npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

check-password-strength

v2.0.10

Published

A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Too weak", "Weak", "Medium" or "Strong"

Downloads

294,026

Readme

Overview

A simple way to check that password strength of a certain passphrase. A password strength checker based from Javascript RegEx.

Build status

npm Downloads

DEMO 1 by @Ennoriel

DEMO 2

Installation

Install via Package Manager

npm i check-password-strength --save

Install via Browser Script Tag using UNPKG

<script src="https://unpkg.com/check-password-strength/dist/umd.js"></script>
<script type="text/javascript">
    const passwordStrength = checkPasswordStrength.passwordStrength('pwd123').value; // 'Weak'
</script>

Setup & Basic Usage

const { passwordStrength } = require('check-password-strength')
// OR
import { passwordStrength } from 'check-password-strength'

console.log(passwordStrength('asdfasdf').value)
// Too weak (It will return Too weak if the value doesn't match the Weak conditions)

console.log(passwordStrength('asdf1234').value)
// Weak

console.log(passwordStrength('Asd1234!').value)
// Medium

console.log(passwordStrength('A@2asdF2020!!*').value)
// Strong

Additional Info

Object Result

| Property | Desc. | | -------- | --------------------------------------------------------------- | | id | 0 = Too weak, 1 = Weak & 2 = Medium, 3 = Strong | | value | Too weak, Weak, Medium & Strong | | contains | lowercase, uppercase, symbol and/or number | | length | length of the password |

Password Length Default Options

| Name | Mininum Diversity | Mininum Length | | -------- | ----------------- | -------------- | | Too weak | 0 | 0 | | Weak | 2 | 6 | | Medium | 4 | 8 | | Strong | 4 | 10 |

console.log(passwordStrength('@Sdfasd2020!@#$'))
// output 
{ 
    "id": 1, 
    "value": "Strong",
    "contains": ['lowercase', 'uppercase', 'symbol', 'number'],
    "length": 15
}

Default Options

The default symbols are based from Password Special Characters OWASP list (except for the space)

!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

Thanks for jlherren & Ennoriel for this suggestion! 👨🏻‍💻👨🏻‍💻

The default options can be required:

const { defaultOptions } = require("./index");

default options:

[
  {
    id: 0,
    value: "Too weak",
    minDiversity: 0,
    minLength: 0
  },
  {
    id: 1,
    value: "Weak",
    minDiversity: 2,
    minLength: 6
  },
  {
    id: 2,
    value: "Medium",
    minDiversity: 4,
    minLength: 8
  },
  {
    id: 3,
    value: "Strong",
    minDiversity: 4,
    minLength: 10
  }
]

To override the default options, simply pass your custom array as the second argument:

  • id: correspond to the return id attribute.
  • value: correspond to the return value attribute.
  • minDiversity: between 0 and 4, correspond to the minimum of different criterias ('lowercase', 'uppercase', 'symbol', 'number') that should be met to pass the password strength
  • minLength: minimum length of the password that should be met to pass the password strength

The minDiversity and minLength parameters of the first element cannot be overriden (set to 0 at the beginning of the method). Therefore, the first element should always correspond to a "too weak" option.

passwordStrength('myPassword', yourCustomOptions)

RegEx

Strong

 ^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*"'()+,-./:;<=>?[\]^_`{|}~])(?=.{10,})

Medium Password RegEx used:

 ^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*"'()+,-./:;<=>?[\]^_`{|}~])(?=.{8,})

| RegEx | Desc. | | ----------------------------------------- | ------------------------------------------------------------------- | | ^ | The password string will start this way | | (?=.[a-z]) | The string must contain at least 1 lowercase alphabetical character | | (?=.[A-Z]) | The string must contain at least 1 uppercase alphabetical character | | (?=.[0-9]) | The string must contain at least 1 numeric character | | (?=.[!"#$%&'()+,-./:;<=>?@[\]^_`{|}~])) | The string must contain at least one special character | | (?=.{10,}) | The string must be eight characters or longer for Strong strength | | (?=.{8,}) | The string must be eight characters or longer for Medium strength | | (?=.{6,}) | Mininum of 6 characters for Weak strength |

TypeScript type declarations ☑

Available starting version v2.0.3 and above. (Thanks to @Mesoptier!)

Other resources

For .NET Project

If you're working with .net core project, I've created a simple nuget package with same RegEx strings to validate a password strength.

You can easily install via Nuget Package Manager or .NET CLI (Check.Password.Strength). This package uses Regular Expression new Regex() derives from System.Text.RegularExpressions. You can use this especially if you want to validate the passcode strength on backend services or web apis of your project.

Other NPM RegEx validator

I also made another NPM package (hey-regex) that checks common inputs like numbers (whole number and decimal), alpha numeric, email and url. This package only returns true or false based from the selected function (with RegEx .test() inside).

Reference blog.

Contribute

Feel free to clone or fork this project: https://github.com/deanilvincent/check-password-strength.git

Contributions & pull requests are welcome!

I'll be glad if you give this project a ★ on Github :)


Kudos to @Ennoriel and his efforts for making v2.x.x possible!

License

This project is licensed under the MIT License - see the LICENSE.md file for details.