check-password-strength
Advanced tools
Readme
A simple way to check that password strength of a certain passphrase. A password strength checker based from Javascript RegEx.
npm i check-password-strength --save
<script src="https://unpkg.com/check-password-strength/dist/umd.js"></script>
const { passwordStrength } = require('check-password-strength')
// OR
import { passwordStrength } from 'check-password-strength'
console.log(passwordStrength('asdfasdf').value)
// Too weak (It will return Too weak if the value doesn't match the RegEx conditions)
console.log(passwordStrength('asdf1234').value)
// Weak
console.log(passwordStrength('Asd1234!').value)
// Medium
console.log(passwordStrength('A@2asdF2020!!*').value)
// Strong
// 1.x.x
const whateEverYourFunctionNameWasBefore = require("./index");
// 'contains' attribute of the response object format was
response.contains = [{'message': 'lowercase'}, ...]
// 2.0.0
const { passwordStrength : whateEverYourFunctionNameWasBefore } = require("./index");
// 'contains' attribute of the response object format is now
response.contains = ['lowercase', ...]
| Property | Desc. |
|---|---|
| id | 0 = Too weak, 1 = Weak & 2 = Medium, 3 = Strong |
| value | Too weak, Weak, Medium & Strong |
| contains | lowercase, uppercase, symbol and/or number |
| length | length of the password |
| Name | Mininum Diversity | Mininum Length |
|---|---|---|
| Too weak | 0 | 0 |
| Weak | 2 | 6 |
| Medium | 4 | 8 |
| Strong | 4 | 10 |
console.log(passwordStrength('@Sdfasd2020!@#$'))
// output
{
"id": 1,
"value": "Strong",
"contains": ['lowercase', 'uppercase', 'symbol', 'number'],
"length": 15
}
The default symbols are based from Password Special Characters OWASP list (except for the space)
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Thanks for jlherren & Ennoriel for this suggestion! 👨🏻💻👨🏻💻
The default options can be required:
const { defaultOptions } = require("./index");
default options:
[
{
id: 0,
value: "Too weak",
minDiversity: 0,
minLength: 0
},
{
id: 1,
value: "Weak",
minDiversity: 2,
minLength: 6
},
{
id: 2,
value: "Medium",
minDiversity: 4,
minLength: 8
},
{
id: 3,
value: "Strong",
minDiversity: 4,
minLength: 10
}
]
To override the default options, simply pass your custom array as the second argument:
The minDiversity and minLength parameters of the first element cannot be overriden (set to 0 at the beginning of the method). Therefore, the first element should always correspond to a "too weak" option.
passwordStrength('myPassword', yourCustomOptions)
Strong
^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*"'()+,-./:;<=>?[\]^_`{|}~])(?=.{10,})
Medium Password RegEx used:
^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*"'()+,-./:;<=>?[\]^_`{|}~])(?=.{8,})
| RegEx | Desc. |
|---|---|
| ^ | The password string will start this way |
| (?=.*[a-z]) | The string must contain at least 1 lowercase alphabetical character |
| (?=.*[A-Z]) | The string must contain at least 1 uppercase alphabetical character |
| (?=.*[0-9]) | The string must contain at least 1 numeric character |
| (?=.[!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~])) | The string must contain at least one special character |
| (?=.{10,}) | The string must be eight characters or longer for Strong strength |
| (?=.{8,}) | The string must be eight characters or longer for Medium strength |
| (?=.{6,}) | Mininum of 6 characters for Weak strength |
Available starting version v2.0.3 and above. (Thanks to @Mesoptier!)
If you're working with .net core project, I've created a simple nuget package with same RegEx strings to validate a password strength.
You can easily install via Nuget Package Manager or .NET CLI (Check.Password.Strength). This package uses Regular Expression new Regex() derives from System.Text.RegularExpressions. You can use this especially if you want to validate the passcode strength on backend services or web apis of your project.
I also made another NPM package (hey-regex) that checks common inputs like numbers (whole number and decimal), alpha numeric, email and url. This package only returns true or false based from the selected function (with RegEx .test() inside).
Reference blog.
Feel free to clone or fork this project: https://github.com/deanilvincent/check-password-strength.git
Contributions & pull requests are welcome!
I'll be glad if you give this project a ★ on Github :)
Kudos to @Ennoriel and his efforts for making v2.x.x possible!
This project is licensed under the MIT License - see the LICENSE.md file for details.
FAQs
A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Too weak", "Weak", "Medium" or "Strong"
We found that check-password-strength demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an unprecedented surge, May 2024 saw the publication of over 5,000 CVEs, marking a historic milestone in cybersecurity with an average of 164 CVEs per day, nearly double the 2023 daily average.
Security News
The White House is addressing fragmented cybersecurity regulations as CISOs report spending up to 50% of their time on compliance, aiming to harmonize requirements and improve cybersecurity outcomes.
Security News
Research
The Socket Research Team has identified a malicious Python package that is typosquatting the popular crytic-compile utility, frequently used in popular toolkits and development environments for smart contracts and crypto applications.