
Security News
Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.
@sentinel-password/core
Advanced tools
Modern, zero-dependency TypeScript password validation with bloom filter-based common password detection. 90%+ test coverage, <5KB gzipped.
Modern TypeScript password validation library with zero dependencies, comprehensive validation rules, and rich feedback.
Documentation | Interactive Playground | API Reference
npm install @sentinel-password/core
pnpm add @sentinel-password/core
yarn add @sentinel-password/core
import { validatePassword } from '@sentinel-password/core'
const result = validatePassword('MySecure!Pass_w0rd')
if (result.valid) {
console.log('Password is valid!')
console.log(`Strength: ${result.strength}`) // 'very-strong'
console.log(`Score: ${result.score}`) // 4
} else {
console.log('Password is invalid')
console.log(result.feedback.warning) // First suggestion
result.feedback.suggestions.forEach(suggestion => {
console.log(`- ${suggestion}`)
})
}
The validatePassword function returns a comprehensive validation result:
interface ValidationResult {
// Overall validation status
valid: boolean
// Strength scoring
score: 0 | 1 | 2 | 3 | 4
strength: 'very-weak' | 'weak' | 'medium' | 'strong' | 'very-strong'
// User feedback
feedback: {
warning?: string // Primary warning message
suggestions: readonly string[] // All improvement suggestions
}
// Individual check results
checks: {
length: boolean // Meets length requirements
characterTypes: boolean // Meets character type requirements
repetition: boolean // No excessive repeated characters
sequential: boolean // No sequential patterns (abc, 123)
keyboardPattern: boolean // No keyboard patterns (qwerty, asdf)
commonPassword: boolean // Not in top 1K common passwords
personalInfo: boolean // Doesn't contain personal information
}
}
Customize validation rules to match your requirements:
const result = validatePassword('MyPassword123!', {
// Length constraints
minLength: 12, // default: 8
maxLength: 128, // default: 128
// Character requirements
requireUppercase: true, // default: false
requireLowercase: true, // default: false
requireDigit: true, // default: false
requireSymbol: true, // default: false
// Pattern detection
maxRepeatedChars: 3, // default: 3
checkSequential: true, // default: true
checkKeyboardPatterns: true, // default: true
checkCommonPasswords: true, // default: true
// Personal information exclusion
personalInfo: [
'johndoe',
'john.doe@example.com'
]
})
import { validatePassword } from '@sentinel-password/core'
// Valid password
const result1 = validatePassword('Tr0ub4dor&3')
console.log(result1.valid) // true
console.log(result1.strength) // 'strong'
// Invalid password (too short)
const result2 = validatePassword('pass')
console.log(result2.valid) // false
console.log(result2.feedback.warning) // 'Password must be at least 8 characters'
import { validatePassword } from '@sentinel-password/core'
// Require strong passwords with all character types
const result = validatePassword('password', {
minLength: 12,
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
requireSymbol: true
})
console.log(result.valid) // false
console.log(result.checks.length) // false
console.log(result.checks.characterTypes) // false
console.log(result.feedback.suggestions)
// [
// 'Password must be at least 12 characters',
// 'Add uppercase letters',
// 'Add numbers',
// 'Add special characters (!@#$%^&*)'
// ]
import { validatePassword } from '@sentinel-password/core'
const result = validatePassword('alice2024', {
personalInfo: ['alice', 'alice@example.com']
})
console.log(result.valid) // false
console.log(result.checks.personalInfo) // false
console.log(result.feedback.warning)
// 'Password contains personal information'
import { validatePassword } from '@sentinel-password/core'
// Sequential patterns
const result1 = validatePassword('password123')
console.log(result1.checks.sequential) // false
// Keyboard patterns
const result2 = validatePassword('qwerty2024')
console.log(result2.checks.keyboardPattern) // false
// Common passwords
const result3 = validatePassword('password')
console.log(result3.checks.commonPassword) // false
// Excessive repetition
const result4 = validatePassword('passssword')
console.log(result4.checks.repetition) // false
import { validatePassword } from '@sentinel-password/core'
function handleSignup(formData: {
email: string
username: string
password: string
}) {
const result = validatePassword(formData.password, {
minLength: 10,
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
personalInfo: [formData.email, formData.username]
})
if (!result.valid) {
return {
success: false,
errors: result.feedback.suggestions
}
}
return {
success: true,
passwordStrength: result.strength
}
}
For fine-grained control, import and use individual validators:
import {
validateLength,
validateCharacterTypes,
validateRepetition,
validateSequential,
validateKeyboardPattern,
validateCommonPassword,
validatePersonalInfo
} from '@sentinel-password/core'
const password = 'MyPassword123'
// Check individual constraints
const lengthCheck = validateLength(password, { minLength: 12 })
console.log(lengthCheck.passed) // false
console.log(lengthCheck.message) // 'Password must be at least 12 characters'
const charTypeCheck = validateCharacterTypes(password, {
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
requireSymbol: true
})
console.log(charTypeCheck.passed) // false
console.log(charTypeCheck.message) // 'Add special characters (!@#$%^&*)'
import {
hasUppercase,
hasLowercase,
hasDigit,
hasSymbol
} from '@sentinel-password/core'
const password = 'MyPassword123!'
console.log(hasUppercase(password)) // true
console.log(hasLowercase(password)) // true
console.log(hasDigit(password)) // true
console.log(hasSymbol(password)) // true
The library is written in TypeScript with full type definitions included:
import type {
ValidationResult,
ValidatorOptions,
ValidatorCheck,
StrengthScore,
StrengthLabel,
CheckId
} from '@sentinel-password/core'
const options: ValidatorOptions = {
minLength: 10,
requireUppercase: true
}
const result: ValidationResult = validatePassword('test', options)
const score: StrengthScore = result.score // 0 | 1 | 2 | 3 | 4
const strength: StrengthLabel = result.strength // 'very-weak' | 'weak' | ...
minLength and maxLengthrequireUppercase, requireLowercase, requireDigit, requireSymbolmaxRepeatedCharscheckSequentialcheckKeyboardPatternscheckCommonPasswordspersonalInfo arrayWorks in all modern browsers and Node.js environments:
Contributions are welcome! Please see CONTRIBUTING.md for details.
MIT - see LICENSE for details.
@sentinel-password/react - React hook for password validation with debouncing@sentinel-password/react-components - Accessible, headless React componentsInspired by zxcvbn and modern password validation best practices from OWASP.
FAQs
Modern, zero-dependency TypeScript password validation with bloom filter-based common password detection. 100% test coverage (enforced); ~6.3 KB gzipped (10 KB CI limit).
We found that @sentinel-password/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.

Research
/Security News
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.