fast-password-entropy
Advanced tools
Calculate the entropy bits of a string as a quick proxy to password strength.
See Entropy as a measure of password strength for more information.
$ npm install --save fast-password-entropy
const stringEntropy = require('fast-password-entropy')
console.log(stringEntropy('1234')) // 13
console.log(stringEntropy('password')) // 38
A transpiled version is available in es5/index.js. To use that specific version, this syntax is also supported:
var stringEntropy = require('fast-password-entropy/es5');
Several libraries were analyzed before creating this one. Some of those are listed below, along with the drawbacks found for each one.
information-entropy: Too basic. Cannot extract charset length from the string being tested.
joi-password-complexity: Interesting but not providing raw entropy information.
passwd-strength: Values are correct but is too slow.
password-entropy: Entropy calculation is not following any standard so results are very different from other libs.
password-strength: Only giving "simple", "medium", "strong" values.
string-entropy: Provides good entropy values but is slow.
tai-password-strength: Very complex and results are not fully matching the expected results.
zxcvbn: Uses comprehensive heuristics to estimate complexity but solves a much more complex problem instead.
After the research, only three libraries were analyzed in detail and benchmarked. This library results are 3.5x faster than the existing libraries.
$ npm run bench
Test strings [ '',
'8646',
'xtcmFWoH',
'Lp2x0P1iMEPWZKaQ',
'escape piece useful cloth',
'needle excitement over aloud price among',
'topic contain anything political great thank dawn among butter doll fought end' ]
Results for `fast-password-entropy` [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `passwd-strength` [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `password-entropy` [ 1, 1, 3, 10, 10, 10, 10 ]
Results for `string-entropy` [ 0, 13, 46, 95, 118, 188, 367 ]
Results for `tai-password-strength` [ 0, 6, 24, 62, 87, 152, 312 ]
Benchmarking...
fast-password-entropy x 557,198 ops/sec ±1.27% (87 runs sampled)
passwd-strength x 1,732 ops/sec ±4.36% (81 runs sampled)
string-entropy x 143,412 ops/sec ±3.92% (83 runs sampled)
tai-password-strength x 11,590 ops/sec ±1.28% (86 runs sampled)
Fastest is fast-password-entropy
MIT
FAQs
Calculate the entropy of a password string, but fast!
The npm package fast-password-entropy receives a total of 25,037 weekly downloads. As such, fast-password-entropy popularity was classified as popular.
We found that fast-password-entropy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.