As 2025 comes to a close, I am pleased to announce the first major release of RegexParser.

This library aims to solve a common challenge in PHP development: treating Regular Expressions as safer, typed structures rather than just strings. By parsing PCRE patterns into an Abstract Syntax Tree (AST), this tool enables static analysis, validation, and security checks before code reaches production.

Focus: Stability, ReDoS detection, and PHPStan integration.

📦 Installation

composer require --dev yoeunes/regex-parser

Main Features

• Typed AST: A full recursive descent parser for PCRE2 implemented in native PHP 8.2+.
• ReDoS Analysis: Detects "Catastrophic Backtracking" vulnerabilities with severity scoring (Critical, High, Medium, Low).
• Linter: Identifies redundant flags, overlapping branches, and syntax errors with precise location.
• Integrations: Includes a Symfony Bundle and a PHPStan extension for automated CI checks.
• CLI Tool: A comprehensive command-line interface for linting, analyzing, and explaining patterns.

📝 Changelog

Added

• Parser & Lexer: Full PCRE2-compliant parser producing a well-typed AST.

• AST Nodes: Support for groups, alternations, quantifiers, lookarounds, character classes, subroutines, conditionals, and verbs.

• Regex Facade: High-level API (Regex::create()) for parsing, validation, and analysis.

• ReDoS Analyzer: Static analysis engine for detecting Denial of Service risks.

• CLI Commands:

  • lint: Scan codebases for issues.
  • debug: Analyze ReDoS complexity.
  • explain: Generate human-readable explanations.
  • highlight: Syntax highlighting for the console.

• Ecosystem:

  • RegexParserBundle for Symfony.
  • PHPStan extension for static analysis.

• Documentation: Complete guides for installation, CLI usage, and architecture.

Acknowledgements

Thank you to everyone who tested the release candidates and provided feedback.

Full Changelog: https://github.com/yoeunes/regex-parser/commits/v1.0.0