Security News
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
By Sarah Gooding - Aug 18, 2025
yup-password
Advanced tools
Yup-Password
Yup, dead simple password validation.
Install
Using npm:
$ npm install yup-password
Using yarn:
$ yarn add yup-password
Usage
Plug and play:
// MJS / TS
import * as yup from 'yup'
import YupPassword from 'yup-password'
YupPassword(yup) // extend yup
// CJS
const yup = require('yup')
require('yup-password')(yup) // extend yup
// Build schema
const schema = yup.object().shape({
username: yup.string().email().required(),
password: yup.string().password().required(),
})
const input = {
username: 'user@example.com',
password: 'secret',
}
try {
// validate
const res = await schema.validate(input, { abortEarly: false })
// ...
} catch (e) {
console.log(e.errors) // => [
// 'password must be at least 8 characters',
// 'password must contain at least 1 uppercase letter',
// 'password must contain at least 1 number',
// 'password must contain at least 1 symbol',
// ]
}
Override, disable or add additional rules:
const schema = yup.string().password()
.minLowercase(8) // raise the lowercase requirement to 8
.min(0) // disable minimum characters completely
.minWords(2) // add an additional rule
try {
const res = await schema.validate('secret', { abortEarly: false })
// ...
} catch(e) {
console.log(e.errors) // => [
// 'password must contain at least 2 words', <-- added
// 'password must contain at least 8 lowercase letters', <-- overridden
// 'password must contain at least 1 uppercase letter',
// 'password must contain at least 1 number',
// 'password must contain at least 1 symbol',
// ]
}
Pick and choose your password rules:
const schema = yup.string().min(6).minUppercase(3).maxRepeating(2).minWords(2)
await schema.isValid('Now, THIS is some password.') // => true
await schema.isValid('But thiiis is not.') // => false
Localize your error messages:
yup.setLocale({
string: {
minLowercase: 'Localized message (path=${path};length=${length})',
minUppercase: 'Localized message (path=${path};length=${length})',
minNumbers: 'Localized message (path=${path};length=${length})',
minSymbols: 'Localized message (path=${path};length=${length})',
maxRepeating: 'Localized message (path=${path};length=${length})',
minWords: 'Localized message (path=${path};length=${length})',
}, // when using typescript, you may want to append `as any` to the end
// of this object to avoid type errors.
})
API
.password()
Password must meet the default requirements: at least 8 characters, at most 250 characters, at least 1 lowercase letter, at least 1 uppercase letter, at least 1 number and at least 1 symbol.
const schema = yup.string().password()
.minLowercase(length?: number = 1, message?: string)
Password must contain X amount of lowercase letters or more.
const schema = yup.string().minLowercase(3, 'custom message')
.minUppercase(length?: number = 1, message?: string)
Password must contain X amount of uppercase letters or more.
const schema = yup.string().minUppercase(3, 'custom message')
.minNumbers(length?: number = 1, message?: string)
Password must contain X amount of numbers or more.
const schema = yup.string().minNumbers(3, 'custom message')
.minSymbols(length?: number = 1, message?: string)
Password must contain X amount of symbols or more.
const schema = yup.string().minSymbols(3, 'custom message')
.maxRepeating(length?: number = 2, message?: string)
Password must not contain a sequence of X amount of repeated characters. For example, if the limit is 2 thiis will pass but thiiis will not.
const schema = yup.string().maxRepeating(3, 'custom message')
.minWords(length?: number = 2, message?: string)
Password must contain X amount of words or more. So long as a sequence of characters contains letters or numbers,
it will be recognized as a word. For example secret, 1st! and 1337 count as words, but !@#$% does not.
const schema = yup.string().minWords(3, 'custom message')
License
This project is open-sourced software licensed under the MIT license.
[0.4.0] - 2024-03-31
Added
- Localization support.
Changed
- Switched to Typescript.
Removed
- Deprecated method
.minRepeating().
Keywords
FAQs
Yup, dead simple password validation.
The npm package yup-password receives a total of 32,027 weekly downloads. As such, yup-password popularity was classified as popular.
We found that yup-password demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
By Sarah Gooding - Aug 15, 2025
Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
By Sarah Gooding - Aug 13, 2025