zxcvbn - npm Package Compare versions

Comparing version 4.1.1 to 4.2.0

lib/matching.js

		// Generated by CoffeeScript 1.10.0
		var DATE_MAX_YEAR, DATE_MIN_YEAR, DATE_SPLITS, GRAPHS, L33T_TABLE, RANKED_DICTIONARIES, REGEXEN, SEQUENCES, adjacency_graphs, build_ranked_dict, frequency_lists, matching, scoring,
		var DATE_MAX_YEAR, DATE_MIN_YEAR, DATE_SPLITS, GRAPHS, L33T_TABLE, RANKED_DICTIONARIES, REGEXEN, SEQUENCES, adjacency_graphs, build_ranked_dict, frequency_lists, lst, matching, name, scoring,
		indexOf = [].indexOf \|\| function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
		@@ -23,10 +23,9 @@

		RANKED_DICTIONARIES = {
		passwords: build_ranked_dict(frequency_lists.passwords),
		english: build_ranked_dict(frequency_lists.english),
		surnames: build_ranked_dict(frequency_lists.surnames),
		male_names: build_ranked_dict(frequency_lists.male_names),
		female_names: build_ranked_dict(frequency_lists.female_names)
		};
		RANKED_DICTIONARIES = {};

		for (name in frequency_lists) {
		lst = frequency_lists[name];
		RANKED_DICTIONARIES[name] = build_ranked_dict(lst);
		}

		GRAPHS = {
		@@ -494,3 +493,3 @@ qwerty: adjacency_graphs.qwerty,
		regex_match: function(password, _regexen) {
		var matches, name, regex, rx_match, token;
		var matches, regex, rx_match, token;
		if (_regexen == null) {
		@@ -497,0 +496,0 @@ _regexen = REGEXEN;

package.json

		{
		"name": "zxcvbn",
		"version": "4.1.1",
		"version": "4.2.0",
		"description": "realistic password strength estimation",
		@@ -5,0 +5,0 @@ "author": "Dan Wheeler",

README.md

		@@ -13,9 +13,9 @@ ```

		`zxcvbn` is a password strength estimator inspired by password crackers. Through pattern matching and conservative entropy calculations, it recognizes and weighs 10k common passwords, common names and surnames according to US census data, popular English words, and other common patterns like dates, repeats (`aaa`), sequences (`abcd`), keyboard patterns (`qwertyuiop`), and l33t speak.
		`zxcvbn` is a password strength estimator inspired by password crackers. Through pattern matching and conservative entropy calculations, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (`aaa`), sequences (`abcd`), keyboard patterns (`qwertyuiop`), and l33t speak.

		Consider using zxcvbn as an algorithmic alternative to password policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".
		Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".

		* __More secure__: policies often fail both ways, allowing weak passwords (`P@ssword1`) and disallowing strong passwords.
		* __More flexible__: zxcvbn allows many password styles to flourish so long as it detects sufficient complexity — passphrases are rated highly given enough uncommon words, keyboard patterns are either terrible or great depending on length and number of turns, and capitalization adds more complexity when it's unpredictaBle. Neither crackers nor zxcvbn are fooled by `'@'` for `'a'` or `'0'` for `'o'`.
		* __More usable__: Dumping a list of password rules onto users hurts usability. Understanding and satisfying said rules can be time-consuming and frustrating, leading to passwords that are [harder to remember](https://xkcd.com/936/). Use zxcvbn instead to build simple, rule-free interfaces that give instant feedback.
		* __More flexible__: zxcvbn allows many password styles to flourish so long as it detects sufficient complexity — passphrases are rated highly given enough uncommon words, keyboard patterns are ranked based on length and number of turns, and capitalization adds more complexity when it's unpredictaBle.
		* __More usable__: Use zxcvbn to build simple, rule-free interfaces that give instant feedback. In addition to scoring, zxcvbn includes minimal, targeted verbal feedback that can help guide users towards less guessable passwords.

		@@ -36,3 +36,3 @@ At Dropbox we use zxcvbn on our [signup page](https://www.dropbox.com/register) and change/reset password flows. zxcvbn is designed for node and the browser, but we use our [python port](https://github.com/dropbox/python-zxcvbn) inside the Dropbox desktop client, [Objective C port](https://github.com/dropbox/zxcvbn-ios) in our iOS app, and Java port (not yet open sourced) on Android.

		Install [`node`](https://nodejs.org/download/) and [`bower`](http://bower.io/) if you haven't already. This won't make your codebase dependent on node or bower.
		Install [`node`](https://nodejs.org/download/) and [`bower`](http://bower.io/) if you haven't already.

		@@ -53,3 +53,3 @@ Get `zxcvbn`:

		To make sure it loaded properly, open your html in a browser and type `zxcvbn('Tr0ub4dour&3')` into the console.
		To make sure it loaded properly, open in a browser and type `zxcvbn('Tr0ub4dour&3')` into the console.

		@@ -73,2 +73,7 @@ To pull in updates and bug fixes:

		## Meteor (via [Atmosphere](https://atmospherejs.com/codetheweb/zxcvbn))
		``` shell
		meteor add codetheweb:zxcvbn
		```

		## RequireJS
		@@ -129,3 +134,5 @@
		# Usage


		[try zxcvbn interactively](https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html) to see these docs in action.

		``` javascript
		@@ -197,4 +204,2 @@ zxcvbn(password, user_inputs=[])

		[try zxcvbn interactively](https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html) to see these docs in action.

		# <a name="perf"></a>Performance
		@@ -208,3 +213,3 @@

		`zxcvbn.js` bundled and minified is about 320kb gzipped or 680kb uncompressed, most of which is dictionaries. Consider these tips if you're noticing page load latency on your site.
		`zxcvbn.js` bundled and minified is about 390kb gzipped or 800kb uncompressed, most of which is dictionaries. Consider these tips if you're noticing page load latency on your site.

		@@ -228,4 +233,5 @@ * Make sure your server is configured to compress static assets for browsers that support it. ([nginx tutorial](https://rtcamp.com/tutorials/nginx/enable-gzip/), [apache/IIS tutorial](http://betterexplained.com/articles/how-to-optimize-your-site-with-gzip-compression/).)
		(function() {
		var ZXCVBN_SRC = 'path/to/zxcvbn.js'; // eg. for a standard bower setup, 'bower_components/zxcvbn/zxcvbn.js'

		var ZXCVBN_SRC = 'path/to/zxcvbn.js';

		var async_load = function() {
		@@ -277,3 +283,3 @@ var first, s;

		Mark Burnett for releasing his [10k top passwords list](http://xato.net/passwords/more-top-worst-passwords) and for his 2005 book, [Perfect Passwords: Selection, Protection, Authentication](http://www.amazon.com/Perfect-Passwords-Selection-Protection-Authentication/dp/1597490415).
		Mark Burnett for releasing his 10M password corpus and for his 2005 book, [Perfect Passwords: Selection, Protection, Authentication](http://www.amazon.com/Perfect-Passwords-Selection-Protection-Authentication/dp/1597490415).

		@@ -280,0 +286,0 @@ Wiktionary contributors for building a [frequency list of English](http://en.wiktionary.org/wiki/Wiktionary:Frequency_lists) as used in television and movies.

dist/zxcvbn.js

Sorry, the diff of this file is too big to display

dist/zxcvbn.js.map