Skip to content

Pure JS Cracklib-inspired library for Node.

License

Notifications You must be signed in to change notification settings

zacanger/cracklibjs

Repository files navigation

cracklibjs

Pure JS Cracklib-inspired library for Node.

npm version CircleCI codecov Known Vulnerabilities

Donate


Installation

npm i cracklibjs

Usage

import cracklib from 'cracklibjs'
// if you're using `require`, you'll need to `require('cracklibjs').default`

const pw = process.argv[2] // or something

// Init with options. The wordlist is parsed here, so future calls
// don't have to do all that work again.
// `check: (word: string) => PasswordValidationError | string (word)`
const check = cracklib() // cracklib(options)
// The `options` param is optional.
// type Options = {
//   dict: string = '/usr/share/dict/words'; path to dictionary file
//   minLength: number = 8; minimum password length
//   loose: bool = false; see below for loose vs strict
// }

const validate = (pw) => {
  try {
    return check(pw)
  } catch (e) {
    return e.message // example: 'Password is too short'
  }
}

The loose option, when true, disables:

  • Case-insensitive checks
  • Reversed string checks
  • md5, sha1, sha256, and sha512 checks

Questions

  • Why?
    • The npm package cracklib isn't a vanilla JS solution, has external dependencies, and may not build on all Unix-like systems and future versions of Node.
  • I have more than one word list, what should I do?
  • This seems slow!
    • Don't initialize more than once. Initialization can be slow, depending on your word list and your machine. Hopefully the actual check is fast.

LICENSE