npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

password-strength-analyzer

v2.1.0

Published

A utility for evaluating password strength using entropy calculations and customizable rules. It’s easy to configure and doesn’t rely on any specific frameworks, making it highly adaptable for various applications.

Downloads

124

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rozhkoyrozhkoy

Keywords

npmpasswordstrengthcheckercheck password strengthpassword strength checkerstrength checkerpassword checkerpassword checker strengthstrength password checkercheck-password-strengthpassword-strength-checkerstrength-checkerpassword-checkerpassword-checker-strengthstrength-password-checkerpass-strengthpassword securitypassword validationpassword analysispassword strength analysispassword entropypassword scoresecure passwordpassword metricspassword evaluationentropy

Readme

Password Strength Analyzer

password-strength-analyzer is a utility for evaluating the strength of passwords. It provides a customizable and easy-to-use way to validate password strength, calculate entropy, and assign scores based on predefined rules. This tool can be used independently of any frameworks or libraries, making it versatile for various applications.

The analyzer is based on entropy calculations and predefined regular expression rules. These features ensure that password strength is assessed rigorously according to established security criteria.

Demo

Features

  • Entropy Calculation: Compute the entropy of the password to gauge its strength.
  • Score Calculation: Assign a score to the password based on entropy and configurable parameters.
  • Flexible Modes: Choose between strict, regex, or score based validation modes.
  • Configurable Messages: Customize the messages displayed for different validation rules.
  • TypeScript Support: Fully typed for improved development experience with TypeScript.

Installation

To install the package, use npm:

npm install password-strength-analyzer

Install via Browser Script Tag using UNPKG

<script src="https://unpkg.com/password-strength-analyzer/dist/password-strength-analyzer.umd.js"></script>
<script type="text/javascript">
  const password: string = "ZAQ!2wsx!";
  const result = validatePasswordStrength(password);
</script>

Configuration Options

You can configure the hook with various options:

  • maxScore:

    • Type: number
    • Description: Maximum score that can be assigned to the password.
    • Default: 5

  • minBestEntropy:

    • Type: number
    • Description: Minimum entropy required for a top score.
    • Default: 80

  • minRequiredScore:

    • Type: number
    • Description: Minimum score required for a valid password.
    • Default: 3

  • mode:

    • Type: "strict" | "regex" | "score"
    • Description: Validation mode. Choose from:
      • "strict": Requires both high score and specific point thresholds.
      • "regex": Requires specific point thresholds.
      • "score": Requires a minimum score to be valid.
    • Default: "strict"

  • configMessages:

    • Type: IValidationMessages
    • Description: Custom validation messages for different rules. You can provide custom messages for:
      • minLowercaseMessage: Message for lowercase letter requirement.
      • minUppercaseMessage: Message for uppercase letter requirement.
      • minSpecialCharMessage: Message for special character requirement.
      • minNumberMessage: Message for number requirement.
      • minLengthMessage: Message for minimum length requirement.

Usage

Basic Usage

Here's a basic example of how to use the validatePasswordStrength:

import { validatePasswordStrength } from "password-strength-analyzer";

const password: string = "ZAQ!2wsx!";

const result = validatePasswordStrength(password);

console.log("Password:", result.password);
console.log("Score:", result.score);
console.log("Entropy:", result.entropy);
console.log("Is Valid:", result.isValid);
console.log("Validation Result:", result.validationResult);

// result:
// {
//   "validationResult": [
//     { "regex": /[a-z]/, "points": 26, "message": "At least 1 lowercase letter", "passed": true },
//     { "regex": /[A-Z]/, "points": 26, "message": "At least 1 uppercase letter", "passed": true },
//     { "regex": /[ !@#$%^&*()_+\-=[\]{};':"\\|,.<>/?~]/, "points": 33, "message": "At least 1 special character", "passed": true },
//     { "regex": /[0-9]/, "points": 10, "message": "At least 1 number", "passed": true },
//     { "regex": /.{8,}/, "points": 1, "message": "At least 8 characters long", "passed": true }
//   ],
//   "score": 3,
//   "entropy": 52.67970000576925,
//   "password": "ZAQ!2wsx!",
//   "isValid": true
// }

Example of Customized Usage

Here's an example of how to use the validatePasswordStrength with customized options:

import { validatePasswordStrength } from "password-strength-analyzer";

const password: string = "ZAQ!2wsx!";

const result = validatePasswordStrength(password, {
  maxScore: 7, // Set the maximum score
  minBestEntropy: 90, // Minimum entropy
  minRequiredScore: 4, // Minimum required score
  mode: "strict", // Validation mode
  configMessages: {
    minLowercaseMessage: "Must include at least one lowercase letter",
    minUppercaseMessage: "Must include at least one uppercase letter",
    minSpecialCharMessage: "Must include at least one special character",
    minNumberMessage: "Must include at least one number",
    minLengthMessage: "Must be at least 10 characters long",
  },
});

console.log("Password:", result.password);
console.log("Score:", result.score);
console.log("Entropy:", result.entropy);
console.log("Is Valid:", result.isValid);
console.log("Validation Result:", result.validationResult);

// result:
// {
//   "validationResult": [
//     { "regex": /[a-z]/, "points": 26, "message": "At least 1 lowercase letter", "passed": true },
//     { "regex": /[A-Z]/, "points": 26, "message": "At least 1 uppercase letter", "passed": true },
//     { "regex": /[ !@#$%^&*()_+\-=[\]{};':"\\|,.<>/?~]/, "points": 33, "message": "At least 1 special character", "passed": true },
//     { "regex": /[0-9]/, "points": 10, "message": "At least 1 number", "passed": true },
//     { "regex": /.{8,}/, "points": 1, "message": "At least 8 characters long", "passed": true }
//   ],
//   "score": 3,
//   "entropy": 52.67970000576925,
//   "password": "ZAQ!2wsx!",
//   "isValid": false
// }

API

validatePasswordStrength(password: string, params?: IValidatePasswordStrengthOptions): IValidatePasswordStrengthResponse

Parameters

  • password (string): The password to be validated.

  • params (optional): Configuration options for the function. You can customize validation rules, set minimum entropy, adjust the scoring system, and provide custom messages.

Returns

  • validationResult (IValidationRule[]): An array of validation rules with their status. Each rule contains:

    • regex (RegExp): Regular expression used for validation.
    • points (number): Points assigned for passing the rule.
    • message (string): Message to display when the rule is not passed.
    • passed (boolean): Boolean indicating whether the rule was passed.

  • score (number): The score assigned to the password based on its entropy and the configured scoring system.

  • entropy (number): The entropy of the password, representing its strength and complexity.

  • password (string): The current password being evaluated by the function.

  • isValid (boolean): Boolean indicating whether the password meets the configured criteria.

License

MIT — use for any purpose. Would be great if you could leave a note about the original developers. Thanks!

Contributing

If you'd like to contribute to this project, please fork the repository and submit a pull request with your changes. Make sure to follow the code style and include tests for new features or bug fixes.