{"id":24941373,"url":"https://github.com/wtower/xkcd-pass-plus","last_synced_at":"2025-09-04T15:38:42.606Z","repository":{"id":57401623,"uuid":"76117684","full_name":"Wtower/xkcd-pass-plus","owner":"Wtower","description":"Password generator based on XKCD.","archived":false,"fork":false,"pushed_at":"2017-07-15T04:09:18.000Z","size":14,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-23T12:27:44.587Z","etag":null,"topics":["entropy","password-generator","xkcdpass"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Wtower.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-10T14:32:31.000Z","updated_at":"2021-06-06T20:18:18.000Z","dependencies_parsed_at":"2022-09-15T18:31:43.208Z","dependency_job_id":null,"html_url":"https://github.com/Wtower/xkcd-pass-plus","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/Wtower/xkcd-pass-plus","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wtower%2Fxkcd-pass-plus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wtower%2Fxkcd-pass-plus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wtower%2Fxkcd-pass-plus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wtower%2Fxkcd-pass-plus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Wtower","download_url":"https://codeload.github.com/Wtower/xkcd-pass-plus/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wtower%2Fxkcd-pass-plus/sbom","scorecard":{"id":152516,"data":{"date":"2025-08-11","repo":{"name":"github.com/Wtower/xkcd-pass-plus","commit":"ed061179dacd45447ff60dd115582a2340271020"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T11:05:04.178Z","repository_id":57401623,"created_at":"2025-08-16T11:05:04.178Z","updated_at":"2025-08-16T11:05:04.178Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273632385,"owners_count":25140766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["entropy","password-generator","xkcdpass"],"created_at":"2025-02-02T18:22:31.768Z","updated_at":"2025-09-04T15:38:42.576Z","avatar_url":"https://github.com/Wtower.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"xkcd-pass-plus\n==============\n\n[![NPM version][npm-image]][npm-url] \n[![Build Status][travis-image]][travis-url] \n[![Coverage Status](https://coveralls.io/repos/github/Wtower/xkcd-pass-plus/badge.svg?branch=master)](https://coveralls.io/github/Wtower/xkcd-pass-plus?branch=master) \n[![npm](https://img.shields.io/npm/dt/xkcd-pass-plus.svg?maxAge=2592000)](https://www.npmjs.com/package/xkcd-pass-plus)\n\n[npm-image]: https://badge.fury.io/js/xkcd-pass-plus.svg\n[npm-url]: https://npmjs.org/package/xkcd-pass-plus\n[travis-image]: https://travis-ci.org/Wtower/xkcd-pass-plus.svg?branch=master\n[travis-url]: https://travis-ci.org/Wtower/xkcd-pass-plus\n\nPassword generator based on XKCD.\n\nThis module is inspired by a [XKCD comic](http://xkcd.com/936/). \nIt generates a safe and memorable password based on a combinations of english words.\n\nUsage as a module\n-----------------\n\n### Installation\n\n    $ npm install -S xkcd-pass-plus\n\n### Usage\n\n    var generate = require('xkcd-pass-plus');\n    var pass = generate(options).pass;\n\n### Options\n\n```\nvar defaultOptions = {\n  words: {\n    dictionary: 'mixed', // xkcd (2k, most memorable) or letterpress (270k) or mixed\n    num: 4, // number of words to generate\n    min: 4, // minimum length of each word\n    max: 8 // maximum length of each word\n  },\n  separator: '-', // how to join words\n  paddingDigits: { // how many digits to add before and after the pass \n    before: 0,\n    after: 1 \n  },\n  paddingSymbols: { // how many symbols to add before and after the pass\n    symbols: '!@#$%^\u0026*()', // which symbols\n    before: 0,\n    after: 1\n  }\n};\n```\n\n### Output\n\nRetuns an object as follows:\n\n```\n{ \n  pass: 'beginning-straight-LAST-BROKEN-1!',\n  entropy: 149,\n  blindEntropy: 202,\n  rating: { \n    min: 128,\n    max: 1024,\n    rate: 'very strong',\n    comment: 'often overkill' \n  } \n}\n```\n\nThe return object contains the generated password with additional information on the password's \nentropy and strength rating.\n\nUsage with CLI\n--------------\n\n### Installation\n\n    $ npm install -g xkcd-pass-plus\n\n### Usage and options\n\n```\n$ xkcd-pass-plus -h\nusage: xkcd-pass-plus [-h] [-v] [-d DICTIONARY] [-w WORD_NUM] \n                      [--word-min WORD_MIN] [--word-max WORD_MAX]\n                      [-s SEPARATOR] [--pad-digit-before PAD_DIGIT_BEFORE]\n                      [--pad-digit-after PAD_DIGIT_AFTER]\n                      [--pad-symbols PAD_SYMBOLS]\n                      [--pad-symbol-before PAD_SYMBOL_BEFORE]\n                      [--pad-symbol-after PAD_SYMBOL_AFTER]\n                      \n\nPassword generator based on XKCD.\n\nOptional arguments:\n  -h, --help            Show this help message and exit.\n  -v, --version         Show program's version number and exit.\n  -d DICTIONARY, --dictionary DICTIONARY\n                        `xkcd` (2k, most memorable), `letterpress` (270k) or \n                        `mixed`.\n  -w WORDS, --word-num WORD_NUM\n                        Number of words to generate.\n  --word-min WORD_MIN   Minimum length of each word.\n  --word-max WORD_MAX   Maximum length of each word.\n  -s SEPARATOR, --separator SEPARATOR\n                        How to join words.\n  --pad-digit-before PAD_DIGIT_BEFORE\n                        How many digits to add before the pass.\n  --pad-digit-after PAD_DIGIT_AFTER\n                        How many digits to add after the pass.\n  --pad-symbols PAD_SYMBOLS\n                        Which symbols to use in padding.\n  --pad-symbol-before PAD_SYMBOL_BEFORE\n                        How many symbols to add before the pass.\n  --pad-symbol-after PAD_SYMBOL_AFTER\n                        How many symbols to add after the pass.\n```\n\n### Output\n\n```\n$ xkcd-pass-plus\nPassword generator based on XKCD.\nGenerated password: [ smaller-NEVER-ORDINARY-FINGER-4^ ] \nEntropy: 138\nBlind entropy: 196\nRating: very strong: often overkill\n```\n\nSecurity\n--------\n\nA word on the password strength. Obviously this is a huge area to cover properly.\nIt is arguable how much more memorable is such a password, and if it is equally strong \nwith a long random character pass. The former is quite subjective, but obviously it is\nin the author's range of fanciness. And also to mention that is easier to type.\nThe latter requires some explanation.\n\nThe password strength can be expressed with its entropy number, which is nothing more than\na number that is based on the range of characters used and the length of the password.\nAs computers grow stronger, it is increasingly easier to brute-force passwords with\nsmaller entropy numbers. Therefore, the strength rating based on the entropy is relevant,\nbut an entropy of 64+ is quite good currently.\n \nThe blind entropy refers to the possibility that the attacker has absolutely no idea about\nthe form of our password. The (not blind) entropy refers to a more distant but sage assumption that the\nattacker knows the exact range of characters used. The algorithm's rating is based on the latter.\n\nHere we need to make the argument about what happens when the attacker brute-forces using a\ndictionary. Then the entropy calculation based on the range of characters no longer applies.\nObviously the entropy relates to the range of dictionary words and the number of words used.\n\nThe XKCD dictionary is approximately a bit more than 2000 words. 2000^4 combinations would \nresult to a small entropy. If only the attacker knew that this is the dictionary on which \na user based his or her password.\n\nFor this reason, an additional dictionary based on Letterpress is offered, which contains\n270k words. This reduces the possibility of a brute-force greatly, but also the memorability.\nThus the default method is a combination of the two dictionaries.\n\nTests\n-----\n\nHow can we be sure that the password produced is safe. Well, we cannot be 100% sure.\nThe module includes some automated tests that produce 10000 passwords and it requires that\nall of them have at least 60 bits of entropy. Very rarely the entropy dropped below 80.\nYou are free to conduct your own CPU-intensive tests.\n\nAlternatives\n------------\n\nThis module used in memory (array) dictionary, and in future an additional dictionary module that\nis based on sync file read.\n\nThe [node-xkcd-password](https://github.com/fardog/node-xkcd-password) package with async methods\nbut fewer tests.\n\nDisclaimer\n----------\n\nThe author is not at all responsible for any loss of any kind that may result from the\nuse of this module whatsoever.\n\nLicense\n-------\n\nMIT © [Wtower](https://github.com/Wtower)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwtower%2Fxkcd-pass-plus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwtower%2Fxkcd-pass-plus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwtower%2Fxkcd-pass-plus/lists"}