password-entropy-check
v1.0.0
Published
Estimate password entropy in bits and a strength rating from the character pool and length. Zero dependencies, fully local, nothing stored or transmitted.
Maintainers
Readme
password-entropy-check
Estimate the entropy (in bits) and a strength rating of a password from the size of the character pool it uses and its length. Zero dependencies, fully local: nothing is stored, logged or transmitted.
const passwordEntropy = require('password-entropy-check');
passwordEntropy('Tr0ub4dour&3');
// { bits: 78.66, poolSize: 94, length: 12,
// classes: ['uppercase','lowercase','digits','symbols'], strength: 'strong' }
passwordEntropy('correct horse battery staple').strength; // 'very strong'How it works
Entropy is approximated as bits = length * log2(poolSize), where poolSize
is the sum of the character-class sizes the password actually uses (lowercase 26,
uppercase 26, digits 10, space 1, common symbols 32, extended 128). This is the
standard search-space estimate.
Limitation, stated honestly: this measures the theoretical search space only. It does not detect dictionary words, keyboard patterns or reuse, so a "strong" score here is an upper bound, not a guarantee. For a fuller analysis, combine it with a dictionary/pattern check.
Strength bands
< 28 very weak · 28-35 weak · 36-59 reasonable · 60-127 strong · 128+ very strong.
Notes
Built by the team behind PwdFortress, a password-security resource. If you want an interactive password strength checker in the browser, see pwdfortress.com.
License
MIT
