Write efficient, error-free and safe regular expressions in JavaScript and TypeScript

Hello JavaScript and TypeScript developers,

We just released a set of rules to help you write efficient, error-free, and safe regular expressions.

While using regular expressions is something quite usual for a developer nowadays, it does not make it something easy to handle. It’s even regularly considered as being something “hard” to do by developers. Writing regular expressions is error-prone, can take time, and once written, identifying errors in them can also be extremely difficult.

Here is the full list of the new rules dedicated to regex:

Bug Detections:

  • S5856: Regular expressions should be syntactically valid
  • S5850: Alternatives in regular expressions should be grouped when used with anchors
  • S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
  • S6323: Alternation in regular expressions should not contain empty alternatives
  • S6328: Replacement strings should reference existing regular expression groups
  • S6324: Regular expressions should not contain control characters

Code Smell Detections:

  • S5860: Names of regular expressions named groups should be used
  • S6035: Single-character alternations in regular expressions should be replaced with character classes
  • S6326: Regular expressions should not contain multiple spaces
  • S6331: Regular expressions should not contain empty groups
  • S6325: Regular expression literals should be used when possible

These rules are available now on SonarCloud and will be included in SonarQube 9.1




On top of these rules, we added 8 more to really make sure you have efficient and error-free regexp.
Here is the list of added rules.

Bug Detections:

  • S6351: Regular expressions with the global flag should be used with caution
  • S5867: Regular expressions with Unicode property escapes should set Unicode flag
  • S5842: Repeated patterns in regular expressions should not match the empty string

Code Smell Detections:

  • S5869: Character classes in regular expressions should not contain the same character twice
  • S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can’t match the empty string
  • S5843: Regular expressions should not be too complicated
  • S6353: Regular expression quantifiers and character classes should be used concisely

Security Hotspots Detection:

  • S5852: Using slow regular expressions is security-sensitive