secure-password-kit

v1.0.2

Published

2 months ago

All-in-one secure password toolkit: generation, validation, scoring, hashing, and verification

Downloads

🔐 secure-password-kit

secure-password-kit is a modern, opinionated, all-in-one password security toolkit for JavaScript and TypeScript applications.

It helps developers generate, validate, score, hash, and verify passwords securely using industry best practices and safe defaults.

✨ Features

🔒 Cryptographically secure password generation
✅ Password strength validation with clear feedback
📊 Entropy-based password scoring
🧂 Secure password hashing using Argon2id (Node/browser only)
🔍 Safe password verification (Node/browser only)
🧠 Opinionated, security-first defaults
🧩 TypeScript-first with full type definitions
🌳 Tree-shakable, modern ESM/CJS support
🌐 Cross-environment support:
- Node.js ✅
- Browser / React ✅
- React Native ⚠️ (password hashing not supported on-device)

📦 Installation

npm install secure-password-kit

yarn add secure-password-kit

🚀 Quick Start

import {
  generatePassword,
  validatePassword,
  scorePassword,
  hashPassword,
  verifyPassword
} from "secure-password-kit";

🌍 Environment Support

| Feature | Node.js | Browser / React | React Native | |---------------------------|---------|----------------|--------------| | generatePassword | ✅ | ✅ | ✅ (requires react-native-get-random-values) | | scorePassword | ✅ | ✅ | ✅ | | validatePassword | ✅ | ✅ | ✅ | | hashPassword / verifyPassword | ✅ | ✅ | ❌ backend-only |

React Native setup for generatePassword:
Install the polyfill:
npm install react-native-get-random-values
Import it at the top of your entry file:
import "react-native-get-random-values";

Important: hashPassword / verifyPassword should always be done on the backend in React Native for security.

🔑 Password Generation

const password = generatePassword({
  length: 20,
  uppercase: true,
  numbers: true,
  symbols: true,
  excludeSimilar: true
});

console.log(password);
// Example output: T@7mR^q2!ZxW9hP%Lk3$

✅ Password Validation

const result = validatePassword("MyPassword123!");
console.log(result);
/*
{
  valid: true,
  score: 5,
  issues: []
}
*/

📊 Password Scoring

const score = scorePassword("MyPassword123!");
console.log(score);
/*
{
  entropy: 65.7,
  rating: "strong"
}
*/

🧂 Password Hashing & Verification

const hash = await hashPassword("MyPassword123!");
const isValid = await verifyPassword("MyPassword123!", hash);
console.log(isValid); // true

Note: Only supported in Node.js and browser environments. Not supported on-device in React Native.

🛡 Security Considerations

Uses Node.js crypto module for randomness (Node only)
Argon2id hashing with secure defaults
Timing-safe password verification
Safe defaults to prevent common password attacks
For React Native, only password generation, scoring, and validation are supported on-device. Hashing should be done on the backend.

📖 Documentation & Support

GitHub Repository: https://github.com/haewhybabs/secure-password-kit
Issues: https://github.com/haewhybabs/secure-password-kit/issues

👤 Authors

Ayobami Babalola – GitHub

📄 License

MIT