npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

password-validator-pro

v1.1.2

Published

A highly customizable password validator for JavaScript and TypeScript. Ensures password strength with support for custom validation rules.

Downloads

80

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

donchi4alldonchi4all

Keywords

passwordvalidatorpassword strengthvalidationcustom rulestypescriptjavascript

Readme

password-validator-pro

A customizable password validator for Node.js and browser applications. This package allows you to define your own password validation rules, ensuring that passwords meet your security requirements.

Features

  • Set minimum and maximum password length.
  • Require uppercase letters, lowercase letters, numbers, and special characters.
  • Add custom validation rules for your specific needs.
  • Comprehensive error messages for validation failures.

Installation

You can install the package via npm:

npm install password-validator-pro

Usage

Basic Usage

Here's how to use the PasswordValidator class:

Javascript Usage

const { PasswordValidator } = require('password-validator-pro');

TypeScript Usage

import { PasswordValidator, ErrorInterface  } from 'password-validator-pro';

// Create an instance of the PasswordValidator with your desired options
const validator = new PasswordValidator({
  minLength: 8,                // Minimum length of the password
  maxLength: 20,               // Maximum length of the password
  requireUppercase: true,      // Require at least one uppercase letter
  requireLowercase: true,      // Require at least one lowercase letter
  requireNumbers: true,        // Require at least one number
  requireSpecialChars: true,   // Require at least one special character
  combineErrors: true,  // Set this to true to combine all errors into one message

});

// Validate a password
const result = validator.validate('Password123!');

if (result.valid) {
  console.log('Password is valid!');
} else {
  console.log('Password is invalid:', result.errors);
}

Validator Options

The PasswordValidator class accepts the following options:

| Option | Type | Default | Description | |--------------------|---------|---------|---------------------------------------------------------------------------------------------------| | minLength | Number | 8 | Minimum length of the password | | maxLength | Number | 20 | Maximum length of the password | | requireUppercase | Boolean | true | Whether to require at least one uppercase letter | | requireLowercase | Boolean | true | Whether to require at least one lowercase letter | | requireNumbers | Boolean | true | Whether to require at least one number | | requireSpecialChars | Boolean | true | Whether to require at least one special character | | combineErrors | Boolean | false | When true, combines all validation errors into a single error object with concatenated messages |

Adding Custom Rules

You can also define and add custom validation rules. For example, to disallow spaces in the password:

// Define a custom rule for disallowing spaces
const noSpacesRule = {
  code: 'NO_SPACES',
  message: 'Password must not contain spaces.',
  validate: (password: string) => !/\s/.test(password), // Validation logic
};

// Add the custom rule to the validator
validator.addCustomRule(noSpacesRule);

// Validate a password with spaces
const customResult = validator.validate('Password With Space123!');

if (customResult.valid) {
  console.log('Password is valid!');
} else {
  console.log('Password is invalid:', customResult.errors);
   /*
   Error message from  customResult.errors
   [
      {
        status: 400,
        code: 'PASSWORD_BREACHED',
        message: 'This password has been compromised in a data breach.'
      }
  */
    ]
}

Adding Custom Rules for Breach Detection Rule

The Breach Detection feature allows you to enhance password validation by checking whether a password has been compromised in a known data breach. This feature can leverage third-party APIs, such as HaveIBeenPwned, or a custom list of breached passwords.


// Define a custom rule for disallowing spaces

// Mock external breach detection function
function checkPasswordBreach(password: string): boolean {
    // This is a mock implementation. Replace with real API calls like HaveIBeenPwned or leave it as custom as this.
    const breachedPasswords = ['Password123!', '123456789'];
    return breachedPasswords.includes(password);
}

// Add a custom rule for breach detection
const breachDetectionRule = {
  code: 'PASSWORD_BREACHED',
  message: 'This password has been compromised in a data breach.',
  validate: (password: string) => {
    return !(checkPasswordBreach(password));
  },
};

// Add the breach detection rule
validator.addCustomRule(breachDetectionRule);

// Validate a password
const passwordToTest = 'Password123!';

const result = validator.validate(passwordToTest);

if (result.valid) {
  console.log('Password is valid!');
} else {
  console.log('Password is invalid:', result.errors);

  // You can format the errors and throw an exceptions as one

  // Combine error codes with '|' and messages with ', '
    const combinedErrorCodes = result.errors.map(err => err.code).join('|');
    // Combine messages and remove "." before each ","
    const combinedErrorMessages = passwordInvalidErrors
        .map(err => err.message)
        .join(', ')
        .replace(/\.\s*,/g, ', '); // Replace ".," with ","


    // Create a single error object to pass to AuthErrorHandler
    const errorToThrow: ErrorInterface = {
        code: combinedErrorCodes, // Pass the combined error codes
        message: combinedErrorMessages, // Pass the combined error messages
        status: 400,
    };

    throw new errorToThrow;
}



## Combining Errors

The `combineErrors` option allows you to specify whether validation errors should be combined into a single message or returned individually.

- **When `combineErrors` is `true`** (default):
  
  All errors will be concatenated into a single message, with error codes joined by ` | ` and error messages separated by `, `.

  ```typescript
  const passwordValidator = new PasswordValidator({
      combineErrors: true,
  });

  const { valid, errors } = passwordValidator.validate('short');

  // Example of combined errors:
  // errors = [{
  //   status: 400,
  //   code: 'PASSWORD_TOO_SHORT | NO_UPPERCASE | NO_NUMBERS',
  //   message: 'Password must be at least 8 characters long, Password must contain at least one uppercase letter, Password must contain at least one number.'
  // }]

  • When combineErrors is false:

    Each error will be returned individually as separate objects in the errors array.

    const passwordValidator = new PasswordValidator({
    combineErrors: false,
});

const { valid, errors } = passwordValidator.validate('short');

// Example of individual errors:
// errors = [
//   { status: 400, code: 'PASSWORD_TOO_SHORT', message: 'Password must be at least 8 characters long.' },
//   { status: 400, code: 'NO_UPPERCASE', message: 'Password must contain at least one uppercase letter.' },
//   { status: 400, code: 'NO_NUMBERS', message: 'Password must contain at least one number.' }
// ]

Error Messages

The validator returns an object with a valid property indicating whether the password is valid and an errors array containing the error messages. Here are the default error messages you may encounter:

  • PASSWORD_TOO_SHORT: Password must be at least X characters long.
  • PASSWORD_TOO_LONG: Password must be at most X characters long.
  • NO_UPPERCASE: Password must contain at least one uppercase letter.
  • NO_LOWERCASE: Password must contain at least one lowercase letter.
  • NO_NUMBERS: Password must contain at least one number.
  • NO_SPECIAL_CHARS: Password must contain at least one special character.

Customization

You can customize the validation logic by modifying the options you pass to the PasswordValidator constructor or by adding custom rules. This makes the package flexible to fit your specific security requirements.

Contributing

Contributions are welcome! If you have suggestions for improvements or encounter any issues, feel free to open an issue or submit a pull request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Thanks to the open-source community for inspiring this package.