Product
Socket for Jira Is Now Available
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.
By Jeppe Hasseriis - Apr 20, 2026
Launch Week Day 1: Socket for Jira Is Now Available.Learn More →
@zxcvbn-ts/core
Advanced tools
zxcvbn-ts
zxcvbn is a password strength estimator inspired by password crackers. It recognizes and analyzes over 40 thousand common passwords using pattern matching and conservative estimation and filters out common first names, last names, popular words from Wikipedia and common words in many cultures, and recognizes common patterns like dates, repetitions (e.g. 'aaa'), sequences (e.g. 'abcd'), keyboard smashes (e.g. 'qwertyuiop'), and l33t speak.
Installation
npm:
npm install @zxcvbn-ts/core @zxcvbn-ts/language-common --save
yarn:
yarn add @zxcvbn-ts/core @zxcvbn-ts/language-common
Setup
import { zxcvbn, zxcvbnOptions } from '@zxcvbn-ts/core'
import * as zxcvbnCommonPackage from '@zxcvbn-ts/language-common'
import * as zxcvbnEnPackage from '@zxcvbn-ts/language-en'
const password = 'somePassword'
const options = {
dictionary: {
...zxcvbnCommonPackage.dictionary,
...zxcvbnEnPackage.dictionary,
},
graphs: zxcvbnCommonPackage.adjacencyGraphs,
translations: zxcvbnEnPackage.translations,
}
zxcvbnOptions.setOptions(options)
zxcvbn(password)
Other packages similar to @zxcvbn-ts/core
zxcvbn
zxcvbn is the original password strength estimator developed by Dropbox. It is written in JavaScript and provides similar functionality to @zxcvbn-ts/core, including password strength estimation and feedback. However, it is not written in TypeScript, which may be a consideration for TypeScript projects.
owasp-password-strength-test
owasp-password-strength-test is a password strength tester that follows the guidelines provided by the OWASP (Open Web Application Security Project). It provides a different approach to password strength estimation compared to @zxcvbn-ts/core, focusing on compliance with OWASP standards.
password-validator
password-validator is a simple and flexible password validation library. It allows you to define custom rules for password strength, which can be more flexible than the predefined rules in @zxcvbn-ts/core. However, it does not provide the same level of detailed feedback and scoring.
FAQs
Realistic password strength estimation written in typescript
The npm package @zxcvbn-ts/core receives a total of 588,026 weekly downloads. As such, @zxcvbn-ts/core popularity was classified as popular.
We found that @zxcvbn-ts/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Sep 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Company News
Socket Named Top Sales Organization by RepVue
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
By Sarah Gooding - Apr 17, 2026
Security News
NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
By Sarah Gooding - Apr 17, 2026