UNPKG

nist-password-validator

Version:

A lightweight, zero-dependencies open-source password validator according to NIST guidelines.

github.com/ypreiser/NIST-password-ts

ypreiser/NIST-password-ts

122 lines (117 loc) • 4.08 kB

JavaScript

"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/validators/blocklistValidator.ts var blocklistValidator_exports = {}; __export(blocklistValidator_exports, { blocklistValidator: () => blocklistValidator }); module.exports = __toCommonJS(blocklistValidator_exports); // src/utils/levenshteinDistance.ts function levenshteinDistance(a, b) { const normalizeAndSplit = (str) => [...str.normalize("NFC")]; let aArray = normalizeAndSplit(a); let bArray = normalizeAndSplit(b); if (aArray.length === 0) return bArray.length; if (bArray.length === 0) return aArray.length; if (aArray.length < bArray.length) { [aArray, bArray] = [bArray, aArray]; } const previousRow = Array.from({ length: bArray.length + 1 }, (_, j) => j); const currentRow = new Array(bArray.length + 1); for (let i = 1; i <= aArray.length; i++) { currentRow[0] = i; for (let j = 1; j <= bArray.length; j++) { const substitutionCost = aArray[i - 1] === bArray[j - 1] ? 0 : 1; currentRow[j] = Math.min( previousRow[j] + 1, // deletion currentRow[j - 1] + 1, // insertion previousRow[j - 1] + substitutionCost // substitution ); } for (let j = 0; j <= bArray.length; j++) { previousRow[j] = currentRow[j]; } } return previousRow[bArray.length]; } // src/utils/utf8Length.ts function getUtf8Length(input) { return [...input].length; } // src/validators/blocklistValidator.ts function blocklistValidator(password, blocklist, options = {}) { const { matchingSensitivity = 0.25, maxEditDistance = 5, customDistanceCalculator, trimWhitespace = true, errorLimit = Infinity } = options; const errors = []; if (!Array.isArray(blocklist) || blocklist.length === 0 || blocklist.every((term) => term === "")) { return { isValid: true, errors }; } const processedBlocklistSet = new Set( blocklist.filter((term) => term.trim() !== "").map( (term) => trimWhitespace ? term.trim().toLowerCase() : term.toLowerCase() ) ); const calculateFuzzyTolerance = (term) => { if (customDistanceCalculator) { return customDistanceCalculator(term, password); } return Math.max( Math.min( Math.floor(getUtf8Length(term) * matchingSensitivity), maxEditDistance ), 0 ); }; const isTermBlocked = (blockedWord) => { const fuzzyTolerance = calculateFuzzyTolerance(blockedWord); if (getUtf8Length(blockedWord) <= fuzzyTolerance) { return processedBlocklistSet.has(blockedWord.toLowerCase()); } for (let i = 0; i <= getUtf8Length(password) - getUtf8Length(blockedWord); i++) { const substring = password.substring(i, i + getUtf8Length(blockedWord)).toLowerCase(); const distance = levenshteinDistance(substring, blockedWord); if (distance <= fuzzyTolerance) { return true; } } return false; }; for (const term of processedBlocklistSet) { if (isTermBlocked(term)) { errors.push(`Password contains a substring too similar to: "${term}".`); if (errors.length >= errorLimit) { break; } } } return { isValid: errors.length === 0, errors }; } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { blocklistValidator });