not to mention that if you stop making it fancy and remove the words "validating ERC-20 address" with what you are really doing which is "validating whether a string is a hexadecimal one" then you get even more results in google https://stackoverflow.com/questions/11877554/validate-hexadecimal-string-using-regular-expression then you just add the checksum part for mixed (hi lo) char addresses which isn't even common among Ethereum addresses so you can get away with not implementing it in first place.