Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
@1password/password-rules-parser
Advanced tools
Parser for Apple's password rules format: https://developer.apple.com/password-rules/
A context-free grammar (CFG) is a set of "production rules" that describe all the possible strings that can be formed in a given formal language. Production rules are simple replacements, and they can produce more than one result.
A Parsing Expression Grammar (PEG) is a CFG that will choose the first match and therefore is not ambiguous. The nitty-gritty about PEGs can be read in this paper.
Note that a PEG is not a parser, but it can be converted into one.
The grammar itself is the set of substitution rules. Depending on the target language for the parser, it is possible to add functions in that language to clean up and improve the output. These functions should not alter what the grammar produces (don't add if statements!) just the way it presents the answer.
PEG.js is the best and most user friendly option. It outputs a JavaScript parser. To obtain a JavaScript parser, install and configure PEG.js in your computer, or generate it with the online tool by pasting the code here. The online tool makes it easy to test different inputs, but these inputs are not part of the generated or downloaded parser.
If you need a parser in Go instead of JS, the answer is Pigeon. There's no online version so it needs to be configured in your computer.
Apple has implemented a standard syntax for addressing password rules.
The grammar ParserNoCharacterClass defines a subset of the above specs, in PEG.js. It does not allow custom character classes (for now). It allows 0 or more spaces between the different parts of the rule so, minlength: 15;required: upper, lower;
will output the same content result as minlength:15;required:upper, lower;
. It does not allow line breaks.
A grammar that parses the full specs will be added soon. Later on, a Go version for it.
FAQs
Parser for Apple's password rules format: https://developer.apple.com/password-rules/
The npm package @1password/password-rules-parser receives a total of 1,969 weekly downloads. As such, @1password/password-rules-parser popularity was classified as popular.
We found that @1password/password-rules-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
Security News
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.