📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

According to RFC 2732 later incorporated into RFC 3986 Appendix A - square brackets around IPv6 literals are mandatory within the host component of a URL.

This syntax rule exists because IPv6 addresses use colons (:), which would otherwise conflict with the colon used to denote the port (e.g., https://host:443/).

That said, if we slightly adjust the regex to ensure that there are at least two colon characters (:) in the host part - which reliably indicates an IPv6 literal - I consider the false positive risk low enough to justify making the brackets optional in the detection logic.

(?i)^(file|ftps?|https?|ssh)://(?:\[?[a-f0-9]+:[a-f0-9]*?:[a-f0-9:]+\]?|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

It seems I am tired. This can never happen - a domain name must always contain a dot, and that character is excluded from the group.

I’ve updated the regex and the unit test accordingly.