zxcvbn3/dist/main.js

realistic password strength estimation

import { Matching } from './matching';
import { Scoring } from './scoring';
import { TimeEstimates } from './time_estimates';
import { Feedback } from './feedback';
const time = () => (new Date()).getTime();
const defaultOptions = {
    user_inputs: [],
    language: "en",
    i18n: {
        en: {
            ADD_MORE_WORDS: "Add another word or two. Uncommon words are better.",
            ALL_UPPERCASE: "All-uppercase is almost as easy to guess as all-lowercase",
            AVOID_DATES: "Avoid dates and years that are associated with you",
            AVOID_RECENT_YEARS: "Avoid recent years",
            AVOID_REPEATS: "Avoid repeated words and characters",
            AVOID_SEQUENCES: "Avoid sequences",
            AVOID_YEARS_ASSOCIATED_WITH_YOU: "Avoid years that are associated with you",
            CAPITALIZATION_DOESNT_MATTER: "Capitalization doesn't help very much",
            NOT_JUST_NAMES_AND_SURNAMES: "Names and surnames by themselves are easy to guess",
            NOT_JUST_ONE_WORD: "A word by itself is easy to guess",
            NO_COMMON_NAMES: "Common names and surnames are easy to guess",
            NO_DATES: "Dates are often easy to guess",
            NO_NEED_FOR_SPECIAL_CHARS: "No need for symbols, digits, or uppercase letters",
            NO_RECENT_YEARS: "Recent years are easy to guess",
            NO_REPEATING_REPEATS: "Repeats like \"abcabcabc\" are only slightly harder to guess than \"abc\"",
            NO_REPEATS: "Repeats like \"aaa\" are easy to guess",
            NO_REVERSED_WORDS: "Reversed words aren't much harder to guess",
            NO_SEQUENCES: "Sequences like \"abc\" or \"6543\" are easy to guess",
            NO_SHORT_PATTERNS: "Short keyboard patterns are easy to guess",
            NO_SIMILAR_PASSWORDS: "This is similar to a commonly used password",
            NO_STRAIGHT_ROWS: "Straight rows of keys are easy to guess",
            NO_SUBSITUTIONS: "Predictable substitutions like \"@\" instead of \"a\" don't help very much",
            TOP_100_PASSWORD: "This is a top-100 common password",
            TOP_10_PASSWORD: "This is a top-10 common password",
            USE_LONGER_PATTERN: "Use a longer keyboard pattern with more turns",
            USE_WORDS_NO_COMMON_PHRASES: "Use a few words, avoid common phrases",
            VERY_COMMON_PASSWORD: "This is a very common password",
        },
        de: {
            ADD_MORE_WORDS: "Füge noch ein paar Wörter hinzu, die nicht so gängig sind.",
            ALL_UPPERCASE: "Nur Großbuchstaben sind fast so einfach zu erraten wie nur Kleinbuchstaben.",
            AVOID_DATES: "Vermeide Daten und Jahreszahlen, die mit Dir in Verbindung gebracht werden können",
            AVOID_RECENT_YEARS: "Vermeide aktuelle Jahreszahlen",
            AVOID_REPEATS: "Vermeide sich wiederholende Wörter und Buchstaben",
            AVOID_SEQUENCES: "Vermeide Buchstabenmuster",
            AVOID_YEARS_ASSOCIATED_WITH_YOU: "Vermeide Jahreszahlen, die mit Dir in Verbindung stehen",
            CAPITALIZATION_DOESNT_MATTER: "Großschreibung hilft auch nicht viel",
            NOT_JUST_NAMES_AND_SURNAMES: "Alleinstehende Namen sind sehr einfach zu erraten!",
            NOT_JUST_ONE_WORD: "Eineinzelnes Wort ist sehr einfach zu erraten",
            NO_COMMON_NAMES: "Gängige Namen sind leicht zu erraten",
            NO_DATES: "Daten sind oft einfach zu erraten",
            NO_NEED_FOR_SPECIAL_CHARS: "Symbole, Zahlen und Großbuchstaben werden nicht benötigt",
            NO_RECENT_YEARS: "Aktuelle Jahreszahlen sind leicht zu erraten",
            NO_REPEATING_REPEATS: "Wiederholungen wie \"abcabcabc\" sind nur etwas schwerer zu erraten wie \"abc\"",
            NO_REPEATS: "Wiederholungen wie \"aaa\" sind leicht zu erraten",
            NO_REVERSED_WORDS: "Rückwärts geschrieben Wörter sind nicht viel schwerer zu erraten",
            NO_SEQUENCES: "Reihenfolgen wie \"abc\" or \"6543\" sind sehr leicht zu erraten",
            NO_SHORT_PATTERNS: "Kurze Tastenmuster sind einfach zu erraten",
            NO_SIMILAR_PASSWORDS: "Dieses Passwort ist sehr ähnlich zu einem häufig genutzten Passwort",
            NO_STRAIGHT_ROWS: "Tastenreihen sind leicht zu erraten",
            NO_SUBSITUTIONS: "Vorhersehbare Ersetzungen wie \"@\" statt \"a\" helfen nicht viel",
            TOP_100_PASSWORD: "Das ist eines der 100 meistgenutzten Passwörter",
            TOP_10_PASSWORD: "Das ist eines der 10 meistgenutzten Passwörter",
            USE_LONGER_PATTERN: "Verwende ein längeres Tastenmuster",
            USE_WORDS_NO_COMMON_PHRASES: "Verwende mehrere Wörter und vermeide gängige Phrasen",
            VERY_COMMON_PASSWORD: "Das ist eines der meistgenutzten Passwörter",
        },
    },
    keyboard_layouts: {
        german: {
            layout: `
^° 1! 2" 3§ 4$ 5% 6& 7/ 8( 9) 0= ß? ´\`
 qQ wW eE rR tT zZ uU iI oO pP üÜ +*
  aA sS dD fF gG hH jJ kK lL öÖ äÄ #'
   yY xX cC vV bB nN mM ,; .: -_
`,
            slanted: true,
        }
    },
};
export const zxcvbn = function (password, options) {
    options = Object.assign(defaultOptions, options);
    const start = time();
    // reset the user inputs matcher on a per-request basis to keep things stateless
    const sanitized_inputs = [];
    for (let arg of Array.from(options.user_inputs)) {
        if (["string", "number", "boolean"].includes(typeof arg)) {
            sanitized_inputs.push(arg.toString().toLowerCase());
        }
    }
    Matching.set_user_input_dictionary(sanitized_inputs);
    const matches = Matching.omnimatch(password, options);
    const result = Scoring.most_guessable_match_sequence(password, matches);
    result.calc_time = time() - start;
    const attack_times = TimeEstimates.estimate_attack_times(result.guesses);
    for (let prop in attack_times) {
        const val = attack_times[prop];
        result[prop] = val;
    }
    result.feedback = Feedback.get_feedback(result.score, result.sequence, options);
    return result;
};
//# sourceMappingURL=main.js.map