Package Exports
- secure-auth-helper
- secure-auth-helper/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (secure-auth-helper) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
๐ Secure Auth Helper
A comprehensive security utility library for Node.js applications, providing password strength analysis, secure password generation, and email validation.
Features
๐ Password Security
- ๐ก๏ธ Pwned Password Checking: Privacy-preserving breach detection using HaveIBeenPwned API
- Advanced Password Strength Analysis: Multi-layered evaluation with realistic crack time estimation
- Smart Pattern Detection: Detects keyboard patterns, leet speak, dates, phone numbers, and statistical anomalies
- Cryptographically Secure Generation: Uses Node.js crypto for unpredictable password creation
- Multiple Attack Scenario Modeling: Online, offline, and fast offline crack time estimates
- Memorable Password Generation: Human-friendly passwords with customizable word patterns
๐ง Email Validation
- Comprehensive Email Validation: RFC-compliant syntax, domain, and deliverability checking
- Disposable Email Detection: 70,000+ disposable email providers from actively maintained database
- Role-based Email Detection: Identifies organizational emails (admin@, support@, etc.)
- DNS Verification: Domain existence and MX record validation
- Smart Scoring System: 0-100 scoring with actionable suggestions
- Batch Processing: Validate multiple emails efficiently
๐ Developer Experience
- ๐ฅ๏ธ Command Line Interface: Direct CLI tools for password and email checking
- High Performance: 140ฮผs per generation, 40ฮผs per analysis - suitable for high-throughput applications
- TypeScript Support: Complete type definitions with IntelliSense support
- Zero Dependencies: Lightweight with no external dependencies
- Comprehensive Testing: 100+ tests ensuring reliability
Installation
npm install secure-auth-helper
Quick Start
import {
checkPasswordStrength,
generatePassword,
validateEmail
} from 'secure-auth-helper';
// Check password strength
const result = checkPasswordStrength('myPassword123!');
console.log(result);
// {
// score: 4,
// verdict: "strong",
// suggestions: ["Consider using 12+ characters for better security"],
// crackTime: {
// online: { humanReadable: "77 thousand years", attackScenario: "online" },
// offline: { humanReadable: "8 years", attackScenario: "offline" },
// offlineFast: { humanReadable: "29 days", attackScenario: "offline_fast" }
// }
// }
// Generate a secure password
const password = generatePassword({
length: 16,
numbers: true,
symbols: true,
uppercase: true,
lowercase: true
});
console.log(password); // "Xz!7jLmR$1@qN9pK"
// Validate email address
const emailResult = await validateEmail('user@example.com');
console.log(emailResult);
// {
// email: "user@example.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: true,
// mailbox_exists: true,
// is_disposable: false,
// is_role_based: false
// },
// score: 90,
// status: "VALID"
// }๐ฅ๏ธ Command Line Interface
Password Breach Checking
Check any password for breaches directly from the command line:
# Direct usage
node checkPwned.js password123
# ๐จ PWNED: Found 918,824 times in data breaches
# Using npm script
npm run check-pwned "MySecurePassword123!"
# โ
Not found in known data breaches
# Without arguments shows help
node checkPwned.js
# Usage: node checkPwned.js <password>Email Validation CLI
Comprehensive email validation with detailed analysis:
# Direct usage
node checkEmail.js
# ๐ Email Validation Demo - Interactive validation of test emails
# Using npm script
npm run check-email
# Shows validation results for sample emails including disposable detectionCLI Features
- Privacy-Preserving: Uses k-anonymity - only first 5 SHA-1 hash characters sent to API
- Real-time Data: Checks against HaveIBeenPwned and disposable email databases
- Comprehensive Analysis: Domain validation, MX records, disposable/role-based detection
- Clear Output: Shows detailed validation results and suggestions
- Error Handling: Graceful network error handling
Password Strength Checker
Basic Usage
import { PasswordChecker, checkPasswordStrength } from 'secure-auth-helper';
// Synchronous (backward compatible)
const result = PasswordChecker.checkPassword('MySecurePassword123!');
// OR using convenience function
const result = checkPasswordStrength('MySecurePassword123!');
// Asynchronous with pwned checking
const resultWithPwned = await PasswordChecker.checkPasswordWithPwnedCheck('MySecurePassword123!');Return Format
Synchronous Methods (checkPassword, checkPasswordStrength):
interface PasswordStrengthResult {
score: number; // 0-5 scale
verdict: "weak" | "medium" | "strong" | "very strong";
suggestions: string[]; // Array of improvement suggestions
crackTime: {
online: CrackTimeEstimate; // Online attack (1K attempts/sec)
offline: CrackTimeEstimate; // Offline attack (100B attempts/sec)
offlineFast: CrackTimeEstimate; // Fast offline (10T attempts/sec)
};
}Asynchronous Methods (checkPasswordWithPwnedCheck):
interface PasswordStrengthResultWithPwned extends PasswordStrengthResult {
pwnedCheck: {
isPwned: boolean; // True if found in breaches
breachCount: number | null; // Times found in breaches
errorMessage?: string; // Error if API call failed
};
}Common Interface:
interface CrackTimeEstimate {
seconds: number;
humanReadable: string; // "5 years", "3 months", "instantly"
attackScenario: string;
}Examples
// Weak password
checkPasswordStrength('password');
// {
// score: 0,
// verdict: "weak",
// suggestions: [
// "Avoid common passwords - use a unique combination",
// "Use at least 8 characters",
// "Add uppercase letters (A-Z)",
// "Add numbers (0-9)",
// "Add special characters (!@#$%^&*)"
// ],
// crackTime: {
// online: { seconds: 0, humanReadable: "instantly", attackScenario: "online" },
// offline: { seconds: 0, humanReadable: "instantly", attackScenario: "offline" },
// offlineFast: { seconds: 0, humanReadable: "instantly", attackScenario: "offline_fast" }
// }
// }
// Strong password
checkPasswordStrength('MyV3ry$tr0ngP@ssw0rd!');
// {
// score: 5,
// verdict: "very strong",
// suggestions: [
// "Great password! Consider using a password manager for unique passwords across all accounts"
// ],
// crackTime: {
// online: { seconds: 1.38e+25, humanReadable: "4.3 quintillion billion years", attackScenario: "online" },
// offline: { seconds: 1.38e+17, humanReadable: "438 trillion years", attackScenario: "offline" },
// offlineFast: { seconds: 1.38e+15, humanReadable: "4.4 billion years", attackScenario: "offline_fast" }
// }
// }
// Pattern detection example
checkPasswordStrength('qwerty123');
// {
// score: 0,
// verdict: "weak",
// suggestions: ["Avoid common passwords - use a unique combination"],
// crackTime: {
// online: { seconds: 0, humanReadable: "instantly", attackScenario: "online" }
// // ... offline times also "instantly" due to pattern detection
// }
// }Strength Criteria
The password checker evaluates:
- Length: Minimum 8 characters recommended, 12+ preferred
- Character Variety: Uppercase, lowercase, numbers, symbols
- Common Passwords: Checks against database of 100+ weak passwords and variations
- Advanced Pattern Detection:
- Keyboard Patterns: qwerty, asdf, 123456, etc.
- Leet Speak: Converts p@ssw0rd โ password for analysis
- Date Patterns: Years (1990-2024), MM/DD/YYYY formats
- Phone Numbers: Various formats (555-1234, (555) 123-4567)
- Repeating Substrings: abcabc, 123123, etc.
- Sequential Characters: abc, 123, qwe sequences
- Statistical Analysis: Character transition patterns and alternating sequences
- Smart Attack Modeling: Dictionary attacks, mask attacks, hybrid attacks
- Entropy Calculation: Realistic randomness assessment with pattern penalties
- Crack Time Estimation: Based on current hardware capabilities (2024)
Crack Time Estimation
The password checker provides realistic crack time estimates for three attack scenarios:
Attack Scenarios
- Online Attacks (1,000 attempts/sec): Rate-limited attacks against live systems
- Offline Attacks (100 billion attempts/sec): Attacks against stolen password hashes with modern GPUs
- Fast Offline Attacks (10 trillion attempts/sec): High-end cloud computing or ASIC attacks
Smart Attack Modeling
The estimation considers how real attackers work:
- Dictionary attacks first: Common passwords crack instantly
- Hybrid attacks: Dictionary words + number/symbol variations
- Mask attacks: Targeted patterns for dates, phones, etc.
- Pattern optimization: Keyboard walks, repeated sequences
const result = checkPasswordStrength('Winter2023!');
console.log(result.crackTime.online.humanReadable); // "7650 billion years"
console.log(result.crackTime.offline.humanReadable); // "77 thousand years"
console.log(result.crackTime.offlineFast.humanReadable); // "765 years"Password Generator
Basic Usage
import { PasswordGenerator } from 'secure-auth-helper';
// Generate with default options (12 chars, all types)
const password = PasswordGenerator.generatePassword();
// Generate with custom options
const customPassword = PasswordGenerator.generatePassword({
length: 16,
numbers: true,
symbols: true,
uppercase: true,
lowercase: true,
excludeSimilar: true // Excludes 0, O, 1, l, I, |
});Configuration Options
interface GeneratePasswordOptions {
length?: number; // Default: 12
numbers?: boolean; // Default: true
symbols?: boolean; // Default: true
uppercase?: boolean; // Default: true
lowercase?: boolean; // Default: true
excludeSimilar?: boolean; // Default: false
}Advanced Generation
// Generate the strongest possible password from multiple candidates
const strongPassword = PasswordGenerator.generateStrongPassword({
length: 20,
excludeSimilar: true
});
// Generate memorable password (word-based)
const memorablePassword = PasswordGenerator.generateMemorablePassword(4, true, true);
// Example: "Brave-Ocean-Tiger-Music-47!"Memorable Passwords
For passwords that are easier to remember:
import { generateMemorablePassword } from 'secure-auth-helper';
// Generate with default options (4 words + number + symbol)
const password = generateMemorablePassword();
// "Correct-Horse-Battery-Staple-73!"
// Customize word count and additions
const customPassword = generateMemorablePassword(
3, // word count
true, // add numbers
false // exclude symbols
);
// "Apple-River-Knight-42"Email Validation
Basic Usage
import { EmailChecker, validateEmail, isValidEmailSyntax } from 'secure-auth-helper';
// Quick syntax validation (synchronous)
const isValid = isValidEmailSyntax('user@example.com');
console.log(isValid); // true
// Comprehensive validation (asynchronous)
const result = await validateEmail('user@example.com');
console.log(result);Return Format
interface EmailValidationResult {
email: string; // Normalized email address
validations: {
syntax: boolean; // RFC-compliant format
domain_exists: boolean; // Domain DNS lookup
mx_records: boolean; // Mail server records
mailbox_exists: boolean; // Mailbox accessibility
is_disposable: boolean; // Temporary email service
is_role_based: boolean; // Organizational email (admin@, support@)
};
score: number; // 0-100 validation score
status: "VALID" | "INVALID";
suggestions?: string[]; // Improvement recommendations
}Examples
// Valid business email
await validateEmail('john.doe@company.com');
// {
// email: "john.doe@company.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: true,
// mailbox_exists: true,
// is_disposable: false,
// is_role_based: false
// },
// score: 90,
// status: "VALID"
// }
// Disposable email detection
await validateEmail('test@10minutemail.com');
// {
// email: "test@10minutemail.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: false,
// mailbox_exists: false,
// is_disposable: true, // Detected as disposable
// is_role_based: false
// },
// score: 35,
// status: "INVALID",
// suggestions: [
// "This appears to be a disposable/temporary email address. Consider using a permanent email address."
// ]
// }
// Role-based email detection
await validateEmail('admin@company.com');
// {
// validations: {
// is_role_based: true, // Detected as organizational
// // ... other validations
// },
// suggestions: [
// "This appears to be a role-based email address. Consider using a personal email address if required."
// ]
// }Advanced Features
// Batch email validation
const emails = ['user1@domain.com', 'user2@domain.com', 'invalid-email'];
const results = await validateEmails(emails);
console.log(results); // Array of EmailValidationResult
// Class-based usage for advanced scenarios
const checker = new EmailChecker();
const result = await EmailChecker.validateEmail('test@example.com');
// Quick syntax-only validation for performance-critical scenarios
const syntaxValid = EmailChecker.isValidEmailSyntax('user@domain.com');Validation Criteria
The email validator performs comprehensive checks:
Syntax Validation
- RFC 5322 compliant format checking
- Local part length validation (โค64 characters)
- Domain length validation (โค253 characters)
- Special character and dot placement rules
- Unicode character support
Domain Verification
- DNS lookup to verify domain existence
- MX record checking for mail server availability
- Timeout handling for network requests
Disposable Email Detection
- 70,000+ Domain Database: Regularly updated from GitHub repository
- Smart Caching: 24-hour cache with automatic refresh
- Fallback Protection: Works offline with basic detection
- Common Providers: 10minutemail, mailinator, guerrillamail, etc.
Role-based Email Detection
- 60+ Role Patterns: admin, support, info, sales, etc.
- Smart Pattern Matching: Handles variations (admin1, support-team)
- Organizational Context: Identifies non-personal email addresses
Scoring System
- Syntax (30 points): Valid email format
- Domain Exists (25 points): DNS verification
- MX Records (20 points): Mail server availability
- Mailbox Exists (15 points): Estimated deliverability
- Disposable Penalty (-20 points): Temporary email services
- Role-based Penalty (-10 points): Organizational emails
Integration Examples
// User registration validation
app.post('/register', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
if (validation.status === 'INVALID') {
return res.status(400).json({
error: 'Invalid email address',
suggestions: validation.suggestions
});
}
if (validation.validations.is_disposable) {
return res.status(400).json({
error: 'Disposable email addresses are not allowed'
});
}
// Proceed with registration
});
// Newsletter signup with quality scoring
app.post('/newsletter', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
// Only accept high-quality emails
if (validation.score < 70) {
return res.status(400).json({
error: 'Please provide a valid, permanent email address',
score: validation.score
});
}
// Add to newsletter
});Security Features
Cryptographically Secure Random Generation
The library uses Node.js's crypto.randomBytes() for secure random number generation, ensuring passwords are unpredictable.
Common Password Detection
Checks against a comprehensive list of common weak passwords including:
- Numeric sequences (123456, etc.)
- Common words (password, admin, etc.)
- Keyboard patterns (qwerty, asdfgh, etc.)
- Date patterns and simple variations
Entropy Calculation
Passwords are evaluated for entropy based on:
- Character set size
- Password length
- Pattern detection and statistical analysis
- Advanced attack modeling and keyspace reduction
- Real-world password cracking techniques
Performance
Designed for high-throughput applications:
- Password Generation: ~140 microseconds per password
- Password Analysis: ~40 microseconds per analysis
- 100% Uniqueness: Cryptographically secure randomness
- Memory Efficient: Suitable for bulk operations
- Thread Safe: Safe for concurrent usage
// Generate 1000 passwords efficiently
const passwords = Array.from({ length: 1000 }, () =>
generatePassword({ length: 16 })
);
// Analyze 1000 passwords rapidly
passwords.forEach(password => {
const strength = checkPasswordStrength(password);
// Processing completes in milliseconds
});TypeScript Support
Full TypeScript definitions are included:
import {
// Password types
PasswordStrengthResult,
PwnedCheckResult,
GeneratePasswordOptions,
PasswordVerdict,
// Email validation types
EmailValidationResult,
EmailValidations,
EmailStatus
} from 'secure-auth-helper';
// Password validation (synchronous)
const checkResult: PasswordStrengthResult = checkPasswordStrength('test');
// Password validation with breach checking (asynchronous)
const pwnedResult: Promise<PasswordStrengthResult & {pwnedCheck: PwnedCheckResult}> =
checkPasswordStrengthWithPwnedCheck('test');
// Password generation
const options: GeneratePasswordOptions = { length: 16, symbols: false };
// Email validation (asynchronous)
const emailResult: Promise<EmailValidationResult> = validateEmail('test@example.com');
// Email validation result structure
const result: EmailValidationResult = {
email: 'test@example.com',
validations: {
syntax: true,
domain_exists: true,
mx_records: true,
mailbox_exists: true,
is_disposable: false,
is_role_based: false
},
score: 90,
status: 'VALID'
};๐ Backward Compatibility
โ Existing users are NOT affected by v1.1.0 updates!
All existing code continues to work exactly as before:
// v1.0.x code continues to work unchanged
import { checkPasswordStrength, generatePassword } from 'secure-auth-helper';
const result = checkPasswordStrength('myPassword123!');
console.log(result.score, result.verdict); // Same as before
const password = generatePassword({ length: 12 });
// All existing functionality preservedThe new pwned password checking is opt-in only via new methods:
checkPasswordStrengthWithPwnedCheck()- Async with breach checkingcheckIfPasswordPwned()- Standalone breach checking
API Reference
Password Checker (Synchronous - Original)
| Method | Parameters | Returns | Description |
|---|---|---|---|
checkPasswordStrength(password) |
string |
PasswordStrengthResult |
Analyzes password strength (sync) |
PasswordChecker.checkPassword(password) |
string |
PasswordStrengthResult |
Class method for password analysis (sync) |
Password Checker (Asynchronous - v1.1.0)
| Method | Parameters | Returns | Description |
|---|---|---|---|
checkPasswordStrengthWithPwnedCheck(password) |
string |
Promise<PasswordStrengthResultWithPwned> |
Analyzes with breach checking (async) |
PasswordChecker.checkPasswordWithPwnedCheck(password) |
string |
Promise<PasswordStrengthResultWithPwned> |
Class method with breach checking (async) |
checkIfPasswordPwned(password) |
string |
Promise<PwnedCheckResult> |
Standalone breach checking (async) |
Password Generator
| Method | Parameters | Returns | Description |
|---|---|---|---|
generatePassword(options?) |
GeneratePasswordOptions |
string |
Generates secure random password |
generateStrongPassword(options?) |
GeneratePasswordOptions |
string |
Generates optimized strong password |
generateMemorablePassword(wordCount?, addNumbers?, addSymbols?) |
number, boolean, boolean |
string |
Generates word-based password |
Email Validation (New in v1.2.0)
| Method | Parameters | Returns | Description |
|---|---|---|---|
validateEmail(email) |
string |
Promise<EmailValidationResult> |
Comprehensive email validation (async) |
validateEmails(emails) |
string[] |
Promise<EmailValidationResult[]> |
Batch email validation (async) |
isValidEmailSyntax(email) |
string |
boolean |
Quick syntax validation (sync) |
EmailChecker.validateEmail(email) |
string |
Promise<EmailValidationResult> |
Class method for email validation (async) |
EmailChecker.isValidEmailSyntax(email) |
string |
boolean |
Class method for syntax validation (sync) |
EmailChecker.validateEmails(emails) |
string[] |
Promise<EmailValidationResult[]> |
Class method for batch validation (async) |
Examples
Web Application Integration
// User registration validation with password and email checking
app.post('/register', async (req, res) => {
const { email, password } = req.body;
// Validate password strength
const passwordStrength = checkPasswordStrength(password);
if (passwordStrength.score < 3) {
return res.status(400).json({
error: 'Password too weak',
suggestions: passwordStrength.suggestions
});
}
// Validate email comprehensively
const emailValidation = await validateEmail(email);
if (emailValidation.status === 'INVALID') {
return res.status(400).json({
error: 'Invalid email address',
suggestions: emailValidation.suggestions
});
}
// Block disposable emails for user accounts
if (emailValidation.validations.is_disposable) {
return res.status(400).json({
error: 'Disposable email addresses are not allowed for registration'
});
}
// Proceed with registration
});
// Password reset with secure generation
app.post('/reset-password', (req, res) => {
const temporaryPassword = generatePassword({
length: 12,
excludeSimilar: true
});
// Send secure temporary password
});
// Newsletter signup with quality filtering
app.post('/newsletter', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
// Accept disposable emails for newsletters but track quality
if (validation.score < 50) {
return res.status(400).json({
error: 'Please provide a valid email address',
score: validation.score
});
}
// Add to newsletter with quality score for segmentation
await addToNewsletter(email, validation.score);
});CLI Tool
#!/usr/bin/env node
import { checkPasswordStrength, generatePassword, validateEmail } from 'secure-auth-helper';
const [,, action, input] = process.argv;
if (action === 'check-password' && input) {
const result = checkPasswordStrength(input);
console.log(`Score: ${result.score}/5`);
console.log(`Verdict: ${result.verdict}`);
console.log('Suggestions:', result.suggestions.join(', '));
} else if (action === 'check-email' && input) {
validateEmail(input).then(result => {
console.log(`Email: ${result.email}`);
console.log(`Score: ${result.score}/100`);
console.log(`Status: ${result.status}`);
console.log(`Disposable: ${result.validations.is_disposable ? 'Yes' : 'No'}`);
console.log(`Role-based: ${result.validations.is_role_based ? 'Yes' : 'No'}`);
if (result.suggestions) {
console.log('Suggestions:', result.suggestions.join(', '));
}
});
} else if (action === 'generate') {
console.log(generatePassword({ length: 16 }));
} else {
console.log('Usage:');
console.log(' node cli.js check-password <password>');
console.log(' node cli.js check-email <email>');
console.log(' node cli.js generate');
}Testing
Run the comprehensive test suite:
npm testThe package includes 100+ comprehensive tests covering:
Core Functionality
- Password strength evaluation across all scoring criteria
- Password generation algorithms with all option combinations
- Memorable password generation with various configurations
- Email validation with all validation criteria
- TypeScript type definitions and API compatibility
Advanced Features
- Pattern detection (keyboard, leet speak, dates, phones)
- Statistical analysis and entropy calculation
- Crack time estimation accuracy
- Smart attack modeling verification
- Disposable email detection with 70,000+ domains
- Role-based email pattern matching
- DNS and MX record validation
Edge Cases & Reliability
- Unicode character handling in passwords and emails
- Very long password processing (200+ characters)
- Malformed email address handling
- Network error handling for email validation
- Boundary value testing
- Error handling for invalid inputs
- Performance testing with bulk operations
- Concurrent operation safety
Email Validation Testing
- RFC compliance validation
- Disposable email database accuracy
- Role-based email detection precision
- DNS timeout and error handling
- Batch validation performance
- Cache behavior and refresh logic
Test Results
- โ 102/102 tests passing
- โ 100% success rate
- โ All edge cases covered
- โ Production-ready reliability
Contributing
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
License
MIT License - see LICENSE file for details.
Security Notice
This library is designed for general-purpose password utilities. For high-security applications, consider additional measures such as:
- Server-side validation
- Rate limiting
- Account lockout policies
- Multi-factor authentication
- Professional security audit
Changelog
v1.2.0 (Latest)
- ๐ง Email Validation System: Comprehensive email validation with syntax, domain, and deliverability checking
- ๐๏ธ Disposable Email Detection: 70,000+ disposable email providers from actively maintained GitHub database
- ๐ข Role-based Email Detection: Identifies organizational emails (admin@, support@, etc.) with 60+ patterns
- ๐ DNS Verification: Domain existence and MX record validation with timeout handling
- ๐ Smart Scoring System: 0-100 email quality scoring with actionable suggestions
- โก Batch Processing: Efficient validation of multiple emails simultaneously
- ๐ฅ๏ธ Email CLI Tool: Command-line interface for email validation (
npm run check-email) - ๐ Smart Caching: 24-hour cache for disposable domains with automatic refresh
- ๐ฑ TypeScript Support: Complete type definitions for all email validation features
- ๐งช Comprehensive Testing: 40+ new tests covering all email validation scenarios
v1.1.1
- ๐ Enhanced Documentation: Clarified API behavior and method differences
- ๐ Backward Compatibility: Clear documentation that existing users are unaffected
- ๐ Improved Examples: Better TypeScript examples and usage patterns
v1.1.0
- ๐ก๏ธ Pwned Password Checking: HaveIBeenPwned API integration with privacy-preserving k-anonymity
- ๐ฅ๏ธ Command Line Interface: CLI tool for direct password breach checking
- Enhanced API: New async methods with full backward compatibility
- Comprehensive Testing: 65+ tests including pwned password functionality
- Enhanced Documentation: Comprehensive README with all advanced features showcased
- Complete API Documentation: Full TypeScript interfaces and crack time examples
- Performance Metrics: Added benchmarks and testing statistics
- Advanced Features Highlighting: Pattern detection, attack modeling, statistical analysis
v1.0.0
- Advanced Password Strength Analysis with 0-5 scoring system
- Smart Pattern Detection: Keyboard patterns, leet speak, dates, phone numbers
- Realistic Crack Time Estimation: Online, offline, and fast offline attack scenarios
- Cryptographically Secure Password Generation with flexible options
- Memorable Password Generation using word-based patterns
- High-Performance Implementation: 140ฮผs generation, 40ฮผs analysis
- Statistical Analysis Engine: Character transitions and alternating patterns
- Smart Attack Modeling: Dictionary, hybrid, and mask attack simulation
- Enhanced Common Password Database: 100+ entries with leet variations
- Complete TypeScript Support with comprehensive type definitions
- 58 Comprehensive Tests: 100% passing with full edge case coverage
- Unicode Character Support for international passwords
- Production-Ready Performance: Suitable for high-throughput applications