validation
UUID (Any Version) Regex Pattern
Validates any UUID format (v1, v3, v4, v5, v7) — 8-4-4-4-12 hex digits with dashes. Case-insensitive by pattern (accepts both upper and lower hex). If you need to lock to v4 specifically, use the UUID v4 pattern.
/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/ What each part matches
[0-9a-fA-F]{8} — 8 hex digits (any case)- — literal dash{4}, {4}, {4}, {12} — the remaining 4-4-4-12 groups✓ These match
- 550e8400-e29b-41d4-a716-446655440000
- 01890a5c-4d5e-7000-a000-000000000000
- F47AC10B-58CC-4372-A567-0E02B2C3D479
✗ These don't
- 550e8400-e29b-41d4-a716
- not-a-uuid
- 550e8400e29b41d4a716446655440000
Use in your code
JavaScript
const re = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
re.test(input); // → true or false Python
import re
re.fullmatch(r"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", input) PHP (PCRE)
preg_match('/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/', $input); Go
re := regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$`)
re.MatchString(input) FAQ
Does this uuid (any version) regex work in JavaScript?
Yes. Every pattern in the Utilko regex library is tested to work in JavaScript RegExp, PCRE (PHP, Nginx), and Python `re`. Where flavor matters (lookbehind, named groups), the pattern page flags it.
How do I use this pattern?
Copy the pattern from the code block above. In JavaScript:
new RegExp('^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$') or literal /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/. Or click "Try in regex tester" to open it pre-loaded in Utilko's browser-based regex tester.Should I use this for security-critical validation?
Client-side regex is fine for UX (immediate feedback on a form). For anything security-critical — payments, auth, data integrity — always re-validate server-side using the same pattern PLUS domain-specific checks (Luhn checksum for cards, actual email delivery test, DNS resolution for domains).