Securityflags: g

GitHub Personal Access Token

Match GitHub Personal Access Tokens (classic + fine-grained) and OAuth tokens by their `ghX_` prefix.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

gh[pousr]_[A-Za-z0-9]{36,255}   (flags: g)

Raw source: gh[pousr]_[A-Za-z0-9]{36,255}

How it works

gh[pousr]_ matches the GitHub token-type prefix: ghp_ (PAT classic), gho_ (OAuth), ghu_ (user-to-server), ghs_ (server-to-server), ghr_ (refresh). [A-Za-z0-9]{36,255} matches the token body — GitHub fine-grained tokens are longer than the classic 36-char tokens, so we allow up to 255.

Examples

Input

Use ghp_AbCd1234EfGh5678IjKl9012MnOp3456QrSt for the API

Matches

ghp_AbCd1234EfGh5678IjKl9012MnOp3456QrSt

Input

GITHUB_TOKEN=gho_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Matches

gho_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Input

no token here

No match

—

Common use cases

•Pre-commit secret-scanning hooks
•PR diff scanning in CI
•Backup / log redaction
•Incident response after a leak

←PreviousURL Query String

All patterns

NextHTTP Content-Type Header→