{"id":15046679,"url":"https://github.com/auth0/password-sheriff","last_synced_at":"2025-05-16T08:04:54.210Z","repository":{"id":17181835,"uuid":"19949239","full_name":"auth0/password-sheriff","owner":"auth0","description":"Password policies made easy.","archived":false,"fork":false,"pushed_at":"2025-03-28T17:46:38.000Z","size":134,"stargazers_count":76,"open_issues_count":1,"forks_count":20,"subscribers_count":64,"default_branch":"master","last_synced_at":"2025-04-12T16:47:41.427Z","etag":null,"topics":["dx-sdk"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-05-19T16:28:36.000Z","updated_at":"2025-01-24T16:12:06.000Z","dependencies_parsed_at":"2023-09-23T08:01:21.164Z","dependency_job_id":"7e6d6497-3f11-4302-aeb6-5355fa8dd4d9","html_url":"https://github.com/auth0/password-sheriff","commit_stats":{"total_commits":72,"total_committers":18,"mean_commits":4.0,"dds":"0.36111111111111116","last_synced_commit":"61fa94c8f09178e0c4852fc91ca4a9dbc79bed7e"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassword-sheriff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassword-sheriff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassword-sheriff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fpassword-sheriff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/password-sheriff/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493378,"owners_count":22080126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dx-sdk"],"created_at":"2024-09-24T20:53:22.816Z","updated_at":"2025-05-16T08:04:52.962Z","avatar_url":"https://github.com/auth0.png","language":"JavaScript","funding_links":[],"categories":["Developer Ecosystem"],"sub_categories":[],"readme":"# Password Sheriff\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff?ref=badge_shield)\n\n\nNode.js (and browserify supported) library to enforce password policies.\n\n## Install\n\n```sh\nnpm install password-sheriff\n```\n\n## Usage\n\n```js\nvar PasswordPolicy = require('password-sheriff').PasswordPolicy;\n\n// Create a length password policy\nvar lengthPolicy = new PasswordPolicy({length: {minLength: 6}});\n\n// will throw as the password does not meet criteria\nlengthPolicy.assert('hello');\n\n// returns false if password does not meet rules\nassert.equal(false, lengthPolicy.check('hello'));\n\n// explains the policy\nvar explained = lengthPolicy.explain();\n\nassert.equal(1, explained.length);\n\n// easier i18n\nassert.equal('lengthAtLeast', explained[0].code);\nassert.equal('At least 6 characters in length',\n             format(explained[0].message, explained[0].format));\n```\n\n### API\n\n#### Password Rules\n\nPassword Rules are objects that implement the following methods:\n\n * `rule.validate(options)`: method called after the rule was created in order to validate `options` arguments.\n * `rule.assert(options, password)`: returns true if `password` is valid.\n * `rule.explain(options)`: returns an object with `code`, `message` and `format` attributes:\n   * `code`: Identifier of the rule. This attribute is meant to aid i18n.\n   * `message`: Description of the rule that must be formatted using `util.format`.\n   * `format`: Array of `string` or `Number` that will be used for the replacements required in `message`.\n * `rule.missing(options, password)`: returns an object similar to `rule.explain` plus an additional field `verified` that informs whether the password meets the rule.\n\n\nExample of `rule.explain` method:\n\n```js\nFooRule.prototype.explain = function (options) {\n  return {\n    // identifier rule (to make i18n easier)\n    code: 'foo',\n    message: 'Foo should be present at least %d times.',\n    format: [options.count]\n  };\n};\n```\n\nWhen explained:\n\n```js\nvar explained = fooRule.explain({count: 5});\n\n// \"Foo should be present at least 5 times\"\nutil.format(explained.message, explained.format[0]);\n```\n\nSee the [custom-rule example](examples/custom-rule.js) section for more information.\n\n#### Built-in Password Rules\n\nPassword Sheriff includes some default rules:\n\n  * `length`: The minimum amount of characters a password must have.\n  ```js\n  var lengthPolicy = new PasswordPolicy({length: {minLength: 3}});\n  ```\n\n  * `contains`:  Password should contain all of the charsets specified. There are 4 predefined charsets: `upperCase`, `lowerCase`, `numbers` and `specialCharacters` (`specialCharacters`are the ones defined in OWASP Password Policy recommendation document).\n  ```js\n  var charsets = require('password-sheriff').charsets;\n\n  var containsPolicy = new PasswordPolicy({contains: {\n    expressions: [charsets.upperCase, charsets.numbers]\n  }});\n  ```\n\n  * `containsAtLeast`: Passwords should contain at least `atLeast` of a total of `expressions.length` groups.\n  ```js\n  var charsets = require('password-sheriff').charsets;\n\n  var containsAtLeastPolicy = new PasswordPolicy({\n    containsAtLeast: {\n      atLeast: 2,\n      expressions: [ charsets.lowerCase, charsets.upperCase, charsets.numbers ]\n    }\n  });\n  ```\n\n  * `identicalChars`: Passwords should not contain any character repeated continuously `max + 1` times.\n  ```js\n  var identitcalCharsPolicy = new PasswordPolicy({\n    identicalChars: {\n      max: 3\n    }\n  });\n  ```\n\nSee the [default-rules example](examples/default-rules.js) section for more information.\n\n## Issue Reporting\n\nIf you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n## Author\n\n[Auth0](https://auth0.com)\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n\n\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff?ref=badge_large)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fpassword-sheriff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fpassword-sheriff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fpassword-sheriff/lists"}