A library for validating passwords. Strives to provide default support for the latest NIST password guidelines.
Currently NIST specifies four guidelines for a password:
- ASCII characters only
- Minimum of 8 characters
- Maximum of 64 characters
- Cannot be a common password
$ git clone [email protected]:dcolucci/password-validator-nodeThe tool must be built before use in order to generate the list of common passwords. You can pass your own list of common passwords to build if you like; otherwise, the tool will use the default list.
npm run build [<file>]This will copy the contents of <file> (or common-passwords.txt if no file specified) to a data/commonPasswords.json file for faster runtime processing.
Use the password-validator command to validate a file of candidate passwords, one password per line.
$ ./bin/password-validator <file>This will check each line of the file against each of the configured validation checks, and print validation failures to the console.
Here is our text file of candidate passwords, passwords.txt:
negativegemini
foo
mortimerthemathmouse
password
Validate the passwords in the file, and see output:
$ password-validator passwords.txt
# foo -> Error: Too Short - minimum length is 8
# password -> Error: password is part of common passwords list and cannot be used- Implement actual build system
- Integration tests
- JavaScript module accepting custom validators / other options
- Research using
MaporSetfor faster common password lookup - Robust error handling for malformed input files