What is the best regex for validating an email address?

For most cases use a simple safe pattern: /^[^@\s]+@[^@\s]+\.[^@\s]+$/ — it covers 99% of real-world emails and prevents header injection. For strict RFC 5322 compliance, see the "Strict Email Validation RFC 5322" pattern at https://regexlib.dev/regex/email-strict.

How do I write a strong password regex with at least 12 characters and a special character?

Use positive lookaheads: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{12,}$ — enforces lowercase, uppercase, digit, special character, and a 12-char minimum. See https://regexlib.dev/regex/password-very-strong.

What is the regex for ISO 8601 datetime with timezone?

^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{1,9})?(?:Z|[+-]\d{2}:\d{2})$ — accepts UTC (Z) or ±HH:MM offsets, with optional fractional seconds. Full reference at https://regexlib.dev/regex/iso-date-with-timezone.

How do I match a UUID v4 with regex?

^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$ — the "4" before the third hyphen and the [89ab] before the fourth ensure version 4 and a valid variant. See https://regexlib.dev/regex/uuid-v4.

How can I detect leaked Stripe, AWS, or OpenAI API keys in code?

Use prefix-anchored patterns: Stripe sk_(live|test)_[A-Za-z0-9]{24,}, AWS AKIA[0-9A-Z]{16}, OpenAI sk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,}, Google AIza[0-9A-Za-z_-]{35}. Combine in a single pre-commit hook to catch leaks.

Does regex validate that a date is real (e.g., not February 31)?

No. Regex checks the format only. Pair the regex with new Date(value) in JavaScript or datetime.fromisoformat() in Python to verify the calendar correctness.

What is the simplest regex for an IPv4 address with octet validation?

^(?:(?:25[0-5]|2[0-4]\d|[01]?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d?\d)$ — enforces each octet between 0 and 255. See https://regexlib.dev/regex/ipv4.

How do I extract all URLs from a text with regex?

Use the global flag with: /https?:\/\/[^\s<>"']+/g — call text.match(re) to get every match. See https://regexlib.dev/regex/url-extract.

Why does my regex work in JavaScript but not in Python or Java?

Different engines have different syntax. JavaScript uses ECMAScript regex, Python uses re (PCRE-like, no recursion), Java uses java.util.regex (no \K), and Go uses RE2 (no lookarounds). Use the per-language code snippets on each pattern page — they escape the pattern correctly for each language.

Is RegexLib free? Do I need to sign up?

Yes, regexlib.dev is 100% free, no signup, no ads, and no rate limits. You can copy any pattern, test it live, and use the snippets in your project without attribution.

What is the regex for stripe webhook secret?

The regex pattern for stripe webhook secret is: ^whsec_[A-Za-z0-9]{32,}$ — Detects a Stripe webhook signing secret (whsec_). Useful for leak-detection and secret scanning. It matches inputs like whsec_AbCdEf0123456789AbCdEf0123456789 and rejects inputs like whsec_short, pk_test_AbCdEf0123456789AbCdEf0123456789.

How do I use the Stripe Webhook Secret regex in Python?

Import re and use re.fullmatch(r"^whsec_[A-Za-z0-9]{32,}$", value) for whole-string validation, or re.findall(r"^whsec_[A-Za-z0-9]{32,}$", text) to extract matches. Compile with re.compile() for repeated use.

Is the stripe webhook secret regex production-ready?

Yes — every pattern is tested against valid and invalid examples. For critical inputs, pair it with server-side validation: Luhn algorithm for credit cards, mod-97 for IBAN, real DNS / MX lookup for emails, libphonenumber for phone numbers.

Why does the stripe webhook secret regex fail in Python, Java, or Go?

Different regex engines (ECMAScript, PCRE, java.util.regex, Python re, Go RE2) support slightly different syntax — RE2 has no lookarounds or backreferences. Use the per-language code snippets above; they escape the pattern correctly for each language.

Can I edit and test the stripe webhook secret regex live?

Yes — use the live tester on this page. Type your test string and toggle flags (g, i, m, s, u, y) to see matches and capture groups highlighted instantly. The URL is shareable.

Security

Stripe Webhook Secret Regex Pattern

Detects a Stripe webhook signing secret (whsec_). Useful for leak-detection and secret scanning.

Pattern

^whsec_[A-Za-z0-9]{32,}$

Tested examples

whsec_AbCdEf0123456789AbCdEf0123456789

whsec_short

pk_test_AbCdEf0123456789AbCdEf0123456789

Test it live

Live Regex TesterJS

1 match

Pattern

Test string

Result

whsec_AbCdEf0123456789AbCdEf0123456789

Match 1at index 0

whsec_AbCdEf0123456789AbCdEf0123456789

Use it in your language

Use it in

// JavaScript / Node.js
const regex = /^whsec_[A-Za-z0-9]{32,}$/;
const value = "whsec_AbCdEf0123456789AbCdEf0123456789";
const isMatch = regex.test(value);
console.log(isMatch); // true / false

// Extract all matches
const matches = value.match(/^whsec_[A-Za-z0-9]{32,}$/g) || [];

Frequently asked questions

How do I use the Stripe Webhook Secret regex pattern in JavaScript?

Wrap the pattern in slashes: const re = /^whsec_[A-Za-z0-9]{32,}$/; — then call re.test(value) to check a single value, or value.match(re) to find matches. The "Use it in" snippets above give you the exact code for 9 languages.

Is this stripe webhook secret regex production-ready?

Yes — every pattern in the library is tested against valid and invalid examples. Still, regex is one layer in a defense-in-depth strategy: pair it with server-side validation (e.g. Luhn for credit cards, mod-97 for IBAN, real DNS lookup for emails) for critical inputs.

Why does my pattern fail in another language?

Different regex engines (PCRE, Java, Python, Go's RE2) support slightly different syntax. The most common gotchas: lookbehinds (not in RE2), named groups syntax, and how backslashes need to be escaped inside string literals. The code snippets above already escape correctly for each language.

Can I edit this pattern and test it live?

Yes — use the live tester above. Type your test string and toggle flags (g, i, m, s, u, y) to see matches highlighted instantly, including capture groups.

Related patterns

See all Security →

Security

All patterns Open regex tester Regex cheatsheet

Stripe Webhook Secret Regex Pattern

Tested examples

Test it live

Use it in your language

Tags

Frequently asked questions

Related patterns

SQL Injection Detection

Strong Password

JWT Token

Ultra-Secure Password

Basic XSS Detection

TOTP / OTP Code