npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

check-password-strength

v3.0.0

Published

A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Too weak", "Weak", "Medium" or "Strong"

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dvincent333dvincent333ennorielennoriel

Keywords

npmpasswordstrengthcheckercheck password strengthpassword strength checkerstrength checkerpassword checkerpassword checker strengthstrength password checkercheck-password-strengthpassword-strength-checkerstrength-checkerpassword-checkerpassword-checker-strengthstrength-password-checkerpass-strength

Readme

Overview

A simple way to check that password strength of a certain passphrase. The library is fully typed.

Build status

npm Downloads

DEMO 1 by @Ennoriel

DEMO 2

Installation

Install via Package Manager

npm i check-password-strength --save

Install via Browser Script Tag using UNPKG

<script src="https://unpkg.com/check-password-strength/dist/umd.cjs"></script>
<script type="text/javascript">
    const passwordStrength = checkPasswordStrength.passwordStrength('pwd123').value; // 'Weak'
</script>

Setup & Basic Usage

const { passwordStrength } = require('check-password-strength')
// OR
import { passwordStrength } from 'check-password-strength'

console.log(passwordStrength('asdfasdf').value)
// Too weak (It will return Too weak if the value doesn't match the Weak conditions)

console.log(passwordStrength('asdf1234').value)
// Weak

console.log(passwordStrength('Asd1234!').value)
// Medium

console.log(passwordStrength('A@2asdF2020!!*').value)
// Strong

API

arguments

The passwordStrength takes 3 arguments:

  • password (string): the user password
  • options (array — optional): an option to override the default complexity required to match your password policy. See below.
  • restrictSymbolsTo (string — optional):
    • By default, the passwordStrength function checks against all characters except for the 26 Latin lowercase letters, 26 uppercase letters, and 10 digits. This includes OWASP-recommended characters, accented letters, other alphabets, and emojis.
    • If you wish to apply restrictions, you can provide a custom string. This string should consist of unescaped symbol characters, which will be utilized internally in a RegExp expression in the following format: [${escapeStringRegexp(restrictSymbolsTo)}].
    • Additionally, you can import and use the owaspSymbols to limit the symbols to those recommended by OWASP.

Password Default Options

The default options can be required:

const { defaultOptions } = require("./index");
// OR
import { defaultOptions } from 'check-password-strength'

default options:

[
  {
    id: 0,
    value: "Too weak",
    minDiversity: 0,
    minLength: 0
  },
  {
    id: 1,
    value: "Weak",
    minDiversity: 2,
    minLength: 8
  },
  {
    id: 2,
    value: "Medium",
    minDiversity: 4,
    minLength: 10
  },
  {
    id: 3,
    value: "Strong",
    minDiversity: 4,
    minLength: 12
  }
]

To override the default options, simply pass your custom array as the second argument:

  • id: correspond to the return id attribute.
  • value: correspond to the return value attribute.
  • minDiversity: between 0 and 4, correspond to the minimum of different criterias ('lowercase', 'uppercase', 'symbol', 'number') that should be met to pass the password strength
  • minLength: minimum length of the password that should be met to pass the password strength

You can use an array containing fewer or more than four items to define the levels of trust. However, the first element must have both the minDiversity and minLength parameters set to 0. This means that the first element should always represent a "too weak" option.

Result

The result is an object containing the following values (unless you override the options):

| Property | Desc. | | -------- | --------------------------------------------------------------- | | id | 0 = Too weak, 1 = Weak & 2 = Medium, 3 = Strong | | value | Too weak, Weak, Medium & Strong | | contains | lowercase, uppercase, number and / or symbol | | length | length of the password |

If you want to translate the value (Too weak → Trop faible), you can translate it based on the return value, or override the defaultOptions option, which will be passed back as the function's return value.

Contribute

Feel free to clone or fork this project: https://github.com/deanilvincent/check-password-strength.git

Contributions & pull requests are welcome!

I'll be glad if you give this project a ★ on Github :)

changelog

  • v3: allow all symbols by default (any character except the 26 latin lowercase, uppercase letters and 10 digits) & set the default min length to 12 instead of 10
  • v2: allow configuration through options object
  • v1: first version

Kudos to @Ennoriel and his efforts for making v2 and v3 possible!