Lookaheads and LookbehindsLesson 3.5
When not to use lookaheads and regex alternatives
performance cost of lookaheads, catastrophic backtracking risk, readability tradeoffs, when to use string methods instead, nested quantifier danger
Lookaheads Have a Cost
Every lookahead causes the engine to branch its state. The danger is combining lookaheads with nested quantifiers on ambiguous patterns — this triggers catastrophic backtracking.
// DANGEROUS — exponential backtracking on non-matching input
/^(a+)+$/.test('aaaaaaaaaaaaaaab') // hangs
// SAFE — unambiguous equivalent
/^a+$/.test('aaaaaaaaaaaaaaab') // fast, immediate false
The Rule
Use regex when you need pattern flexibility. Use string methods when the structure is fixed and positional. The combination of lookaheads, alternation, and unbounded quantifiers on untrusted input is a security risk (ReDoS).