A simple way to check that password strength of a certain passphrase. A password strength checker based from Javascript RegEx.
npm i check-password-strength --save
const passwordStrength = require('check-password-strength')
console.log(passwordStrength('asdfasdf').value)
// Weak (It will return weak if the value doesn't match the RegEx conditions)
console.log(passwordStrength('Asdfasdf2020').value)
// Medium
console.log(passwordStrength('A@2asdF2020!!*').value)
// Strong
| Property | Desc. |
|---|---|
| id | 0 = Weak, 1 = Medium & 2 = Strong |
| value | Weak, Medium & Strong |
| contains | lowercase, uppercase, symbol and/or number |
| length | length of the password |
console.log(passwordStrength('@Sdfasd2020!@#$'))
// output
{
"id": 1,
"value": "Strong",
"contains": [{'message': 'lowercase'},{'message': 'uppercase'},{'message': 'symbol'},{'message': 'number'}],
"length": 15
}
Strong Password RegEx used:
^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})
Medium Password RegEx used:
^((?=.*[a-z])(?=.*[A-Z]))|((?=.*[a-z])(?=.*[0-9]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[A-Z])(?=.*[!@#\$%\^&\*])|((?=.*[a-z])(?=.*[!@#\$%\^&\*])|((?=.*[0-9])(?=.*[!@#\$%\^&\*]))(?=.{6,})"
| RegEx | Desc. |
|---|---|
| ^ | The password string will start this way |
| (?=.*[a-z]) | The string must contain at least 1 lowercase alphabetical character |
| (?=.*[A-Z]) | The string must contain at least 1 uppercase alphabetical character |
| (?=.*[0-9]) | The string must contain at least 1 numeric character |
| (?=.[!@#$%^&]) | The string must contain at least one special character, but we are escaping reserved RegEx characters to avoid conflict |
| (?=.{8,}) | The string must be eight characters or longer for strong strength |
| (?=.{6,}) | Mininum of 6 characters for medium strength |
If you're working with .net core project, I've created a simple nuget package with same RegEx strings to validate a password strength.
You can easily install via Nuget Package Manager or .NET CLI (Check.Password.Strength). This package uses Regular Expression new Regex() derives from System.Text.RegularExpressions. You can use this especially if you want to validate the passcode strength on backend services or web apis of your project.
I also made another NPM package (hey-regex) that checks common inputs like numbers (whole number and decimal), alpha numeric, email and url. This package only returns true or false based from the selected function (with RegEx .test() inside).
Reference blog.
Feel free to clone or fork this project: https://github.com/deanilvincent/check-password-strength.git
Contributions & pull requests are welcome!
I'll be glad if you give this project a ★ on Github :)
This project is licensed under the MIT License - see the LICENSE.md file for details.