fast-password-entropy
Advanced tools
Calculate the entropy bits of a string as a quick proxy to password strength.
See Entropy as a measure of password strength for more information.
$ npm install --save fast-password-entropy
const stringEntropy = require('fast-password-entropy')
console.log(stringEntropy('1234')) // 13
console.log(stringEntropy('password')) // 38
A transpiled version is available in es5/index.js. To use that specific version, this syntax is also supported:
var stringEntropy = require('fast-password-entropy/es5');
Several libraries were analyzed before creating this one. Some of those are listed below, along with the drawbacks found for each one.
information-entropy: Too basic. Cannot extract charset length from the string being tested.
joi-password-complexity: Interesting but not providing raw entropy information.
passwd-strength: Values are correct but is too slow.
password-entropy: Entropy calculation is not following any standard so results are very different from other libs.
password-strength: Only giving "simple", "medium", "strong" values.
string-entropy: Provides good entropy values but is slow.
tai-password-strength: Very complex and results are not fully matching the expected results.
zxcvbn: Uses comprehensive heuristics to estimate complexity but solves a much more complex problem instead.
After the research, only three libraries were analyzed in detail and benchmarked. This library results are 3.5x faster than the existing libraries.
$ npm run bench
Test strings [ '',
'8646',
'xtcmFWoH',
'Lp2x0P1iMEPWZKaQ',
'escape piece useful cloth',
'needle excitement over aloud price among',
'topic contain anything political great thank dawn among butter doll fought end' ]
Results for `fast-password-entropy` [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `passwd-strength` [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `password-entropy` [ 1, 1, 3, 10, 10, 10, 10 ]
Results for `string-entropy` [ 0, 13, 46, 95, 118, 188, 367 ]
Results for `tai-password-strength` [ 0, 6, 24, 62, 87, 152, 312 ]
Benchmarking...
fast-password-entropy x 557,198 ops/sec ±1.27% (87 runs sampled)
passwd-strength x 1,732 ops/sec ±4.36% (81 runs sampled)
string-entropy x 143,412 ops/sec ±3.92% (83 runs sampled)
tai-password-strength x 11,590 ops/sec ±1.28% (86 runs sampled)
Fastest is fast-password-entropy
MIT
FAQs
Calculate the entropy of a password string, but fast!
The npm package fast-password-entropy receives a total of 44,675 weekly downloads. As such, fast-password-entropy popularity was classified as popular.
We found that fast-password-entropy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.