UNPKG

nist-password-validator

Version:

A lightweight, zero-dependencies open-source password validator according to NIST guidelines.

github.com/ypreiser/NIST-password-ts

ypreiser/NIST-password-ts

205 lines (117 loc) 4.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# Changelog All notable changes to this project are documented here. --- ## [Unreleased] ### Added - `hibpDebounceMs` option to debounce HIBP API calls during live validation --- ## [3.0.3] - 2025-11-13 ### Fixed - Fixed CHANGELOG.md for consistncy ### Added - Added github workflow --- ## [3.0.2] - 2025-10-29 ### Fixed - Fixed minor bugs ### Added - Added HIBP (Have I Been Pwned) support to `PasswordValidator` class - Added `forceConsistentCasingInFileNames` to TypeScript config for cross-platform compatibility - Added ESLint ignore patterns for dist, node_modules, and coverage folders ### Changed - Removed console logging from library code (better separation of concerns) - Updated minEditDistance parameter documentation to indicate it's a legacy parameter - Fixed README.md and JSDoc documentation --- ## [3.0.1] - 2025-01-23 ### removed - unused devDependencies: vite, semantic-release --- ## [3.0.0] - 2025-01-20 ### Added - New `PasswordValidator` class for stateful validation with reusable configuration - `updateConfig` method to dynamically modify validation rules ### Changed - BREAKING: Deleted `minEditDistance` - Updated documentation to reflect new class-based approach --- ## [2.1.0] - 2025-01-12 ### Added - Introduced the `errorLimit` feature to control the maximum number of validation errors returned, improving feedback clarity and performance. - Updated README to include detailed documentation and examples for the `errorLimit` option. ### Fixed - Negative length option handling. --- ## [2.0.2] - 2025-01-06 ### Fixed - Empty string handling in blocklist. --- ## [2.0.1] - 2024-12-31 ### Added - Improved the efficiency of the blocklist validator. - Added a detailed example to the README for customizing the blocklist with personal information. ### Fixed - Disabled `minEditDistance` to prevent false positives caused by short blocklist terms. - Updated the README for better clarity and usage details. - Adjusted the Levenshtein Distance algorithm to better handle UTF-8 characters. --- ## [2.0.0] - 2024-12-22 ### Breaking Changes - Removed `fuzzyTolerance` parameter. - Replaced static fuzzy matching with a dynamic system. ### Added - New blocklist validation configuration options: - `matchingSensitivity` - `minEditDistance` - `maxEditDistance` - `customDistanceCalculator` - `trimWhitespace` - Comprehensive documentation and examples for the new matching system. - Improved handling of Unicode characters for blocklist validation. - Optional whitespace trimming for passwords and blocklist terms: - Enabled by default (NIST recommendation). - Configurable via the `trimWhitespace` option. ### Fixed - Resolved an issue where short blocklist terms caused excessive false positives. ### Migration Guide Users upgrading from `1.x.x` to `2.0.0` should: 1. Replace `fuzzyTolerance` with the new configuration options (`matchingSensitivity`, `minEditDistance`, `maxEditDistance`, or `customDistanceCalculator`). 2. Review and test existing blocklists to ensure compatibility with the new dynamic matching algorithm. 3. Update integration tests to align with the updated API. --- ## [1.0.7] - 2024-12-19 ### Fixed - Resolved a bug where short blocklist terms caused false positives. - Updated README for better clarity. --- ## [1.0.6] - 2024-12-18 ### Added - Added padding for HIBP (Have I Been Pwned) API integration. --- ## [1.0.5] - 2024-12-17 ### Fixed - Minor corrections in the README. --- ## [1.0.4] - 2024-12-15 ### Added - New test cases for additional validation scenarios. - Improved code documentation with JSDoc comment blocks. - README updates for detailed usage examples. --- ## [1.0.3] - 2024-12-12 ### Changed - Terminology update: Replaced "blacklist" with "blocklist." - Updated default maximum password length to 100K characters. ### Added - Expanded test coverage with new cases. - Added project keywords for discoverability. --- ## [1.0.2] - 2024-12-12 ### Fixed - Export issues resolved for smoother library usage. - README corrections for consistency. --- ## [1.0.1] - 2024-12-12 ### Changed - Renamed the library file from `nist-password-validator.js` to `nist-password-validator`. ---