UNPKG

password-generator

Version:

Memorable password generator for Node and browsers (async WebCrypto).

bermi/password-generator

351 lines (346 loc) 13.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
var __defProp = Object.defineProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true, configurable: true, set: (newValue) => all[name] = () => newValue }); }; var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res); // src/random.ts var crypto, MAX_RANDOM_BYTES = 65536, getRandomBytes = async (length) => { if (!Number.isFinite(length) || length < 0) { throw new RangeError("length must be a non-negative finite number"); } const buffer = new Uint8Array(length); for (let offset = 0;offset < length; offset += MAX_RANDOM_BYTES) { const end = Math.min(offset + MAX_RANDOM_BYTES, length); crypto.getRandomValues(buffer.subarray(offset, end)); } return buffer; }, createDeterministicRandomBytes = async (entropy, cryptoSource = crypto) => { if (entropy.length === 0) { throw new RangeError("entropy must not be empty"); } if (!cryptoSource.subtle) { throw new Error("WebCrypto subtle is required for deterministic entropy"); } const keyData = new Uint8Array(entropy).buffer; const key = await cryptoSource.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]); let counter = 0n; const counterBytes = new Uint8Array(8); const counterView = new DataView(counterBytes.buffer); const deterministicRandomBytes = async (length) => { if (!Number.isFinite(length) || length < 0) { throw new RangeError("length must be a non-negative finite number"); } const buffer = new Uint8Array(length); let offset = 0; while (offset < length) { counterView.setBigUint64(0, counter, false); counter += 1n; const block = new Uint8Array(await cryptoSource.subtle.sign("HMAC", key, counterBytes)); const take = Math.min(block.length, length - offset); buffer.set(block.subarray(0, take), offset); offset += take; } return buffer; }; return deterministicRandomBytes; }, randomInt = async (min, max, randomBytes = getRandomBytes) => { if (!Number.isFinite(min) || !Number.isFinite(max)) { throw new RangeError("min and max must be finite numbers"); } if (max <= min) { throw new RangeError("max must be greater than min"); } const range = max - min; if (range === 1) { return min; } const bytesNeeded = Math.ceil(Math.log2(range) / 8); const maxValue = 256 ** bytesNeeded; const limit = maxValue - maxValue % range; let value = limit; while (value >= limit) { const bytes = await randomBytes(bytesNeeded); value = 0; for (const byte of bytes) { value = value * 256 + byte; } } return min + value % range; }; var init_random = __esm(() => { crypto = globalThis.crypto; }); // src/index.ts var exports_src = {}; __export(exports_src, { generatePasswordWithOptions: () => generatePasswordWithOptions, generatePassword: () => generatePassword }); var VOWELS = "aeiou", CONSONANTS = "bcdfghjklmnpqrstvwxyz", CONSONANT, DEFAULT_PATTERN, DEFAULT_LENGTH = 12, MIN_ENTROPY_BITS = 64, MIN_WORD_LENGTH = 3, MAX_WORD_LENGTH = 7, textEncoder, MIN_MEMORABLE_LENGTH, buildValidChars = (pattern) => { const chars = []; for (let i = 33;i <= 126; i += 1) { const char = String.fromCharCode(i); if (pattern.test(char)) { chars.push(char); } } if (chars.length === 0) { throw new Error(`Could not find characters that match the password pattern ${pattern}. Patterns must match individual characters, not the password as a whole.`); } return chars; }, estimatePatternEntropy = (alphabetSize, length, prefixLength) => { const bitsPerChar = alphabetSize > 1 ? Math.log2(alphabetSize) : 0; return { entropyBits: bitsPerChar * Math.max(0, length - prefixLength), recommendedLength: bitsPerChar > 0 ? prefixLength + Math.ceil(MIN_ENTROPY_BITS / bitsPerChar) : null }; }, estimateMemorableEntropy = (length, prefix) => { const effectiveLength = Math.max(0, length - prefix.length); let entropyBits = 0; let expectsVowel = CONSONANT.test(prefix); for (let i = 0;i < effectiveLength; i += 1) { entropyBits += Math.log2(expectsVowel ? VOWELS.length : CONSONANTS.length); expectsVowel = !expectsVowel; } let recommendedLength = prefix.length; let bits = 0; expectsVowel = CONSONANT.test(prefix); while (bits < MIN_ENTROPY_BITS) { bits += Math.log2(expectsVowel ? VOWELS.length : CONSONANTS.length); expectsVowel = !expectsVowel; recommendedLength += 1; } return { entropyBits, recommendedLength }; }, buildMemorable = async (length, startsWithVowel, nextInt) => { let expectsVowel = startsWithVowel; let result = ""; for (let i = 0;i < length; i += 1) { const alphabet = expectsVowel ? VOWELS : CONSONANTS; result += alphabet[await nextInt(0, alphabet.length)]; expectsVowel = !expectsVowel; } return result; }, buildWordLengths = async (count, nextInt, targetLength) => { const lengths = []; let total = 0; for (let i = 0;i < count; i += 1) { const len = await nextInt(MIN_WORD_LENGTH, MAX_WORD_LENGTH + 1); lengths.push(len); total += len; } if (targetLength !== undefined && total < targetLength) { const adjustable = []; for (let i = 0;i < count; i += 1) { if (lengths[i] < MAX_WORD_LENGTH) adjustable.push(i); } let remaining = targetLength - total; while (remaining > 0 && adjustable.length > 0) { const pick = await nextInt(0, adjustable.length); const wordIdx = adjustable[pick]; lengths[wordIdx] = lengths[wordIdx] + 1; remaining -= 1; if (lengths[wordIdx] >= MAX_WORD_LENGTH) { adjustable.splice(pick, 1); } } } return lengths; }, generatePassword = async (length, memorable, pattern, prefix) => { const opts = {}; if (length !== undefined) opts.length = length; if (memorable !== undefined) opts.memorable = memorable; if (pattern !== undefined) opts.pattern = pattern; if (prefix !== undefined) opts.prefix = prefix; return generatePasswordWithOptions(opts); }, generatePasswordWithOptions = async (options) => { const length = options?.length ?? DEFAULT_LENGTH; const memorable = options?.memorable ?? false; const pattern = options?.pattern ?? DEFAULT_PATTERN; const prefix = String(options?.prefix ?? ""); const ignoreSecurityRecommendations = options?.ignoreSecurityRecommendations ?? false; const entropy = options?.entropy; const words = options?.words; if (!Number.isSafeInteger(length)) { throw new RangeError("length must be a safe integer"); } if (length < 0) { throw new RangeError("length must be a non-negative integer"); } if (!(pattern instanceof RegExp)) { throw new TypeError("pattern must be a RegExp"); } if (words !== undefined) { if (!Number.isSafeInteger(words)) { throw new RangeError("words must be a safe integer"); } if (words <= 0) { throw new RangeError("words must be a positive integer"); } } if (words !== undefined && prefix !== "") { throw new Error("prefix is not supported when words are enabled"); } let entropyBytes; if (entropy !== undefined) { if (typeof entropy === "string") { entropyBytes = textEncoder.encode(entropy); } else if (entropy instanceof Uint8Array) { entropyBytes = entropy; } else { throw new TypeError("entropy must be a Uint8Array or string"); } } const randomBytes = entropyBytes ? await createDeterministicRandomBytes(entropyBytes) : getRandomBytes; const nextInt = (min, max) => randomInt(min, max, randomBytes); if (words !== undefined) { if (!ignoreSecurityRecommendations && words * MAX_WORD_LENGTH < MIN_MEMORABLE_LENGTH) { const recommendedWords = Math.ceil(MIN_MEMORABLE_LENGTH / MAX_WORD_LENGTH); throw new Error(`Security recommendation: word count ${words} cannot reach ${MIN_ENTROPY_BITS} bits with ${MIN_WORD_LENGTH}-${MAX_WORD_LENGTH} letter words. Use words >= ${recommendedWords}. To override, pass { ignoreSecurityRecommendations: true }.`); } const targetLength = ignoreSecurityRecommendations ? undefined : MIN_MEMORABLE_LENGTH; const lengths = await buildWordLengths(words, nextInt, targetLength); const wordsList = []; for (const wordLength of lengths) { wordsList.push(await buildMemorable(wordLength, false, nextInt)); } return wordsList.join(" "); } if (memorable) { if (!ignoreSecurityRecommendations) { const estimate = estimateMemorableEntropy(length, prefix); if (estimate.entropyBits < MIN_ENTROPY_BITS) { throw new Error(`Security recommendation: estimated entropy ${estimate.entropyBits.toFixed(1)} bits is below ${MIN_ENTROPY_BITS} bits. Use length >= ${estimate.recommendedLength} or set memorable: false. To override, pass { ignoreSecurityRecommendations: true }.`); } } const charCount = Math.max(0, length - prefix.length); return prefix + await buildMemorable(charCount, CONSONANT.test(prefix), nextInt); } const validChars = buildValidChars(pattern); if (!ignoreSecurityRecommendations) { const estimate = estimatePatternEntropy(validChars.length, length, prefix.length); if (estimate.entropyBits < MIN_ENTROPY_BITS) { const recommendation = estimate.recommendedLength === null ? "Use a broader pattern to increase the character set." : `Use length >= ${estimate.recommendedLength} or broaden the pattern.`; throw new Error(`Security recommendation: estimated entropy ${estimate.entropyBits.toFixed(1)} bits is below ${MIN_ENTROPY_BITS} bits. ${recommendation} To override, pass { ignoreSecurityRecommendations: true }.`); } } let result = prefix; while (result.length < length) { result += validChars[await nextInt(0, validChars.length)]; } return result; }; var init_src = __esm(() => { init_random(); CONSONANT = new RegExp(`[${CONSONANTS}]$`, "i"); DEFAULT_PATTERN = /\w/; textEncoder = new TextEncoder; MIN_MEMORABLE_LENGTH = (() => { let bits = 0; let len = 0; let vowel = false; while (bits < MIN_ENTROPY_BITS) { bits += Math.log2(vowel ? VOWELS.length : CONSONANTS.length); vowel = !vowel; len += 1; } return len; })(); }); // src/cli.ts import { parseArgs } from "node:util"; var DEFAULT_LENGTH2 = 16; var DEFAULT_MEMORABLE_LENGTH = 20; var DEFAULT_WORDS = 3; var showHelp = () => { console.log(`Generates a secure password\r `); console.log("Options:"); console.log(` -l, --length <n>: Password length [default: ${DEFAULT_LENGTH2}, or ${DEFAULT_MEMORABLE_LENGTH} with --memorable]`); console.log(" -m, --memorable: Generates a memorable password"); console.log(" -c, --non-memorable: Generates a non memorable password [default]"); console.log(" -p, --pattern <regex>: Pattern to match for the generated password"); console.log(" -i, --ignore-security-recommendations: Ignore security recommendations"); console.log(` -s, -sN, --words <n>: Generate N memorable words (3-7 letters) separated by spaces [default: ${DEFAULT_WORDS}]`); console.log(" -h, --help: Displays this help"); }; var expandWordsArg = (argv) => { const result = []; for (let i = 0;i < argv.length; i += 1) { const arg = argv[i]; const match = arg.match(/^-s(\d+)$/); if (match) { result.push("--words", match[1]); } else if (arg === "-s") { const next = argv[i + 1]; if (next !== undefined && /^\d+$/.test(next)) { result.push("--words", next); i += 1; } else { result.push("--words", String(DEFAULT_WORDS)); } } else { result.push(arg); } } return result; }; var runCli = async (argv = process.argv.slice(2)) => { const { values } = parseArgs({ args: expandWordsArg(argv), options: { length: { type: "string", short: "l" }, memorable: { type: "boolean", short: "m" }, "non-memorable": { type: "boolean", short: "c" }, pattern: { type: "string", short: "p" }, "ignore-security-recommendations": { type: "boolean", short: "i" }, words: { type: "string" }, help: { type: "boolean", short: "h" } }, strict: false, allowPositionals: true }); if (values.help) { showHelp(); return; } const { generatePasswordWithOptions: generatePasswordWithOptions2 } = await Promise.resolve().then(() => (init_src(), exports_src)); let memorable = values.memorable === true; if (values["non-memorable"]) memorable = false; const patternRaw = values.pattern; const pattern = typeof patternRaw === "string" ? new RegExp(patternRaw) : undefined; if (pattern) memorable = false; const words = values.words !== undefined ? Number(values.words) : undefined; const lengthRaw = values.length; const lengthValue = typeof lengthRaw === "string" ? Number(lengthRaw) : undefined; const length = lengthValue !== undefined ? lengthValue : words !== undefined ? undefined : memorable ? DEFAULT_MEMORABLE_LENGTH : DEFAULT_LENGTH2; const ignoreSecurityRecommendations = values["ignore-security-recommendations"] === true; const options = { memorable, ignoreSecurityRecommendations }; if (pattern) options.pattern = pattern; if (typeof length === "number" && Number.isFinite(length)) options.length = length; if (words !== undefined) options.words = words; console.log(await generatePasswordWithOptions2(options)); }; export { runCli }; //# debugId=50A204555605F5BB64756E2164756E21 //# sourceMappingURL=cli.js.map