password-validator-pro
v1.1.2
Published
A highly customizable password validator for JavaScript and TypeScript. Ensures password strength with support for custom validation rules.
Downloads
80
Maintainers
Readme
password-validator-pro
A customizable password validator for Node.js and browser applications. This package allows you to define your own password validation rules, ensuring that passwords meet your security requirements.
Features
- Set minimum and maximum password length.
- Require uppercase letters, lowercase letters, numbers, and special characters.
- Add custom validation rules for your specific needs.
- Comprehensive error messages for validation failures.
Installation
You can install the package via npm:
npm install password-validator-pro
Usage
Basic Usage
Here's how to use the PasswordValidator
class:
Javascript Usage
const { PasswordValidator } = require('password-validator-pro');
TypeScript Usage
import { PasswordValidator, ErrorInterface } from 'password-validator-pro';
// Create an instance of the PasswordValidator with your desired options
const validator = new PasswordValidator({
minLength: 8, // Minimum length of the password
maxLength: 20, // Maximum length of the password
requireUppercase: true, // Require at least one uppercase letter
requireLowercase: true, // Require at least one lowercase letter
requireNumbers: true, // Require at least one number
requireSpecialChars: true, // Require at least one special character
combineErrors: true, // Set this to true to combine all errors into one message
});
// Validate a password
const result = validator.validate('Password123!');
if (result.valid) {
console.log('Password is valid!');
} else {
console.log('Password is invalid:', result.errors);
}
Validator Options
The PasswordValidator
class accepts the following options:
| Option | Type | Default | Description |
|--------------------|---------|---------|---------------------------------------------------------------------------------------------------|
| minLength
| Number | 8 | Minimum length of the password |
| maxLength
| Number | 20 | Maximum length of the password |
| requireUppercase
| Boolean | true | Whether to require at least one uppercase letter |
| requireLowercase
| Boolean | true | Whether to require at least one lowercase letter |
| requireNumbers
| Boolean | true | Whether to require at least one number |
| requireSpecialChars
| Boolean | true | Whether to require at least one special character |
| combineErrors
| Boolean | false | When true, combines all validation errors into a single error object with concatenated messages |
Adding Custom Rules
You can also define and add custom validation rules. For example, to disallow spaces in the password:
// Define a custom rule for disallowing spaces
const noSpacesRule = {
code: 'NO_SPACES',
message: 'Password must not contain spaces.',
validate: (password: string) => !/\s/.test(password), // Validation logic
};
// Add the custom rule to the validator
validator.addCustomRule(noSpacesRule);
// Validate a password with spaces
const customResult = validator.validate('Password With Space123!');
if (customResult.valid) {
console.log('Password is valid!');
} else {
console.log('Password is invalid:', customResult.errors);
/*
Error message from customResult.errors
[
{
status: 400,
code: 'PASSWORD_BREACHED',
message: 'This password has been compromised in a data breach.'
}
*/
]
}
Adding Custom Rules for Breach Detection Rule
The Breach Detection feature allows you to enhance password validation by checking whether a password has been compromised in a known data breach. This feature can leverage third-party APIs, such as HaveIBeenPwned, or a custom list of breached passwords.
// Define a custom rule for disallowing spaces
// Mock external breach detection function
function checkPasswordBreach(password: string): boolean {
// This is a mock implementation. Replace with real API calls like HaveIBeenPwned or leave it as custom as this.
const breachedPasswords = ['Password123!', '123456789'];
return breachedPasswords.includes(password);
}
// Add a custom rule for breach detection
const breachDetectionRule = {
code: 'PASSWORD_BREACHED',
message: 'This password has been compromised in a data breach.',
validate: (password: string) => {
return !(checkPasswordBreach(password));
},
};
// Add the breach detection rule
validator.addCustomRule(breachDetectionRule);
// Validate a password
const passwordToTest = 'Password123!';
const result = validator.validate(passwordToTest);
if (result.valid) {
console.log('Password is valid!');
} else {
console.log('Password is invalid:', result.errors);
// You can format the errors and throw an exceptions as one
// Combine error codes with '|' and messages with ', '
const combinedErrorCodes = result.errors.map(err => err.code).join('|');
// Combine messages and remove "." before each ","
const combinedErrorMessages = passwordInvalidErrors
.map(err => err.message)
.join(', ')
.replace(/\.\s*,/g, ', '); // Replace ".," with ","
// Create a single error object to pass to AuthErrorHandler
const errorToThrow: ErrorInterface = {
code: combinedErrorCodes, // Pass the combined error codes
message: combinedErrorMessages, // Pass the combined error messages
status: 400,
};
throw new errorToThrow;
}
## Combining Errors
The `combineErrors` option allows you to specify whether validation errors should be combined into a single message or returned individually.
- **When `combineErrors` is `true`** (default):
All errors will be concatenated into a single message, with error codes joined by ` | ` and error messages separated by `, `.
```typescript
const passwordValidator = new PasswordValidator({
combineErrors: true,
});
const { valid, errors } = passwordValidator.validate('short');
// Example of combined errors:
// errors = [{
// status: 400,
// code: 'PASSWORD_TOO_SHORT | NO_UPPERCASE | NO_NUMBERS',
// message: 'Password must be at least 8 characters long, Password must contain at least one uppercase letter, Password must contain at least one number.'
// }]
When
combineErrors
isfalse
:Each error will be returned individually as separate objects in the
errors
array.const passwordValidator = new PasswordValidator({ combineErrors: false, }); const { valid, errors } = passwordValidator.validate('short'); // Example of individual errors: // errors = [ // { status: 400, code: 'PASSWORD_TOO_SHORT', message: 'Password must be at least 8 characters long.' }, // { status: 400, code: 'NO_UPPERCASE', message: 'Password must contain at least one uppercase letter.' }, // { status: 400, code: 'NO_NUMBERS', message: 'Password must contain at least one number.' } // ]
Error Messages
The validator returns an object with a valid
property indicating whether the password is valid and an errors
array containing the error messages. Here are the default error messages you may encounter:
PASSWORD_TOO_SHORT
: Password must be at least X characters long.PASSWORD_TOO_LONG
: Password must be at most X characters long.NO_UPPERCASE
: Password must contain at least one uppercase letter.NO_LOWERCASE
: Password must contain at least one lowercase letter.NO_NUMBERS
: Password must contain at least one number.NO_SPECIAL_CHARS
: Password must contain at least one special character.
Customization
You can customize the validation logic by modifying the options you pass to the PasswordValidator
constructor or by adding custom rules. This makes the package flexible to fit your specific security requirements.
Contributing
Contributions are welcome! If you have suggestions for improvements or encounter any issues, feel free to open an issue or submit a pull request.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- Thanks to the open-source community for inspiring this package.