New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
password-sheriff
Advanced tools
password-sheriff - npm Package Compare versions
Comparing version 0.4.0 to 1.0.0
189
index.js
@@ -1,11 +0,2 @@ | ||
| var format = require('util').format; | ||
| var _ = require('underscore'); | ||
| var PasswordPolicyError = require('./lib/policy_error'); | ||
| function isString(value) { | ||
| return typeof value === 'string' || value instanceof String; | ||
| } | ||
| var charsets = require('./lib/rules/contains').charsets; | ||
@@ -18,131 +9,44 @@ | ||
| var rulesToApply = { | ||
| length: require('./lib/rules/length'), | ||
| contains: require('./lib/rules/contains'), | ||
| containsAtLeast: require('./lib/rules/containsAtLeast'), | ||
| identicalChars: require('./lib/rules/identicalChars'), | ||
| }; | ||
| var PasswordPolicy = require('./lib/policy'); | ||
| var none = new PasswordPolicy({ | ||
| length: { minLength: 1 } | ||
| }); | ||
| var policiesByName = { | ||
| none: { | ||
| rules: { | ||
| length: { minLength: 1 } | ||
| } | ||
| }, | ||
| low: { | ||
| rules: { | ||
| length: { minLength: 6 } | ||
| }, | ||
| }, | ||
| fair: { | ||
| rules: { | ||
| length: { minLength: 8 }, | ||
| contains: { | ||
| expressions: [lowerCase, upperCase, numbers] | ||
| } | ||
| } | ||
| }, | ||
| good: { | ||
| rules: { | ||
| length: { minLength: 8 }, | ||
| containsAtLeast: { | ||
| atLeast: 3, | ||
| expressions: [lowerCase, upperCase, numbers, specialCharacters] | ||
| } | ||
| } | ||
| }, | ||
| excellent: { | ||
| rules: { | ||
| length: { minLength: 10 }, | ||
| containsAtLeast: { | ||
| atLeast: 3, | ||
| expressions: [lowerCase, upperCase, numbers, specialCharacters] | ||
| }, | ||
| identicalChars: { max: 2 } | ||
| } | ||
| } | ||
| }; | ||
| var low = new PasswordPolicy({ | ||
| length: { minLength: 6 } | ||
| }); | ||
| function reducePolicy(policy, fn, value) { | ||
| return Object.keys(policy.rules).reduce(function (result, ruleName) { | ||
| var ruleOptions = policy.rules[ruleName]; | ||
| var rule = rulesToApply[ruleName]; | ||
| return fn(result, ruleOptions, rule); | ||
| }, value); | ||
| } | ||
| function applyRules (policy, password) { | ||
| return reducePolicy(policy, function (result, ruleOptions, rule) { | ||
| // If previous result was false as this an &&, then nothing to do here! | ||
| if (!result) { | ||
| return false; | ||
| } | ||
| if (!rule) { | ||
| return false; | ||
| } | ||
| return rule.assert(ruleOptions, password); | ||
| }, true); | ||
| } | ||
| function missing (policy, password) { | ||
| return reducePolicy(policy, function (result, ruleOptions, rule) { | ||
| var missingRule = rule.missing(ruleOptions, password); | ||
| result.rules.push(missingRule); | ||
| result.verified = result.verified && !!missingRule.verified; | ||
| return result; | ||
| }, {rules: [], verified: true}); | ||
| } | ||
| function explain (policy) { | ||
| return reducePolicy(policy, function (result, ruleOptions, rule) { | ||
| result.push(rule.explain(ruleOptions)); | ||
| return result; | ||
| }, []); | ||
| } | ||
| function flatDescriptions (descriptions, index) { | ||
| if (!descriptions.length) { | ||
| return ''; | ||
| var fair = new PasswordPolicy({ | ||
| length: { minLength: 8 }, | ||
| contains: { | ||
| expressions: [lowerCase, upperCase, numbers] | ||
| } | ||
| }); | ||
| function flatSingleDescription (description, index) { | ||
| var spaces = (new Array(index+1)).join(' '); | ||
| var result = spaces + '* '; | ||
| if (description.format) { | ||
| result += format.apply(null, [description.message].concat(description.format)); | ||
| } else { | ||
| result += description.message; | ||
| } | ||
| if (description.items) { | ||
| result += '\n' + spaces + flatDescriptions(description.items, index + 1); | ||
| } | ||
| return result; | ||
| var good = new PasswordPolicy({ | ||
| length: { minLength: 8 }, | ||
| containsAtLeast: { | ||
| atLeast: 3, | ||
| expressions: [lowerCase, upperCase, numbers, specialCharacters] | ||
| } | ||
| }); | ||
| var firstDescription = flatSingleDescription(descriptions[0], index); | ||
| var excellent = new PasswordPolicy({ | ||
| length: { minLength: 10 }, | ||
| containsAtLeast: { | ||
| atLeast: 3, | ||
| expressions: [lowerCase, upperCase, numbers, specialCharacters] | ||
| }, | ||
| identicalChars: { max: 2 } | ||
| }); | ||
| descriptions = descriptions.slice(1).reduce(function (result, description) { | ||
| result += '\n' + flatSingleDescription(description, index); | ||
| var policiesByName = { | ||
| none: none, | ||
| low: low, | ||
| fair: fair, | ||
| good: good, | ||
| excellent: excellent | ||
| }; | ||
| return result; | ||
| }, firstDescription); | ||
| return descriptions; | ||
| } | ||
| _.each(policiesByName, function (policy) { | ||
| reducePolicy(policy, function (result, ruleOptions, rule) { | ||
| rule.validate(ruleOptions); | ||
| }, true); | ||
| }); | ||
| /** | ||
@@ -157,3 +61,3 @@ * Creates a password policy. | ||
| return { | ||
| /** | ||
| /** | ||
| * Checks that a password meets this policy | ||
@@ -165,7 +69,3 @@ * | ||
| check: function (password) { | ||
| if (!isString(password)) { | ||
| return false; | ||
| } | ||
| return applyRules(policy, password); | ||
| return policy.check(password); | ||
| }, | ||
@@ -175,21 +75,19 @@ /** | ||
| * Asserts that a passord meets this policy else throws an exception. | ||
| * | ||
| * @param {String} password | ||
| */ | ||
| assert: function (password) { | ||
| if (!this.check(password)) { | ||
| throw new PasswordPolicyError('Password does not meet password policy'); | ||
| } | ||
| return policy.assert(password); | ||
| }, | ||
| missing: function (password) { | ||
| return missing(policy, password); | ||
| return policy.missing(password); | ||
| }, | ||
| missingAsMarkdown: function (password) { | ||
| return flatDescriptions(missing(policy, password), 1); | ||
| return policy.missingAsMarkdown(password); | ||
| }, | ||
| explain: function () { | ||
| return explain(policy); | ||
| return policy.explain(); | ||
| }, | ||
@@ -202,4 +100,3 @@ | ||
| toString: function () { | ||
| var descriptions = this.explain(); | ||
| return flatDescriptions(descriptions, 0); | ||
| return policy.toString(); | ||
| } | ||
@@ -209,2 +106,4 @@ }; | ||
| module.exports.rulesToApply = rulesToApply; | ||
| module.exports.PasswordPolicy = PasswordPolicy; | ||
| // module.exports.rulesToApply = rulesToApply; |
| The MIT License (MIT) | ||
| Copyright (c) 2013-2014 Auth0 Inc. | ||
| Copyright (c) 2013-2015 Auth0 Inc. | ||
@@ -5,0 +5,0 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of |
| { | ||
| "name": "password-sheriff", | ||
| "description": "Password policy checker/enforcer.", | ||
| "version": "0.4.0", | ||
| "version": "1.0.0", | ||
| "main": "index.js", | ||
@@ -6,0 +6,0 @@ "devDependencies": { |
@@ -17,3 +17,3 @@ # Password Sheriff | ||
| // Creates a password based on OWASP password recommendations | ||
| // Creates a password policy based on OWASP password recommendations | ||
| var policyOWASP = createPolicy('excellent'); | ||
@@ -40,1 +40,6 @@ | ||
| ``` | ||
| ## Issue Reporting | ||
| If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. | ||
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
51617
7.03%- Number of package files
25
13.64%- Lines of code
1152
7.87%- Number of low quality alerts
1
-50%- Number of lines in readme file
44
12.82%No dependency changes