RegexLab

CLI regex toolkit: tester, builder, transformer + benchmark/fuzz/diff/audit

v2.0.1

Linux

Quick Start

Install via jcli

jcli install regexlab

Match a pattern

# With a built-in template
regexlab match --template ipv4 --input access.log

# Inline
regexlab match '\d+' 'abc 123 def 456'

# Named groups
regexlab groups '(?P<y>\d{4})-(?P<m>\d{2})-(?P<d>\d{2})' '2026-05-31'

Build a regex from examples or a log file

# From marked text (mode 1)
regexlab build "Server <<10.0.0.1>> up at <<10:30:45>>"

# From positive/negative examples (mode 2)
regexlab build --match 1.2.3.4 10.0.0.1 --reject abc 999.999

# From a log file: preview, select fields, parallel-apply (mode 3)
regexlab build --from-log access.log
regexlab --format csv build --from-log access.log --select 1=ip 3=user --apply

Transform structured data

# Filter, sort, then convert to JSON
regexlab --format json transform alerts.csv --where "severity >= 7" --sort severity:desc

# Group + count
regexlab transform logs.csv --group-by action --count --sort count:desc

# Flatten nested JSON
regexlab --format csv transform events.json --flatten

NEW v2.0: benchmark / fuzz / diff / audit

# Measure throughput + score ReDoS risk
regexlab benchmark '(a+)+' "aaaaaaaaa!" --iterations 1

# Generate strings that match a pattern (fixtures!)
regexlab fuzz '(?:GET|POST) /api/\w+' --count 8

# Compare two patterns — what does A catch that B misses?
regexlab diff '\d+' '\d{3}' "12 345 6789 1"

# Scan a source tree for risky regex literals (Python/JS/Rust/Go/Ruby)
regexlab audit ./src

What's new in v2.0 (Rust rewrite)

Dual-engine. Linear-time regex by default (no catastrophic backtracking); auto-escalates to fancy-regex only when the pattern uses lookarounds or backrefs. --engine fast|pcre|auto for explicit control.
Parallel log apply. build --from-log --apply shards across cores via rayon — million-line logs finish before Python's first pass.
40+ templates (was 21): adds IPv4/v6 CIDR, IPv6 compressed, SSN, credit card, GitHub/Stripe/Slack/GCP/Azure/AWS secret keys, PEM block, Bitcoin/Ethereum addresses, semver, CWE, epoch, port, phone E.164 — filterable by tag.
NEW benchmark subcommand. Measures compile + match µs, throughput in MB/s, plus a 0–10 ReDoS risk score that flags nested quantifiers, quantified alternation, and adjacent unbounded .*/.+.
NEW fuzz subcommand. Regex inversion via the regex-syntax HIR — generates N matching strings. Great for fixtures, edge-case discovery, and seeing what your pattern actually permits.
NEW diff subcommand. Run two patterns against the same input, report only-A / only-B / both — used to tighten detection rules during incident response.
NEW audit subcommand. Recursively scans a directory of source files for regex literals (Python re.*, JS /…/, Rust Regex::new, Go regexp.MustCompile, Ruby Regexp.new) and scores every one for ReDoS risk.
Single binary. Zero runtime deps. ~3.5 MB.

Subcommands

Command	What it does
`match`	Find every match of a pattern (or `--template`) in input
`groups`	Show captured groups for each match, named or numeric
`replace`	Regex substitution; `--apply` emits replaced text only
`split`	Split text by pattern; `--apply` one-part-per-line
`explain`	Token-by-token breakdown of any pattern
`templates`	List the 40+ built-in patterns; `--tag` filter
`interactive`	REPL with `:flags / :explain / :history / :load`
`build`	Reverse-regex: marked text, examples, or log-file segmentation
`transform`	CSV/JSON/TSV/JSONL ops: select/where/sort/group/flatten/stats
`benchmark` NEW	Throughput + ReDoS risk score
`fuzz` NEW	Generate matching strings (regex inversion)
`diff` NEW	Compare two patterns against the same input
`audit` NEW	Scan a directory for regex literals + ReDoS risk