{"id":15292,"library":"zxcvbn-typescript","title":"zxcvbn-typescript","description":"The `zxcvbn-typescript` library offers a realistic and robust approach to password strength estimation, ported to TypeScript from Dan Wheeler's original zxcvbn project. It evaluates password quality by analyzing various patterns, including common words, names, dates, sequences, keyboard patterns, and leetspeak, providing a numerical score and targeted verbal feedback to guide users. The current stable version is 5.0.1. With its v5.0.0 release, the library was fully converted to TypeScript, enhancing type safety and maintainability for modern development environments. While a strict release cadence isn't defined, updates typically align with algorithm refinements or significant refactors. Its key differentiator remains its comprehensive pattern-matching capabilities, which often provide more nuanced security assessments than simpler entropy-based methods.","status":"active","version":"5.0.1","language":"javascript","source_language":"en","source_url":"https://github.com/trichards57/zxcvbn","tags":["javascript","password","passphrase","security","authentication","strength","meter","quality","estimation","typescript"],"install":[{"cmd":"npm install zxcvbn-typescript","lang":"bash","label":"npm"},{"cmd":"yarn add zxcvbn-typescript","lang":"bash","label":"yarn"},{"cmd":"pnpm add zxcvbn-typescript","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The primary zxcvbn function is typically a default export since v5.0.0, aligning with previous major versions of the zxcvbn project. Using a named import will result in `zxcvbn is not a function`.","wrong":"import { zxcvbn } from 'zxcvbn-typescript';","symbol":"zxcvbn","correct":"import zxcvbn from 'zxcvbn-typescript';"},{"note":"Importing the `ZXCVBNResult` type provides strong type checking for the object returned by the `zxcvbn` function. This type is generally exposed as a named export from the main module.","symbol":"ZXCVBNResult","correct":"import type { ZXCVBNResult } from 'zxcvbn-typescript';"},{"note":"While primarily an ESM-first library since v5.0.0 due to its TypeScript rewrite, CommonJS `require` is still supported in environments with proper interop. Be mindful of module resolution settings.","symbol":"zxcvbn (CommonJS)","correct":"const zxcvbn = require('zxcvbn-typescript');"}],"quickstart":{"code":"import zxcvbn from 'zxcvbn-typescript';\nimport type { ZXCVBNResult } from 'zxcvbn-typescript';\n\n/**\n * Evaluates a password's strength and logs detailed feedback.\n * @param password The password string to evaluate.\n * @param userInputs Optional array of strings (e.g., username, email) to penalize if found in the password.\n * @returns The detailed `ZXCVBNResult` object.\n */\nfunction evaluatePassword(password: string, userInputs: string[] = []): ZXCVBNResult {\n  const result = zxcvbn(password, userInputs);\n  \n  console.log(`Password: \"${password}\"`);\n  console.log(`Score (0-4): ${result.score}`);\n  console.log(`Estimated guesses: ${result.guesses.toLocaleString()}`);\n  console.log(`Feedback: ${result.feedback.warning || 'Looks good!'}`);\n  result.feedback.suggestions.forEach(suggestion => {\n    console.log(`- Suggestion: ${suggestion}`);\n  });\n\n  // Accessing various crack time estimations\n  console.log(`\\nCrack Times:`);\n  console.log(`  Online (throttled): ${result.crack_times_display.online_throttling_100_per_hour}`);\n  console.log(`  Offline (slow hash): ${result.crack_times_display.offline_slow_hashing_1e4_per_second}`);\n  \n  return result;\n}\n\n// Example usage with different password strengths and user inputs\nconst weakPassword = 'password123';\nconst moderatePassword = 'MySecretPassword1!';\nconst strongPassword = 'correct horse battery staple';\nconst userEmail = 'test@example.com';\nconst userName = 'JohnDoe';\n\nconsole.log('--- Evaluating Weak Password ---');\nevaluatePassword(weakPassword, [userEmail, userName]);\n\nconsole.log('\\n--- Evaluating Moderate Password ---');\nevaluatePassword(moderatePassword, ['mysecret', 'password']);\n\nconsole.log('\\n--- Evaluating Strong Password ---');\nevaluatePassword(strongPassword, ['correcthorse']);\n","lang":"typescript","description":"Demonstrates how to import the `zxcvbn` function, evaluate a password, and interpret the returned strength score, guess estimations, and verbal feedback, including handling optional user inputs for enhanced security."},"warnings":[{"fix":"Ensure your project's `tsconfig.json` is correctly configured for TypeScript. If migrating from a pre-v5 JavaScript version, review your type usage and update imports to align with the new TypeScript-first approach. For CommonJS consumers, verify module resolution settings.","message":"Version 5.0.0 introduced a complete port to TypeScript. This transition may lead to stricter type checks and potential build issues in existing JavaScript projects without proper TypeScript configuration or type declarations. For projects previously relying on `@types/zxcvbn` for type definitions, these are now natively bundled with `zxcvbn-typescript` v5.x.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"For very long inputs, consider truncating the password to a reasonable length (e.g., 100-256 characters) before passing it to `zxcvbn`. Implement throttling or debouncing for interactive UI elements that trigger password evaluations to prevent excessive computations.","message":"Performance can be affected when evaluating extremely long passwords (e.g., hundreds of characters) or performing frequent checks in performance-critical sections of an application. The algorithm is optimized for interactive, user-facing feedback, not high-throughput batch processing of arbitrary length strings.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Verify that `zxcvbn-typescript` is correctly installed. If using a custom build or a different `zxcvbn` variant, consult its documentation to ensure all required dictionary and language packages are installed and explicitly configured for comprehensive scoring.","message":"While `zxcvbn-typescript` generally bundles its dictionary data, some modular `zxcvbn` implementations (such as `@zxcvbn-ts/core`) split language and dictionary data into separate packages to reduce initial bundle size. If you encounter unexpected 'Top 10 common password' warnings or notice less effective pattern matching, confirm that all necessary dictionary and language data is being loaded and configured correctly.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"If using ESM, ensure you use `import zxcvbn from 'zxcvbn-typescript';`. If using CommonJS, use `const zxcvbn = require('zxcvbn-typescript');`. Also, check your `tsconfig.json`'s `moduleResolution` and `module` options for compatibility.","cause":"This typically occurs due to an incorrect import statement (e.g., attempting a named import when the library provides a default export) or CommonJS/ESM module interop issues in your build or runtime environment.","error":"TypeError: zxcvbn is not a function"},{"fix":"Ensure that the `password` argument and all elements within the `userInputs` array are explicitly of type `string`. Use conditional checks (`if (password) { ... }`) or non-null assertion operators (`password!`) after confirming values are present.","cause":"Passing a potentially `undefined` or `null` value as the password or an element within `userInputs` without proper type narrowing, which is enforced more strictly by TypeScript, especially in v5.0.0 and later.","error":"TS2345: Argument of type 'string | undefined' is not assignable to parameter of type 'string'."},{"fix":"Run `npm install zxcvbn-typescript` or `yarn add zxcvbn-typescript`. Confirm your `tsconfig.json` `compilerOptions.moduleResolution` (e.g., 'NodeNext' for modern Node.js or 'bundler' for bundlers) and ensure your package manager can correctly resolve the module.","cause":"The package has not been installed, or there is a module resolution conflict within your build tool (e.g., Webpack, Rollup) or Node.js runtime environment.","error":"Error: Cannot find module 'zxcvbn-typescript'"}],"ecosystem":"npm"}