CodeQL documentation

Unmatchable caret in regular expression

ID: js/regex/unmatchable-caret
Kind: problem
Security severity: 
Severity: error
Precision: very-high
   - reliability
   - correctness
   - regular-expressions
   - external/cwe/cwe-561
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The caret character ^ in a regular expression only matches at the beginning of the input, or (for multi-line regular expressions) at the beginning of a line. If it is preceded by a pattern that must match a non-empty sequence of (non-newline) input characters, it cannot possibly match, rendering the entire regular expression unmatchable.


Examine the regular expression to find and correct any typos.


In the following example, the regular expression /\[^.]*\.css/ cannot match any string, since it contains a caret assertion preceded by an escape sequence that matches an opening bracket.

if (file.match(/\[^.]*\.css/))
	console.log("Found it.");


  • © GitHub, Inc.
  • Terms
  • Privacy