randexp.js
randexp.js generates random strings that match a given regular expression, useful for testing and fuzzing. It supports complex regex patterns including character ranges, repetitions, groups, and backreferences.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | fent/randexp.js |
| Owner | fent |
| Primary language | JavaScript |
| License | MIT — OSI-approved |
| Stars | 1.9k |
| Forks | 93 |
| Open issues | 14 |
| Latest release | v0.5.3 (2018-07-21) |
| Last updated | 2025-11-23 |
| Source | https://github.com/fent/randexp.js |
What randexp.js is
JavaScript library that parses RegExp objects and produces random strings conforming to the pattern. Uses Math.random() by default but supports custom PRNG injection. Handles infinite repetitions by capping to min+100, configurable per instance.
Get the randexp.js source
Clone the repository and explore it locally.
git clone https://github.com/fent/randexp.js.gitcd randexp.js# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Infinite repetition quantifiers (*, +, {n,}) default to min+100; explicitly set `.max` property on instance if different bounds needed.
- Character range defaults to printable ASCII (32–126); use `defaultRange.add()` and `subtract()` to customize or extend to Unicode.
- Backreferences to non-existent groups or forward references are silently ignored, returning empty strings; validate regex correctness before use.
- TypeScript definitions included; can import directly in TS projects without separate @types package.
- No built-in seeding or reproducibility; override `randInt()` method if deterministic output required for test reproducibility.
When to avoid it — and what to weigh
- Cryptographic randomness required — Library defaults to Math.random(), which is not cryptographically secure. Requires custom PRNG override for security-sensitive use cases.
- Pathological regex patterns — Library ignores positional anchors (^ $), silently handles malformed backreferences, and returns empty strings for impossible character sets. May not detect problematic patterns.
- Performance-critical loops — No benchmarks provided; gen() behavior on complex patterns unknown. Infinite repetition handling (min+100) may produce unexpectedly large strings.
- Production validation enforcement — Test fixture tool only; should not be deployed in production code paths for actual string validation or sanitization.
License & commercial use
Licensed under MIT (MIT License), an OSI-approved permissive license. Commercial use, modification, and distribution permitted with attribution.
MIT license permits commercial use without restriction. Suitable for commercial test automation and data generation tools. Include license text in derivative works.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Moderate |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Math.random() is not cryptographically secure; do not use for generating security tokens or secrets. Override `.randInt()` with cryptographic RNG if needed. No vulnerability scanning data provided. Pattern parsing does not perform ReDoS (regex DoS) analysis; untrusted user-supplied regex could potentially cause performance issues.
Alternatives to consider
casual / faker.js
Higher-level data generators for common types (emails, names, addresses); better for realistic mock data but less flexible for custom patterns.
json-schema-faker
JSON Schema-driven mock data generation; uses randexp internally but provides schema-level abstraction; heavier dependency footprint.
fast-check
Property-based testing framework with built-in generators and shrinking; more powerful for finding edge cases but steeper learning curve.
Build on randexp.js with DEV.co software developers
Use randexp.js to generate realistic test data and automate fuzzing. Install via npm and start generating pattern-matched random strings in minutes.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
randexp.js FAQ
Can I use randexp in production code?
How do I generate reproducible random strings?
What happens with regex patterns that match nothing?
Is this library still maintained?
Work with a software development agency
From first prototype to production, DEV.co delivers software development services around tools like randexp.js. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source testing and beyond.
Ready to integrate randexp into your test suite?
Use randexp.js to generate realistic test data and automate fuzzing. Install via npm and start generating pattern-matched random strings in minutes.