npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

password-composition-policy

v0.1.0

Published

Library for representing password policies in a machine-readable format. Also supports validating passwords against policies.

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

anujgtmanujgtm

Keywords

Readme

Password Policy

This library provides a machine readable representation of password composition policies. The ultimate goal for this library is to allow websites to upload policy descriptions and then have password generators download and use these descriptions to generate compliant passwords.

Policy Descriptions

Policies are defined using the following objects PCP, PCPRule, PCPSubsetRequirement, and PCPCharsetRequirement.

PCP

PCP is the root class for all policies. It contains the following information.

| Member | Type | Default | Description | | --- | --- | --- | --- | | charsets | dict[str,str] | DEFAULT_CHARSETS | The set of character allowed in the password, split into one or more disjoint character sets ('charset' for short). The key is the name of the charset and the value is a string containing the characters that make up the charset. | | rules | list[PCPRule] | N/A | The list of rules that make up the policy. As long as one rule matches, the policy is considered valid. At least one rule is required to be set. |

Two charsets are provided by the library:

  • DEFAULT_CHARSETS—Includes lowercase letters (lower), uppercase letters (upper), digits (digits), and symbols (symbols). This uses the charsets defined in python's string package.
  • ALPHABET_CHARSETS—Same as DEFAULT_CHARSETS except that lowercase and uppercase are merged into a single charset (alphabet).

The PCP class also provides several utility methods:

  • validate()->None—Validates that the policy is self consistent. For example, checking that it doesn't require more characters than it allows. Raises an exception if their are issues with the policy.
  • dumps() -> str—Dumps the policy to JSON. Tries to create the most succinct representation.
  • @staticmethod loads(s: str) -> PCP— Loads a PCP object from the provided JSON.

PCPRule

PCPRule specifies one or more requirements passwords must meet to satisfy the rule. All requirements must be met for the rule to be satisfied. Possible requirements are,

| Member | Type | Default | Description | | --- | --- | --- | --- | | min_length | int | 1 | The minimum number of characters that must be in the password. | | max_length | int | None | The maximum number of characters allowed in the password. | | max_consecutive | int | None | The maximum number of times the same character can appear in a row. | | prohibited_strings | set[str] | None | A set of strings that must not appear in the password. | | require | list[int] | None | A list of charsets that must appear in the password. | | require_subset | PCPSubsetRequirement | None | A list of charsets for which a subset must appear in the password. | | charset_requirements | dict[str,PCPCharsetRequirement] | None | A mapping between charsets and additional requirements for that charset. |

PCPSubsetRequirement

| Member | Type | Default |Description | | --- | --- | --- | --- | | options | set[str] | None | The list of character sets to use. If not set, the list of all charsets will be used for the options when processing the rule. | count | int | N/A | The minimum number of options that must be in the password. Needs to be between 1 (inclusive) and the number of options (exclusive). Must be set if a subset requirement is used. |

PCPCharsetRequirement

Requirements specific to the mapped charset.

| Member | Type | Default |Description | | --- | --- | --- | --- | | min_required | int | None | Minimum characters required from the specified charset. | | max_allowed| int | None | Maximum characters from the charset allowed. | | max_consecutive | int | None | Maximum number of character from this charset allowed in a row. Note, the characters don't have to be the same, just from the same charset. | | required_locations| list[int] | None | Which locations in the password (0-indexed, allows reverse indexing) must contain a character from this charset. | |prohibited_locations| list[int] | None | Which locations in the password (0-indexed, allows reverse indexing) must not contain a character from this charset. |

Checking Passwords

The check_password(password: str, pcp: PCP) -> bool method can be used to check a password against a policy. It will return True if the password matches at least one of the rules in the policy and False otherwise.