@sentinel-password/core

Modern TypeScript password validation library with zero dependencies, comprehensive validation rules, and rich feedback.
Documentation | Interactive Playground | API Reference
Features
- Zero Dependencies - No external dependencies, tree-shakeable, ~5.5KB gzipped
- TypeScript-First - Full type safety with strict mode enabled
- Rich Feedback - Actionable suggestions for password improvement
- Comprehensive Validation - 7 built-in validators covering OWASP best practices
- Flexible API - Zero-config defaults with full customization options
- Framework Agnostic - Works in Node.js, browsers, and any JavaScript environment
Installation
npm install @sentinel-password/core
pnpm add @sentinel-password/core
yarn add @sentinel-password/core
Quick Start
import { validatePassword } from '@sentinel-password/core'
const result = validatePassword('MySecure!Pass_w0rd')
if (result.valid) {
console.log('Password is valid!')
console.log(`Strength: ${result.strength}`)
console.log(`Score: ${result.score}`)
} else {
console.log('Password is invalid')
console.log(result.feedback.warning)
result.feedback.suggestions.forEach(suggestion => {
console.log(`- ${suggestion}`)
})
}
Validation Result
The validatePassword function returns a comprehensive validation result:
interface ValidationResult {
valid: boolean
score: 0 | 1 | 2 | 3 | 4
strength: 'very-weak' | 'weak' | 'medium' | 'strong' | 'very-strong'
feedback: {
warning?: string
suggestions: readonly string[]
}
checks: {
length: boolean
characterTypes: boolean
repetition: boolean
sequential: boolean
keyboardPattern: boolean
commonPassword: boolean
personalInfo: boolean
}
}
Configuration Options
Customize validation rules to match your requirements:
const result = validatePassword('MyPassword123!', {
minLength: 12,
maxLength: 128,
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
requireSymbol: true,
maxRepeatedChars: 3,
checkSequential: true,
checkKeyboardPatterns: true,
checkCommonPasswords: true,
personalInfo: [
'johndoe',
'john.doe@example.com'
]
})
Usage Examples
Basic Validation
import { validatePassword } from '@sentinel-password/core'
const result1 = validatePassword('Tr0ub4dor&3')
console.log(result1.valid)
console.log(result1.strength)
const result2 = validatePassword('pass')
console.log(result2.valid)
console.log(result2.feedback.warning)
Custom Requirements
import { validatePassword } from '@sentinel-password/core'
const result = validatePassword('password', {
minLength: 12,
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
requireSymbol: true
})
console.log(result.valid)
console.log(result.checks.length)
console.log(result.checks.characterTypes)
console.log(result.feedback.suggestions)
Blocking Personal Information
import { validatePassword } from '@sentinel-password/core'
const result = validatePassword('alice2024', {
personalInfo: ['alice', 'alice@example.com']
})
console.log(result.valid)
console.log(result.checks.personalInfo)
console.log(result.feedback.warning)
Detecting Common Patterns
import { validatePassword } from '@sentinel-password/core'
const result1 = validatePassword('password123')
console.log(result1.checks.sequential)
const result2 = validatePassword('qwerty2024')
console.log(result2.checks.keyboardPattern)
const result3 = validatePassword('password')
console.log(result3.checks.commonPassword)
const result4 = validatePassword('passssword')
console.log(result4.checks.repetition)
Signup Form Example
import { validatePassword } from '@sentinel-password/core'
function handleSignup(formData: {
email: string
username: string
password: string
}) {
const result = validatePassword(formData.password, {
minLength: 10,
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
personalInfo: [formData.email, formData.username]
})
if (!result.valid) {
return {
success: false,
errors: result.feedback.suggestions
}
}
return {
success: true,
passwordStrength: result.strength
}
}
Advanced Usage
Individual Validators
For fine-grained control, import and use individual validators:
import {
validateLength,
validateCharacterTypes,
validateRepetition,
validateSequential,
validateKeyboardPattern,
validateCommonPassword,
validatePersonalInfo
} from '@sentinel-password/core'
const password = 'MyPassword123'
const lengthCheck = validateLength(password, { minLength: 12 })
console.log(lengthCheck.passed)
console.log(lengthCheck.message)
const charTypeCheck = validateCharacterTypes(password, {
requireUppercase: true,
requireLowercase: true,
requireDigit: true,
requireSymbol: true
})
console.log(charTypeCheck.passed)
console.log(charTypeCheck.message)
Character Type Helpers
import {
hasUppercase,
hasLowercase,
hasDigit,
hasSymbol
} from '@sentinel-password/core'
const password = 'MyPassword123!'
console.log(hasUppercase(password))
console.log(hasLowercase(password))
console.log(hasDigit(password))
console.log(hasSymbol(password))
TypeScript
The library is written in TypeScript with full type definitions included:
import type {
ValidationResult,
ValidatorOptions,
ValidatorCheck,
StrengthScore,
StrengthLabel,
CheckId
} from '@sentinel-password/core'
const options: ValidatorOptions = {
minLength: 10,
requireUppercase: true
}
const result: ValidationResult = validatePassword('test', options)
const score: StrengthScore = result.score
const strength: StrengthLabel = result.strength
Validation Rules
1. Length Validation
- Default: 8-128 characters
- Configurable via
minLength and maxLength
2. Character Types
- Optional requirements for uppercase, lowercase, digits, and symbols
- Configurable via
requireUppercase, requireLowercase, requireDigit, requireSymbol
3. Repetition Detection
- Blocks excessive repeated characters (e.g., "aaaa")
- Default: max 3 repeated characters
- Configurable via
maxRepeatedChars
4. Sequential Pattern Detection
- Blocks sequential patterns (e.g., "abc", "123", "xyz")
- Works forward and backward
- Configurable via
checkSequential
5. Keyboard Pattern Detection
- Blocks common keyboard patterns (e.g., "qwerty", "asdf", "zxcvbn")
- Supports QWERTY, AZERTY, and QWERTZ layouts
- Configurable via
checkKeyboardPatterns
6. Common Password Detection
- Blocks top 1,000 most common passwords
- Uses bloom filter for efficient memory usage
- Configurable via
checkCommonPasswords
7. Personal Information Detection
- Blocks passwords containing personal info (username, email, etc.)
- Extracts username from email addresses
- Configurable via
personalInfo array
Bundle Size
- ESM: ~16KB uncompressed, ~5.5KB gzipped
- CJS: ~17KB uncompressed, ~6KB gzipped
- Zero dependencies - no additional packages needed
- Tree-shakeable - only import what you use
Browser Support
Works in all modern browsers and Node.js environments:
- Chrome/Edge 88+
- Firefox 78+
- Safari 14+
- Node.js 18+
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for details.
License
MIT - see LICENSE for details.
Related Packages
Acknowledgments
Inspired by zxcvbn and modern password validation best practices from OWASP.