All notable changes to this project are documented here.
- New
PasswordValidator
class for stateful validation with reusable configuration updateConfig
method to dynamically modify validation rules
- BREAKING: Deleted
minEditDistance
- Updated documentation to reflect new class-based approach
- Introduced the
errorLimit
feature to control the maximum number of validation errors returned, improving feedback clarity and performance. - Updated README to include detailed documentation and examples for the
errorLimit
option.
- Negative length option handling.
- Empty string handling in blocklist.
- Improved the efficiency of the blocklist validator.
- Added a detailed example to the README for customizing the blocklist with personal information.
- Disabled
minEditDistance
to prevent false positives caused by short blocklist terms. - Updated the README for better clarity and usage details.
- Adjusted the Levenshtein Distance algorithm to better handle UTF-8 characters.
- Removed
fuzzyTolerance
parameter. - Replaced static fuzzy matching with a dynamic system.
- New blocklist validation configuration options:
matchingSensitivity
minEditDistance
maxEditDistance
customDistanceCalculator
trimWhitespace
- Comprehensive documentation and examples for the new matching system.
- Improved handling of Unicode characters for blocklist validation.
- Optional whitespace trimming for passwords and blocklist terms:
- Enabled by default (NIST recommendation).
- Configurable via the
trimWhitespace
option.
- Resolved an issue where short blocklist terms caused excessive false positives.
Users upgrading from 1.x.x
to 2.0.0
should:
- Replace
fuzzyTolerance
with the new configuration options (matchingSensitivity
,minEditDistance
,maxEditDistance
, orcustomDistanceCalculator
). - Review and test existing blocklists to ensure compatibility with the new dynamic matching algorithm.
- Update integration tests to align with the updated API.
- Resolved a bug where short blocklist terms caused false positives.
- Updated README for better clarity.
- Added padding for HIBP (Have I Been Pwned) API integration.
- Minor corrections in the README.
- New test cases for additional validation scenarios.
- Improved code documentation with JSDoc comment blocks.
- README updates for detailed usage examples.
- Terminology update: Replaced "blacklist" with "blocklist."
- Updated default maximum password length to 100K characters.
- Expanded test coverage with new cases.
- Added project keywords for discoverability.
- Export issues resolved for smoother library usage.
- README corrections for consistency.
- Renamed the library file from
nist-password-validator.js
tonist-password-validator
.