Formats
Five string-format predicates. None of them are security gates — they’re convenience filters. For validation that needs to be trustworthy (auth flows, redirect targets, stored emails), use a real validator like zod plus a domain-specific library.
| Predicate | Quick rule |
|---|---|
isRegex(v) | RegExp instance / literal |
isValidId(v) | Valid HTML id attribute |
isJson(v) | Valid JSON string starting with { or [ |
isUrl(v) | http(s):// URL with a dotted hostname |
isEmail(v) | Standard email regex |
isRegex
isRegex(/x/); // trueisRegex(/abc/gi); // trueisRegex(new RegExp("x")); // true
isRegex("/x/"); // false (string, not RegExp)isRegex("x"); // falseisRegex(null); // falseUseful for “did the caller pass a regex or a string” branches:
function match(pattern: string | RegExp, text: string) { const re = isRegex(pattern) ? pattern : new RegExp(pattern); return re.test(text);}isValidId (Is.validHtmlId)
Matches /^[A-Za-z]+[\w\-:.]*$/. Letters start, followed by word characters / dashes / colons / dots. Wrapped in Boolean(...) so falsy inputs return real false.
isValidId("base-id"); // trueisValidId("BASE-ID"); // trueisValidId("has.dots"); // trueisValidId("has:colon"); // trueisValidId("has_underscore"); // trueisValidId("has-number-3"); // true
isValidId("1starts-with-digit"); // falseisValidId("_starts-with-underscore"); // falseisValidId("has,comma"); // falseisValidId("has spaces"); // falseisValidId(""); // falseisValidId(null); // false (real boolean!)isJson
Valid JSON string starting with { or [. Doesn’t accept primitive JSON values ("true", "null", "123", '"hello"') — only objects and arrays.
isJson('{"name":"John"}'); // trueisJson("[]"); // trueisJson("[1,2,3]"); // trueisJson('{"nested":{"a":1}}'); // true
isJson(""); // falseisJson("12"); // false (numeric JSON, but rejected by prefix)isJson('"hello"'); // false (string JSON, same reason)isJson("null"); // falseisJson("true"); // falseisJson("{name:1}"); // false (unquoted key)isJson(null); // falseisJson({}); // false (non-string)isJson([]); // falseWorth knowing the prefix gate exists: JSON.parse("12") would succeed but isJson("12") returns false. If you need to accept primitives, use try { JSON.parse(value); return true } catch { return false } directly.
isUrl
Tries to construct new URL(value), then checks:
- Protocol is
http:orhttps:(no FTP, file, data, etc.) - Hostname contains a
. - Every dot-separated label of the hostname is non-empty (rejects
google.,..com,google..com)
isUrl("https://google.com"); // trueisUrl("http://example.com:8080"); // trueisUrl("https://sub.example.co.uk"); // trueisUrl("https://example.com/p?q=1"); // true
isUrl("google.com"); // false (no scheme)isUrl("www.google.com"); // falseisUrl("ftp://example.com"); // false (wrong scheme)isUrl("file:///etc/passwd"); // falseisUrl("javascript:alert(1)"); // falseisUrl("https://google."); // false (trailing-dot hostname)isUrl("https://google..com"); // false (empty middle label)isUrl(""); // falseisUrl(null); // falseisUrl(undefined); // falseisUrl(12); // falseisEmail
Standard email regex from RFC 5322 (the practical subset most projects use).
isEmail("user@example.com"); // trueisEmail("a.b.c@example.co.uk"); // trueisEmail("u+tag@example.com"); // trueisEmail("user-name@sub.example.com"); // true
isEmail("user"); // falseisEmail("user@"); // falseisEmail("@example.com"); // falseisEmail("a@b"); // false (no TLD with ≥ 2 letters)isEmail("a b@example.com"); // falseisEmail(""); // falseisEmail(null); // false (typeof-string guard)isEmail(undefined); // falseisEmail(12); // falseisEmail(["user@example.com"]); // false (arrays are rejected by the typeof guard)Notes
- These are predicates, not validators. They tell you “does this look like X”. For trust decisions (open the link / send to address / interpret as JSON), do the actual operation in a
try/catch. isJsonwill reject valid primitive JSON ("123","true","null",'"hello"'). This is intentional but easy to miss.isUrlrejects schemes other thanhttp(s):. Use the URL constructor directly if you need to acceptmailto:ortel:URIs.