Gathering detailed insights and metrics for @zxcvbn-ts/matcher-pwned
Gathering detailed insights and metrics for @zxcvbn-ts/matcher-pwned
Gathering detailed insights and metrics for @zxcvbn-ts/matcher-pwned
Gathering detailed insights and metrics for @zxcvbn-ts/matcher-pwned
npm install @zxcvbn-ts/matcher-pwned
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
921 Stars
835 Commits
74 Forks
7 Watching
6 Branches
66 Contributors
Updated on 27 Nov 2024
TypeScript (98.1%)
JavaScript (1.9%)
Cumulative downloads
Total Downloads
Last day
-22.9%
2,047
Compared to previous day
Last week
5%
11,990
Compared to previous week
Last month
29.5%
47,041
Compared to previous month
Last year
661.3%
372,585
Compared to previous year
1
This is a complete rewrite of zxcvbn into typescript which is licensed under the MIT license. Thanks to the original creators dropbox for the great work.
zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 40k common passwords, common names surnames, popular words from Wikipedia and common word in different language from different countries, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".
- More secure: policies often fail both ways, allowing weak passwords (P@ssword1) and disallowing strong passwords.
- More flexible: zxcvbn allows many password styles to flourish so long as it detects sufficient complexity — passphrases are rated highly given enough uncommon words, keyboard patterns are ranked based on length and number of turns, and capitalization adds more complexity when it's unpredictaBle.
- More usable: zxcvbn is designed to power simple, rule-free interfaces that give instant feedback. In addition to strength estimation, zxcvbn includes minimal, targeted verbal feedback that can help guide users towards less guessable passwords. For further detail and motivation, please refer to the USENIX Security '16 paper and presentation.
The reason of this project is to modernize zxcvbn and make it maintainable with new features.
Checkout the Documentation. There you will also find the Demo pages and the Migration guide.
If your language is missing as a language pack checkout the guide to add your own.
If you want to know how much the scoring changed compared to the original checkout the comparison page.
Please feel free to open up an issue or provide a pull request.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
Reason
29 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
1 existing vulnerabilities detected
Details
Reason
Found 7/21 approved changesets -- score normalized to 3
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More