diff --git a/typescript/lang/security/audit/cors-regex-wildcard.tsx b/typescript/lang/security/audit/cors-regex-wildcard.tsx
index 36c7b25069..cb2604729e 100644
--- a/typescript/lang/security/audit/cors-regex-wildcard.tsx
+++ b/typescript/lang/security/audit/cors-regex-wildcard.tsx
@@ -1,31 +1,33 @@
-// ruleid: cors-regex-wildcard
 const corsDomains = [
-    /localhost\:/,
-    /(.+\.)*foo\.com$/,
-    /(.+\.)*foobar\.com$/, // matches *.foobar.com,
-    /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
-    /^(http|https):\/\/www\.bar\.com$/,
-    /^(http|https):\/\/www.foo.com$/,
+  /localhost\:/,
+  /(.+\.)*foo\.com$/,
+  /(.+\.)*foobar\.com$/, // matches *.foobar.com,
+  // ruleid: cors-regex-wildcard
+  /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
+  /^(http|https):\/\/www\.bar\.com$/,
+  // ruleid: cors-regex-wildcard
+  /^(http|https):\/\/www.foo.com$/,
 ];
 
-// ruleid: cors-regex-wildcard
 const CORS = [
-    /localhost\:/,
-    /(.+\.)*foo\.com$/,
-    /(.+\.)*foobar\.com$/, // matches *.foobar.com,
-    /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
-    /^(http|https):\/\/www\.bar\.com$/,
-    /^(http|https):\/\/www.foo.com$/,
+  /localhost\:/,
+  /(.+\.)*foo\.com$/,
+  /(.+\.)*foobar\.com$/, // matches *.foobar.com,
+  // ruleid: cors-regex-wildcard
+  /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
+  /^(http|https):\/\/www\.bar\.com$/,
+  // ruleid: cors-regex-wildcard
+  /^(http|https):\/\/www.foo.com$/,
 ];
 
 // ruleid: cors-regex-wildcard
 const corsOrigin = /^(http|https):\/\/www.foo.com$/;
 
 const urls = [
-    /localhost\:/,
-    /(.+\.)*foo\.com$/,
-    /(.+\.)*foobar\.com$/, // matches *.foobar.com,
-    /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
-    /^(http|https):\/\/www\.bar\.com$/,
-    /^(http|https):\/\/www.foo.com$/,
+  /localhost\:/,
+  /(.+\.)*foo\.com$/,
+  /(.+\.)*foobar\.com$/, // matches *.foobar.com,
+  /^(http|https):\/\/(qix|qux).biz.baz.foobar.com$/,
+  /^(http|https):\/\/www\.bar\.com$/,
+  /^(http|https):\/\/www.foo.com$/,
 ];
diff --git a/typescript/lang/security/audit/cors-regex-wildcard.yaml b/typescript/lang/security/audit/cors-regex-wildcard.yaml
index d6a59583cf..bd70eb7594 100644
--- a/typescript/lang/security/audit/cors-regex-wildcard.yaml
+++ b/typescript/lang/security/audit/cors-regex-wildcard.yaml
@@ -21,8 +21,9 @@ rules:
   severity: WARNING
   patterns:
   - pattern-either:
-    - pattern: const $CORS = [...,$PATTERN,...]
-    - pattern: const $CORS = $PATTERN
+    - pattern: $CORS = [...,/$PATTERN/,...]
+    - pattern: $CORS = /$PATTERN/
+  - focus-metavariable: $PATTERN
   - metavariable-regex:
       metavariable: $PATTERN
       regex: .+?(?<!\\).\..+(?<!\\)\..+