.999.999.999" is not a real server

4. Date (YYYY-MM-DD)

^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$

Accepts: 2026-02-18, 2000-01-01

Rejects: 2026-13-01 (month 13), 2026-03-32 (day 32)

⚠️

Heads up: This pattern won't catch impossible dates like February 30th — it only checks the format. For full date validation, parse the date with your language's date library after the regex check passes.

5. US Phone Number

^(\+1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}$

Accepts: (555) 123-4567, 555-123-4567, +1 555.123.4567, 5551234567

This handles the many ways Americans write phone numbers — with parentheses, dashes, dots, spaces, or no separators at all. For international numbers, you're better off with a library like libphonenumber.

6. Strong Password

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

Requires: At least 8 characters, one uppercase, one lowercase, one digit, one special character.

This uses lookaheads — they're like checkpoints that say "make sure this condition is true somewhere in the string" without actually consuming characters. Each (?=.*[something]) is a separate checkpoint.

💡

Modern advice: NIST now recommends focusing on password length (12+ characters) and checking against breach databases rather than enforcing complex character rules. "correct horse battery staple" is more secure than "P@ssw0rd!" and way easier to remember.

7. Hex Color Code

^#([0-9A-Fa-f]{3}|[0-9A-Fa-f]{6}|[0-9A-Fa-f]{8})$

Accepts: #fff, #FF5733, #00FF00CC (with alpha channel)

Supports 3-digit shorthand (#RGB), 6-digit standard (#RRGGBB), and 8-digit with alpha (#RRGGBBAA). Perfect for CSS color validation.

8. HTML Tags

<([a-z][a-z0-9]*)\b[^>]*>(.*?)<\/\1>

Catches: <p>text</p>, <div class="x">content</div>

The cool part is \1 — that's a backreference that says "match whatever the first group captured." So if the opening tag is <div>, it'll only match </div>, not </span>.

⚠️

Important: Regex cannot properly parse nested HTML. For anything beyond flat, simple markup, use a real HTML parser like DOMParser (browser) or cheerio (Node.js). This pattern is handy for quick log parsing, not building an HTML engine.

9. Whitespace Cleanup

Three patterns for the most common whitespace operations:

// Collapse multiple spaces into one
"hello    world".replace(/\s{2,}/g, " ");
// "hello world"

// Remove blank lines
text.replace(/^\s*\n/gm, "");

// Remove all whitespace
"h e l l o".replace(/\s/g, "");
// "hello"

🧹 Regex: your text janitor, cleaning up messy whitespace

10. Extract Numbers from Text

-?\d+(\.\d+)?

Catches: 42, -7, 3.14, -0.5, 1000

const text = "Price: $19.99, Qty: 3, Discount: -2.50";
const numbers = text.match(/-?\d+(\.\d+)?/g);
// ["19.99", "3", "-2.50"]

// Convert to actual numbers
const values = numbers.map(Number);
// [19.99, 3, -2.5]

Performance Tips (Because Regex Can Be Slow)

Avoid catastrophic backtracking — Patterns like (a+)+b can take exponential time on certain inputs. If your regex runs slow, this is usually why.
Be specific — [a-zA-Z0-9] is faster than . because the engine has fewer options to try.
Use anchors — ^pattern$ tells the engine there's only one place to check. Much faster than scanning an entire string.
Compile once, use many — Define regex outside loops. In Python, use re.compile().

Try It Yourself

Copy any of these patterns into our regex tester to see them in action. Tweak the pattern, change the test string, and see matches highlighted in real time.

Open Regex Tester →