/^/
EasyProgramming3 min read

UUID Regex

Validates a standard 8-4-4-4-12 hyphenated UUID string, including the version nibble and RFC 4122 variant bits.

#uuid#guid#identifiers#validation#programming#database

Regex Pattern

^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$

Default flags: i

Pattern Breakdown

Hover over a token to see what it does.

^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
TokenMeaning
^Anchors the match to the start of the string
[0-9a-f]{8}First group: exactly 8 hexadecimal digits
-Literal hyphen separator between groups
[0-9a-f]{4}Second group: exactly 4 hexadecimal digits
[1-5]UUID version digit (1 through 5) that starts the third group
[89ab]RFC 4122 variant digit that starts the fourth group
[0-9a-f]{12}Fifth group: exactly 12 hexadecimal digits
$Anchors the match to the end of the string

Detailed Explanation

What it does

This pattern validates that a string is a properly formatted UUID (Universally Unique Identifier) in the canonical 8-4-4-4-12 hexadecimal format, and additionally checks that the version nibble is 1-5 and the variant nibble follows the RFC 4122 convention (8, 9, a, or b).

Why it works

UUIDs are 128-bit values conventionally rendered as five hyphen-separated groups of hex digits. The pattern enforces the exact digit count in each group via {n} quantifiers and locks the first character of the third and fourth groups to the valid version and variant ranges, which filters out random hex strings that merely look UUID-shaped but weren't generated by a compliant UUID algorithm.

Common use cases

  • Validating path parameters or query strings that should reference a database record by UUID
  • Filtering log lines or API payloads for well-formed UUIDs
  • Client-side validation before sending a UUID to a backend API
  • Distinguishing UUID primary keys from other identifier formats in mixed datasets

Edge cases

  • Uppercase UUIDs like 550E8400-E29B-41D4-A716-446655440000 match because of the case-insensitive flag
  • The nil UUID 00000000-0000-0000-0000-000000000000 does not match because its version digit is 0, not 1-5
  • UUIDs without hyphens (32 raw hex characters) are correctly rejected by this pattern
  • A version-7 or future UUID variant with a digit outside 1-5 would be rejected, which may need a pattern update as new UUID versions emerge

Limitations

  • Only validates the canonical hyphenated textual representation, not binary or base64-encoded UUIDs
  • Cannot verify the UUID was generated correctly (e.g. true randomness for v4), only that it is structurally well-formed
  • Rejects Microsoft GUIDs wrapped in braces like {550e8400-...} unless the braces are stripped first

Interactive Tester

Edit the pattern or text below — matching runs live in your browser.

123e4567-e89b-12d3-a456-426614174000 550e8400-e29b-41d4-a716-446655440000 550E8400-E29B-41D4-A716-446655440000

Test Cases

Editable — add your own inputs to see if they pass.

InputExpectedResult
Pass
Pass
Pass
Pass
Pass
Pass
Pass
Pass

Language Variants

Production-ready examples in 12 languages.

const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
console.log(uuidRegex.test('550e8400-e29b-41d4-a716-446655440000')); // true

Common Mistakes

Using a loose pattern like [0-9a-f-]{36} that accepts hyphens in the wrong places or wrong group lengths

Fix: Enforce exact group lengths with {8}, {4}, {4}, {4}, {12} separated by literal hyphens

Forgetting the case-insensitive flag and rejecting valid uppercase UUIDs returned by some databases and tools

Fix: Add the i flag or explicitly include A-F in the character classes

Assuming any 36-character hex-and-hyphen string is a UUID without checking the version/variant nibbles

Fix: Keep the [1-5] and [89ab] constraints to reject strings that are merely UUID-shaped but not spec-compliant

Performance Notes

  • Fixed-length character classes with {n} quantifiers make this pattern linear-time with no backtracking risk
  • Anchors at both ends prevent the engine from scanning for a match inside a longer string
  • Because every branch is deterministic, this pattern performs identically regardless of input length up to the fixed 36 characters

Browser Compatibility

EngineSupportedNotes
ChromeYes
FirefoxYes
SafariYes
EdgeYes
Node.jsYes