validation

UUID v4 (Random) Regex Pattern

Validates specifically a UUID v4 (random). Enforces the version nibble (must start with "4") and the variant nibble (must start with 8, 9, a, or b) that distinguishes v4 from other UUID versions.

/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/

What each part matches

[0-9a-fA-F]{8}-[0-9a-fA-F]{4}- — timestamp + random parts
4[0-9a-fA-F]{3} — version nibble must be '4' + 3 random hex
[89abAB] — variant nibble: 8, 9, a, or b
[0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ — remaining random parts

✓ These match

  • 550e8400-e29b-41d4-a716-446655440000
  • f47ac10b-58cc-4372-a567-0e02b2c3d479

✗ These don't

  • 550e8400-e29b-51d4-a716-446655440000
  • 550e8400-e29b-41d4-c716-446655440000

Use in your code

JavaScript

const re = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/;
re.test(input); // → true or false

Python

import re
re.fullmatch(r"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$", input)

PHP (PCRE)

preg_match('/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/', $input);

Go

re := regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$`)
re.MatchString(input)

FAQ

Does this uuid v4 (random) regex work in JavaScript?
Yes. Every pattern in the Utilko regex library is tested to work in JavaScript RegExp, PCRE (PHP, Nginx), and Python `re`. Where flavor matters (lookbehind, named groups), the pattern page flags it.
How do I use this pattern?
Copy the pattern from the code block above. In JavaScript: new RegExp('^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$') or literal /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/. Or click "Try in regex tester" to open it pre-loaded in Utilko's browser-based regex tester.
Should I use this for security-critical validation?
Client-side regex is fine for UX (immediate feedback on a form). For anything security-critical — payments, auth, data integrity — always re-validate server-side using the same pattern PLUS domain-specific checks (Luhn checksum for cards, actual email delivery test, DNS resolution for domains).

Related regex patterns

← All regex patterns · Regex tester · Regex cheat sheet