Wondering what’s next for npm?Check out our public roadmap! »

    javascript-strong-password-generator

    1.0.2 • Public • Published

    javascript-strong-password-generator

    JavaScript Strong Password Generator: based on Jeff Atwood's Post "Password Rules Are Bullshit".

    You can view a working demo at https://www.sethserver.com/strong-random-password-generator.html

    Currently uses six unicode blocks, and I don't see why we can't use them all; this just makes the best looking passwords.

    Installation

    npm i javascript-strong-password-generator

    Basic Usage

    This is a quick out-of-the-box usage example. This is not how you'd use it in production if you want it to be secure, but it will give you a decent random unicode password.

    const jsspg = require('javascript-strong-password-generator');
     
    jsspg.init();
    const newPassword = jsspg.generate();
     
    console.log(newPassword);

    Command-line Usage

    JSSPG includes a simple command-line app that will generate a single random password seeded by your local environment.

    $ js-spg
    ƗÇŒk😪Ư2ëjOåęğ⚎Ŭ☦Ƙ🙅ēňxę😣☨😺Ú

    Advanced Usage

    To reduce predictability add entropy from dynamic sytem state inforation such as CPU usage, number of active processes, availalbe ram and disk io.

    const jsspg = require('javascript-strong-password-generator');
    const si = require('systeminformation');
    const sha512 = require('js-sha512');
     
    let entropyval;
     
    function entropyAccumFunction() {
      return new Promise(async (resolve) => {
        const cpuSpeed = await si.cpu();
        const processes = await si.processes();
        const disksIO = await si.disksIO();
        const memory = await si.mem();
     
        entropyval = sha512(`${JSON.stringify(cpuSpeed)}:${JSON.stringify(processes)}:${JSON.stringify(disksIO)}:${JSON.stringify(memory)}`);
     
        resolve();
      });
    }
     
    function entropyFunction() {
      return entropyval;
    }
     
    async function run() {
      await entropyAccumFunction();
     
      jsspg.init({
        timeBasedEntropy: false,
        entropyFxn: entropyFunction,
      });
     
      process.stdout.write(`${jsspg.generate()}\n`);
    }
     
    run();

    Building for Browsers

    This will generate a ./build/jsspg.min.js file for use in a web browser.

    $ npm run webpack

    Basic Browser Usage

    <script src="js/jsspg.min.js"></script>
    <script>
    (function () {
      jsspg.init();
     
      var newPassword = jsspg.generate()
      alert(newPassword);
    })();
    </script>

    Core Concept

    Just read "Password Rules Are Bullshit".

    API

    jsspg.init(options)

    Options [{ k: v }]

    • entropyFxn [function fxn()]: Custom entropy function. Must return an Array or string of length fortuna.entropySz (128 by default)
    • timeBasedEntropy [bool]: Detaches the reseeding of the algorithm from the call to random().
    • accumulateTimeout [int]: The amount of time in milliseconds between each timeBasedEntropy call. Requires timeBasedEntropy to be true.

    jsspg.generate(passwordLength)

    Generates a random Unicode password of length passwordLength (length is Unicode characters, not bytes).

    Install

    npm i javascript-strong-password-generator

    DownloadsWeekly Downloads

    22

    Version

    1.0.2

    License

    Apache 2.0

    Last publish

    Collaborators

    • avatar