UNPKG

xypriss-security

Version:

Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.

175 lines 5.86 kB
import { PasswordHashOptions } from "."; /** * Constructor options for `PasswordManager`. * These become the permanent defaults for every `hash()` and `verify()` call. */ export interface PasswordManagerOptions extends PasswordHashOptions { /** * Hashing algorithm to use. * @default "argon2id" */ algorithm?: "argon2id" | "scrypt" | "pbkdf2" | string; /** * Memory cost in KiB (Argon2id). * Higher = more resistant to brute-force at the cost of RAM. * @default 65536 (64 MiB) */ memoryCost?: number; /** * Number of time iterations (Argon2id / PBKDF2). * @default 3 */ iterations?: number; /** * Degree of parallelism / thread count (Argon2id). * @default 4 */ parallelism?: number; /** * Secret pepper appended to every password before hashing. * Store separately from the database (e.g., an environment variable). */ pepper?: string; /** * Customization for the password strength method (e.g., required min/max length, mandatory character sets). */ strength?: PasswordStrengthOptions; } /** * Options for customizing password strength evaluation. */ export interface PasswordStrengthOptions { /** Minimum required length. @default 8 */ minLength?: number; /** Maximum required length. */ maxLength?: number; /** Require at least one uppercase letter (A-Z). @default false */ requireUppercase?: boolean; /** Require at least one lowercase letter (a-z). @default false */ requireLowercase?: boolean; /** Require at least one digit (0-9). @default false */ requireNumbers?: boolean; /** Require at least one special symbol. @default false */ requireSymbols?: boolean; /** Prevent repeating characters (e.g. 'aaa'). @default false */ preventRepeats?: boolean; /** Prevent common sequences (e.g. '123', 'abc'). @default false */ preventSequences?: boolean; /** Check if the password contains common dictionary words. @default false */ checkDictionary?: boolean; } /** * Criteria for generating a secure random password. */ export interface PasswordGenerateOptions { /** * Total length of the generated password. * Must be between 8 and 512 inclusive. * @default 20 */ length?: number; /** Include uppercase letters (A-Z). @default true */ uppercase?: boolean; /** Include lowercase letters (a-z). @default true */ lowercase?: boolean; /** Include digits (0-9). @default true */ numbers?: boolean; /** Include special symbols. @default true */ symbols?: boolean; /** Remove visually similar characters (e.g. 0, O, l, 1). @default false */ excludeSimilar?: boolean; /** * Custom characters to inject into the password (guarantee at least one * occurrence of each char in this string). * Extra chars are *injected* at random positions, not appended. */ extra?: string; } /** * Criteria for generating a memorable passphrase. */ export interface PassphraseOptions { /** * Number of words in the passphrase. * Must be between 3 and 20 inclusive. * @default 5 */ wordCount?: number; /** Word separator. @default "-" */ separator?: string; /** Capitalize the first letter of each word. @default true */ capitalize?: boolean; /** * Append a random number block at the end (e.g. "-4827"). * Significantly increases entropy. * @default true */ appendNumbers?: boolean; /** * EFF wordlist variant to use. * - `"large"` (default): 7 776 words, ~12.9 bits/word * - `"short1"`: 1 296 words, ~10.3 bits/word * - `"short2"`: 1 296 words, ~10.3 bits/word (uniquely decodable) * @default "large" */ variant?: "large" | "short1" | "short2"; /** * Directory containing the EFF `.txt` wordlist files. * Defaults to the `src/mods/` directory bundled with the package. */ dir?: string; /** * Custom file path to an EFF-formatted wordlist. * Takes precedence over `dir` + `variant`. */ filePath?: string; /** * Fallback behaviour if the EFF file cannot be loaded. * - `"silent"` (default): use built-in 256-word list silently. * - `"warn"`: use built-in list but print a console warning. * - `false`: throw an error instead of falling back. * @default "silent" */ allowFallback?: "silent" | "warn" | false; } /** * Result of a password strength analysis. */ export interface PasswordStrengthResult { /** Score from 0 (very weak) to 100 (extremely strong). */ score: number; /** Human-readable label. */ label: "very-weak" | "weak" | "fair" | "strong" | "very-strong"; /** Specific improvement suggestions. */ suggestions: string[]; /** Detailed breakdown of the analysis. */ analysis: { length: number; hasUppercase: boolean; hasLowercase: boolean; hasNumbers: boolean; hasSymbols: boolean; hasRepeats: boolean; hasSequences: boolean; entropy: number; /** Estimated offline cracking time in seconds (assuming 1 billion guesses/sec). */ crackTimeSeconds: number; /** Human-readable representation of cracking time. */ crackTimeDisplay: string; }; /** Indicates whether the password meets all custom strength requirements. */ isValid?: boolean; } /** * Result of a HaveIBeenPwned breach check. */ export interface BreachCheckResult { /** Whether the password was found in any known breach corpus. */ breached: boolean; /** * Number of times the password appeared across all known breaches. * `0` means no match was found. */ occurrences: number; } //# sourceMappingURL=PasswordManagerOptions.d.ts.map