Abstract security interface showing password strength and policy analysis panels
JavaScript and TypeScript password policy analysis

PassGuardJS

Lightweight password strength and policy analysis for modern JavaScript apps.

Install from npmView on GitHubDocumentation

Features

Built for useful password feedback

PassGuardJS goes beyond checking whether a password matches a regex. It helps developers explain what is weak, what passed, and what the user can improve.

Password strength analysis

Score passwords from weak to strong with labels and policy-aware validation feedback.

Custom password policy support

Configure length, character requirements, score thresholds, banned terms, and custom rules.

Common password detection

Flag predictable passwords and extend the built-in list with your own blocked values.

Keyboard pattern detection

Detect keyboard walks such as qwerty, asdf, and similar predictable patterns.

Repeated character detection

Catch repeated runs such as aaaaaa or 111111 before they pass a format-only check.

Personal information detection

Compare passwords against names, emails, usernames, phone numbers, years, and locations.

TypeScript support

Written in TypeScript with published type definitions for editor-friendly integration.

Zero dependency focus

Designed as a lightweight runtime dependency-free package for JavaScript projects.

Installation

Add PassGuardJS with npm

Install the package, import the analyzer, and wire the returned result into your form UI or validation flow.

minLength: 12minScore: 70requireUppercaserequireLowercaserequireNumberrequireSpecialCharblockCommonPasswordsblockKeyboardPatterns
npm install passguardjs
quick-start.ts
import { analyzePassword } from "passguardjs";

const result = analyzePassword("MyStrongPass123!", {
  minLength: 12,
  requireUppercase: true,
  requireLowercase: true,
  requireNumber: true,
  requireSpecialChar: true,
});

console.log(result);

Live Demo

Try the browser-only password checker

Local analysis

Strength score

0/100

Result

Very Weak

Status: Needs attention

All checks run locally in your browser.

Issues

  • Password is too short
  • Password must include an uppercase letter
  • Password must include a lowercase letter
  • Password must include a number
  • Password must include a special character
  • Password strength score is below the required minimum

Recommendations

  • Use at least 12 characters
  • Add at least one uppercase letter
  • Add at least one lowercase letter
  • Add at least one number
  • Add at least one special character
  • Use a longer password with more random characters

Documentation Preview

The pieces developers need first

Start with the core API, configure a policy, read the result object, and adapt the examples to your stack.

Core API

API Reference

Use analyzePassword(password, policy?) to return a score, strength label, validity flag, issues, suggestions, and detailed rule checks.

Configuration

Policy Options

Set minLength, minScore, required character classes, common password blocking, keyboard checks, repeated character limits, and custom rules.

Typed output

Result Object

Read score, strength, isValid, issues, suggestions, and checks to power UI feedback or form validation.

Frameworks

Examples

Integrate with React, Vanilla JS, Node.js, Vue, Angular, and CommonJS environments using the same analysis API.

Why PassGuardJS?

Regex-only validation answers the wrong question.

A regex can confirm that a password contains a number, symbol, or uppercase character. It cannot explain whether that password is common, repetitive, keyboard-like, personal, or simply too predictable for the policy you are trying to enforce.

PassGuardJS is built for meaningful analysis and developer-friendly feedback: return a score, list the issues, suggest safer choices, and keep the checks close to the product experience where users can act on them.