{"id":50901689,"url":"https://github.com/didrod205/entropass","last_synced_at":"2026-06-16T03:04:41.651Z","repository":{"id":361979968,"uuid":"1254309304","full_name":"didrod205/entropass","owner":"didrod205","description":"Generate strong, bias-free passwords (random/pronounceable/PIN) and measure strength — entropy \u0026 crack time — 100% locally. Zero deps. Web app + library.","archived":false,"fork":false,"pushed_at":"2026-06-02T03:24:08.000Z","size":54,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-02T05:12:22.008Z","etag":null,"topics":["crypto","csprng","entropy","passphrase","password","password-generator","password-strength","secure-random","security","zero-dependency"],"latest_commit_sha":null,"homepage":"https://didrod205.github.io/entropass/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/didrod205.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://elab-studio.lemonsqueezy.com/checkout/buy/5d059b89-51d0-456b-b33a-ed56994f7010"]}},"created_at":"2026-05-30T12:05:55.000Z","updated_at":"2026-06-02T03:24:10.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/didrod205/entropass","commit_stats":null,"previous_names":["didrod205/entropass"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/didrod205/entropass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/didrod205%2Fentropass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/didrod205%2Fentropass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/didrod205%2Fentropass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/didrod205%2Fentropass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/didrod205","download_url":"https://codeload.github.com/didrod205/entropass/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/didrod205%2Fentropass/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34388682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","csprng","entropy","passphrase","password","password-generator","password-strength","secure-random","security","zero-dependency"],"created_at":"2026-06-16T03:04:41.582Z","updated_at":"2026-06-16T03:04:41.643Z","avatar_url":"https://github.com/didrod205.png","language":"TypeScript","funding_links":["https://elab-studio.lemonsqueezy.com/checkout/buy/5d059b89-51d0-456b-b33a-ed56994f7010"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# 🔐 entropass\n\n### Generate strong, bias-free passwords — and actually measure their strength. Locally.\n\n[![npm version](https://img.shields.io/npm/v/entropass.svg?color=success)](https://www.npmjs.com/package/entropass)\n[![bundle size](https://img.shields.io/bundlephobia/minzip/entropass?label=gzip)](https://bundlephobia.com/package/entropass)\n[![CI](https://github.com/didrod205/entropass/actions/workflows/ci.yml/badge.svg)](https://github.com/didrod205/entropass/actions/workflows/ci.yml)\n[![types](https://img.shields.io/npm/types/entropass.svg)](https://www.npmjs.com/package/entropass)\n[![license](https://img.shields.io/npm/l/entropass.svg)](./LICENSE)\n\n**[🌐 Try the free web app →](https://didrod205.github.io/entropass/)** \u0026nbsp;·\u0026nbsp; generate \u0026 test passwords in your browser. Nothing is ever sent anywhere.\n\n\u003c/div\u003e\n\n---\n\nTwo uncomfortable truths about passwords:\n\n1. **Most online password generators are a terrible idea.** You're asking a\n   stranger's server to mint (and potentially log) your secret. A password tool\n   should run on *your* machine.\n2. **Most password code is subtly insecure.** The everyday `chars[random % chars.length]`\n   has **modulo bias** — some characters become more likely than others, shrinking\n   the real keyspace. It \"looks random,\" but it isn't uniform.\n\n**entropass** fixes both. It uses the platform CSPRNG with **rejection sampling**\nfor truly uniform, bias-free output, tells you the **exact entropy and crack\ntime** of what it makes, and runs **100% locally** — zero dependencies, no\nnetwork, no API key.\n\n\u003e 📸 _Screenshot / demo GIF:_ `./web/screenshot.png` — record the [live app](https://didrod205.github.io/entropass/) generating a password and the strength bar reacting to options.\n\n## Why it exists\n\n- **AI can't do this.** A language model literally cannot produce\n  cryptographically secure randomness — its output is predictable. Secure\n  passwords must come from a CSPRNG, generated correctly. That's a precise,\n  security-critical job for a small, audited tool.\n- **Bias-free by construction.** Rejection sampling removes the modulo bias that\n  plagues naive generators, so every character is equally likely.\n- **It quantifies strength.** Not a vague \"weak/strong\" guess — real entropy in\n  bits and an estimated crack time, so \"looks complex\" stops fooling anyone.\n\n## Who it's for\n\n**Everyone needs passwords:** developers (generate secrets/tokens/test fixtures\nwithout a heavy dep), designers, marketers, ops and creators making accounts\ndaily, and anyone who wants a trustworthy, **offline** generator.\n\n## Install\n\n**No install —** just open the **[web app](https://didrod205.github.io/entropass/)**.\n\n**Command line:**\n\n```bash\nnpx entropass -l 24 --symbols          # a strong 24-char password\nnpx entropass --pronounceable          # easier to type/remember\nnpx entropass strength \"hunter2\"       # rate an existing password\n```\n\n**Library:**\n\n```bash\nnpm install entropass\n```\n\nZero dependencies. ESM + CJS + TypeScript types. Runs in the browser, Node 20+, Deno and Bun.\n\n## CLI\n\n```bash\nentropass [options]            # generate (default: a strong 16-char password)\nentropass strength \u003cpassword\u003e  # rate it (label + crack-time)\n```\n\nOptions: `-l/--length`, `-n/--count`, `--symbols`, `--no-digits/uppercase/lowercase`,\n`--no-ambiguous`, `--pronounceable`, `--pin`, `--bits`. Uses a cryptographic RNG;\nnothing is transmitted.\n\n## Usage\n\n```ts\nimport { generate, generatePronounceable, generatePin, strength } from \"entropass\";\n\ngenerate({ length: 20, symbols: true });\n// { password: \"…\", entropyBits: 131.0, poolSize: 90 }\n\ngenerate({ length: 16, symbols: false, excludeAmbiguous: true });\n// no O/0, l/1/I … (easier to read \u0026 type)\n\ngeneratePronounceable({ length: 14 });   // { password: \"Kobiranuxe83\", … } — typeable\ngeneratePin(6);                          // { password: \"402915\", … }\n\nstrength(\"correct horse battery staple\");\n// { entropyBits: …, label: \"Strong\", poolSize: …, crackTime: { text: \"centuries\" } }\n```\n\n### Measure entropy \u0026 crack time\n\n```ts\nimport { entropyBits, estimateCrackTime, strength } from \"entropass\";\n\nentropyBits(94, 16);            // 104.87  (length × log2(pool))\nestimateCrackTime(80).text;     // human-readable estimate\nstrength(\"Password123!\").label; // honest assessment (patterns are discounted)\n```\n\n### Unbiased randomness primitives\n\n```ts\nimport { randomInt, randomItem, shuffle } from \"entropass\";\n\nrandomInt(6);                    // 0–5, uniform, no modulo bias\nrandomItem([\"a\", \"b\", \"c\"]);\nshuffle([1, 2, 3, 4, 5]);        // secure Fisher–Yates\n```\n\n## API\n\n| Function | Description |\n| -------- | ----------- |\n| `generate(options?)` | Random password; returns `{ password, entropyBits, poolSize }`. |\n| `generatePronounceable(options?)` | Typeable consonant/vowel password. |\n| `generatePin(length?)` | Numeric PIN. |\n| `strength(password, gps?)` | Estimate entropy, label \u0026 crack time of any password. |\n| `entropyBits(poolSize, length)` | Entropy for a uniform secret. |\n| `estimateCrackTime(bits, gps?)` | Average crack time at `gps` guesses/sec. |\n| `randomInt` / `randomItem` / `shuffle` | Bias-free CSPRNG primitives. |\n\n`GenerateOptions`: `length`, `lowercase`, `uppercase`, `digits`, `symbols`,\n`excludeAmbiguous`, `excludeChars`, `requireEachClass`.\n\n## FAQ\n\n**Is my password sent anywhere?**\nNo. Generation and strength checks happen entirely on your device — no server, no\ntelemetry, works offline. (That's the whole point.)\n\n**What's \"modulo bias\" and why should I care?**\nIf you map a random 32-bit number into an alphabet with `value % length`, and the\nalphabet size doesn't divide 2³², lower indices get chosen slightly more often.\nentropass rejects out-of-range samples so every character is equally likely.\n\n**How is crack time estimated?**\nAverage guesses (half the keyspace) divided by an attacker's rate (default 10\nbillion guesses/sec, a fast offline attack). It's an estimate to build intuition,\nnot a guarantee.\n\n**How accurate is the strength meter for my own password?**\nIt estimates the character pool and discounts obvious repeats and sequences\n(`aaaa`, `abc123`). It's a lightweight, dependency-free model — directional, not a\nsubstitute for not reusing passwords and using a manager.\n\n**Should I still use a password manager?**\nYes! entropass generates strong secrets; a manager stores them. Great together.\n\n## Contributing\n\nContributions welcome! See [CONTRIBUTING.md](./CONTRIBUTING.md) and the\n[Code of Conduct](./CODE_OF_CONDUCT.md).\n\n```bash\ngit clone https://github.com/didrod205/entropass.git\ncd entropass\nnpm install\nnpm test          # run the suite\nnpm run dev       # run the web app locally\n```\n\n## 💖 Sponsor\n\nentropass is free, MIT-licensed, and built in spare time. If it gave you\npasswords you can trust, please consider supporting it:\n\n- ⭐ **Star this repo** — free, and it genuinely helps others find it.\n- 🍋 **[Sponsor via Lemon Squeezy](https://elab-studio.lemonsqueezy.com/checkout/buy/5d059b89-51d0-456b-b33a-ed56994f7010)** — one-time or recurring support.\n\n**Where your support goes:** a wordlist-based passphrase mode (EFF diceware),\na stronger pattern-aware strength model, a CLI, a browser-extension build,\nkeeping the free web app online, and fast issue responses.\n\n## License\n\n[MIT](./LICENSE) © entropass contributors\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdidrod205%2Fentropass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdidrod205%2Fentropass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdidrod205%2Fentropass/lists"}