npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

pkpw

v1.4.0

Published

What if correct horse battery staple, but Pokémon.

Readme

pkpw

Crates.io npm .github/workflows/ci.yml

What if correct horse battery staple, but Pokémon.

Installation

brew install jbhannah/pkpw/pkpw

CLI/Rust Library

cargo install pkpw

npm Library

npm add pkpw

Usage

CLI

$ pkpw -h
pkpw 1.4.0
Jesse Brooklyn Hannah <[email protected]>
What if correct horse battery staple, but Pokémon.

USAGE:
    pkpw [OPTIONS]

OPTIONS:
    -c, --copy                     Copy the generated value to the clipboard instead of displaying
                                   it
    -h, --help                     Print help information
    -l, --length <LENGTH>          Minimum length of the generated password
    -n, --count <COUNT>            Number of Pokémon names to use in the generated password
                                   [default: 4]
    -s, --separator <SEPARATOR>    Separator between Pokémon names in the generated password; either
                                   a single character, "digit" for random digits, or "special" for
                                   random special characters [default: " "]
    -V, --version                  Print version information

Rust

use pkpw::generate;
use rand::rng;

let mut rng = rng();
let password = generate(None, 4, " ", None, &mut rng);

Javascript/Typescript

import { pkpw } from "pkpw";

const password = pkpw();

The Javascript/Typescript package is compiled from Rust into WASM. If embedded in a web page, for example, all password generation runs in the browser; only analytics of page visit count, password generation count, and the options (minimum length, Pokémon name count, and separator character set) are sent over the network. Make sure you trust any online password generator that uses this package before using the passwords you generate from it!

But is it secure?

Disclaimer: These are just estimates, I have a physics degree but I'm not a combinatorics or cryptography expert.

Password entropy is calculated using the pool size $R$ and password length $L$ used to generate a password:

$$ E = log_2(R^L) $$

where a brute-force attack will need an average of $2^{E-1}$ guesses to crack a password with $E$ bits of entropy.

By default, pkpw chooses 4 Pokémon names from the pool of 1028 known Pokémon, resulting in an entropy of

$$ E = log_2(1028^4) \approx 40.022 $$

bits. A dictionary attack that knows to use the 1028 known Pokémon names as the pool of values would take $5.584 \times 10^{11}$ guesses on average to correctly guess a password, or about 17 years, 8 months, and 12 days at 1000 guesses per second.

At an average length of about 7.67 characters per Pokémon name, passwords generated using the default settings have an average length of about 34 characters (4 Pokémon names, plus one space separating each name for a total of 3 spaces). A brute-force attack that uses a pool of 95 standard US keyboard characters (alphanumeric, special characters, and space) would be working against

$$ E = log_2(95^{34}) \approx 222.375 $$

bits of entropy, taking an average of $1.748 \times 10^{67}$ guesses, or $5.540 \times 10^{56}$ years, to correctly guess a password.

Copyright

All Pokémon names are ™ and © The Pokémon Company, Inc. Everything else in this project is © Jesse Brooklyn Hannah and released under the terms of the MIT License.