Why is this an issue?
Using reluctant quantifiers (also known as lazy or non-greedy quantifiers) in patterns can often lead to needless backtracking, making the regex
needlessly inefficient and potentially vulnerable to catastrophic backtracking.
Particularly when using
.+? to match anything up to some terminating character, it is usually a better idea to
instead use a greedily or possessively quantified negated character class containing the terminating character. For example
should be replaced with
Noncompliant code example
This rule only applies in cases where the reluctant quantifier can easily be replaced with a negated character class. That means the repetition has
to be terminated by a single character or character class. Patterns such as the following, where the alternatives without reluctant quantifiers are
more complicated, are therefore not subject to this rule: