yup-password
Advanced tools
Yup, dead simple password validation.
Using npm:
$ npm install yup-password
Using yarn:
$ yarn add yup-password
Plug and play:
// MJS / TS
import * as yup from 'yup'
import YupPassword from 'yup-password'
YupPassword(yup) // extend yup
// CJS
const yup = require('yup')
require('yup-password')(yup) // extend yup
// Build schema
const schema = yup.object().shape({
username: yup.string().email().required(),
password: yup.string().password().required(),
})
const input = {
username: 'user@example.com',
password: 'secret',
}
try {
// validate
const res = await schema.validate(input, { abortEarly: false })
// ...
} catch (e) {
console.log(e.errors) // => [
// 'password must be at least 8 characters',
// 'password must contain at least 1 uppercase letter',
// 'password must contain at least 1 number',
// 'password must contain at least 1 symbol',
// ]
}
Override, disable or add additional rules:
const schema = yup.string().password()
.minLowercase(8) // raise the lowercase requirement to 8
.min(0) // disable minimum characters completely
.minWords(2) // add an additional rule
try {
const res = await schema.validate('secret', { abortEarly: false })
// ...
} catch(e) {
console.log(e.errors) // => [
// 'password must contain at least 2 words', <-- added
// 'password must contain at least 8 lowercase letters', <-- overridden
// 'password must contain at least 1 uppercase letter',
// 'password must contain at least 1 number',
// 'password must contain at least 1 symbol',
// ]
}
Pick and choose your password rules:
const schema = yup.string().min(6).minUppercase(3).maxRepeating(2).minWords(2)
await schema.isValid('Now, THIS is some password.') // => true
await schema.isValid('But thiiis is not.') // => false
Localize your error messages:
yup.setLocale({
string: {
minLowercase: 'Localized message (path=${path};length=${length})',
minUppercase: 'Localized message (path=${path};length=${length})',
minNumbers: 'Localized message (path=${path};length=${length})',
minSymbols: 'Localized message (path=${path};length=${length})',
maxRepeating: 'Localized message (path=${path};length=${length})',
minWords: 'Localized message (path=${path};length=${length})',
}, // when using typescript, you may want to append `as any` to the end
// of this object to avoid type errors.
})
Password must meet the default requirements: at least 8 characters, at most 250 characters, at least 1 lowercase letter, at least 1 uppercase letter, at least 1 number and at least 1 symbol.
const schema = yup.string().password()
Password must contain X amount of lowercase letters or more.
const schema = yup.string().minLowercase(3, 'custom message')
Password must contain X amount of uppercase letters or more.
const schema = yup.string().minUppercase(3, 'custom message')
Password must contain X amount of numbers or more.
const schema = yup.string().minNumbers(3, 'custom message')
Password must contain X amount of symbols or more.
const schema = yup.string().minSymbols(3, 'custom message')
Password must not contain a sequence of X amount of repeated characters. For example, if the limit is 2 thiis will pass but thiiis will not.
const schema = yup.string().maxRepeating(3, 'custom message')
Password must contain X amount of words or more. So long as a sequence of characters contains letters or numbers,
it will be recognized as a word. For example secret, 1st! and 1337 count as words, but !@#$% does not.
const schema = yup.string().minWords(3, 'custom message')
This project is open-sourced software licensed under the MIT license.
[0.4.0] - 2024-03-31
.minRepeating().FAQs
Yup, dead simple password validation.
We found that yup-password demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.