Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

password-validator

tarunbatra336.2kMIT5.3.0TypeScript support: included

Validates password according to flexible and intuitive specifications

password, validator, rules, schema, validation, check, match

readme

logo

npm version npm downloads gh action build status coverage status

Install

npm install password-validator

Usage

var passwordValidator = require('password-validator');

// Create a schema
var schema = new passwordValidator();

// Add properties to it
schema
.is().min(8)                                    // Minimum length 8
.is().max(100)                                  // Maximum length 100
.has().uppercase()                              // Must have uppercase letters
.has().lowercase()                              // Must have lowercase letters
.has().digits(2)                                // Must have at least 2 digits
.has().not().spaces()                           // Should not have spaces
.is().not().oneOf(['Passw0rd', 'Password123']); // Blacklist these values

// Validate against a password string
console.log(schema.validate('validPASS123'));
// => true
console.log(schema.validate('invalidPASS'));
// => false

// Get a full list of rules which failed
console.log(schema.validate('joke', { list: true }));
// => [ 'min', 'uppercase', 'digits' ]

Advanced usage

Details about failed validations

Sometimes just knowing that the password validation failed or what failed is not enough and it is important too get more context. In those cases, details option can be used to get more details about what failed.

console.log(schema.validate('joke', { details: true }));

The above code will output:

[
  {
    validation: 'min',
    arguments: 8,
    message: 'The string should have a minimum length of 8 characters'
  },
  {
    validation: 'uppercase',
    message: 'The string should have a minimum of 1 uppercase letter'
  },
  {
    validation: 'digits',
    arguments: 2,
    message: 'The string should have a minimum of 2 digits'
  }
]

Custom validation messages

The validation messages can be overriden by providing a description of the validation. For example:

schema.not().uppercase(8, 'maximum 8 chars in CAPS please')

The above validation, on failure, should return the following object:

  {
    validation: 'min',
    arguments: 8,
    inverted: true,
    message: 'maximum 8 chars in CAPS please'
  },

Plugins

Plugin functions can be added to the password validator schema for custom password validation going beyond the rules provided here. For example:

var validator = require('validator');
var passwordValidator = require('password-validator');

var schema = new passwordValidator()
    .min(3, 'Password too small')
    .usingPlugin(validator.isEmail, 'Password should be an email');

schema.validate('not-an-email', { details: true })
// [{ validation: 'usingPlugin', arguments: [Function: isEmail], message: 'Password should be an email' }]

Rules

Rules supported as of now are:

Rules Descriptions
digits([count], [description]) specifies password must include digits (optionally provide count paramenter to specify at least n digits)
letters([count], [description]) specifies password must include letters (optionally provide count paramenter to specify at least n letters)
lowercase([count], [description]) specifies password must include lowercase letters (optionally provide count paramenter to specify at least n lowercase letters)
uppercase([count], [description]) specifies password must include uppercase letters (optionally provide count paramenter to specify at least n uppercase letters)
symbols([count], [description]) specifies password must include symbols (optionally provide count paramenter to specify at least n symbols)
spaces([count], [description]) specifies password must include spaces (optionally provide count paramenter to specify at least n spaces)
min(len, [description]) specifies minimum length
max(len, [description]) specifies maximum length
oneOf(list) specifies the whitelisted values
not([regex], [description]) inverts the result of validations applied next
is() inverts the effect of not()
has([regex], [description]) inverts the effect of not() and applies a regex (optional)
usingPlugin(fn, [description]) Executes custom function and include its result in password validation

Options

The following options can be passed to validate method:

  • list - If set, validate method returns a list of rules which failed instead of true/false.

Resources

For APIs of other older versions, head to Wiki.

License

MIT License

changelog

Changelog

This changelog document tracks the changes in the project API since v2.1.2.

This project adheres to semver.

5.3.0

5.2.1

  • Add missing types for v5.2.0

5.2.0

  • Add details option to validate method to return details like validation message, arguments, etc. for failed validations.

5.1.2

  • Generate correct types to fix issue #18

5.1.1

  • Update dev dependencies
  • Improve validate method type

5.1.0

  • Added optional count argument to define minimum count required for attributes. See #39.
  • Added support for § and ± in symbols
  • Updated dev-dependencies versions due to CVEs

5.0.3

  • Add types

5.0.2

  • Fixed issue #28 where uppercase and lowercase validations did not respect not.

5.0.1

  • Used ES6 classes internally
  • Dropped support for node versions below 8

4.1.2

  • Support non-english lanugaes for lowercase anduppercase rules #24

4.1.1

  • Allowed currency symbols other than dollar in #16 and #17

4.0.0

  • Allowed empty strings as passwords in #9

3.0.0

  • Added rule oneOf to the schema
  • Added is method to make schema more readable
  • Renamed PasswordSchema class to PasswordValidator

2.2.0

  • Added list option to the validate method.
  • Code optimizations.

2.1.2

  • Fixed issue #3 relating to file loading in frontend environment.
  • Removed underscore as dependency.