getPasswordStrength
Evaluates the strength of a password on a scale from 0 to 4.
1/**
2 * Evaluates the strength of a password on a scale from 0 to 4.
3 *
4 * @param password - The password string to evaluate.
5 * @returns A strength index:
6 * 0 - Very weak (common pattern or too short)
7 * 1 - Weak
8 * 2 - Medium
9 * 3 - Strong
10 * 4 - Very strong
11 */
12export function getPasswordStrength(password: string): number {
13 if (!password || password.length < 6) return 0;
14
15 const blacklist = [
16 '1234', 'qwerty', 'password', '1111', 'abc123', 'letmein',
17 'welcome', 'admin', 'root', '0000', 'qazwsx'
18 ];
19
20 const normalized = password.toLowerCase();
21
22 for (const pattern of blacklist) {
23 if (normalized.includes(pattern)) return 0;
24 }
25
26 const lower = /[a-z]/.test(password);
27 const upper = /[A-Z]/.test(password);
28 const digit = /\d/.test(password);
29 const special = /[^a-zA-Z0-9]/.test(password);
30
31 let strength = 0;
32 if (lower) strength += 1;
33 if (upper) strength += 1;
34 if (digit) strength += 1;
35 if (special) strength += 1;
36
37 return strength;
38}Blacklist Protection
Filters out commonly used and predictable passwords by checking against a predefined blacklist.
Character Diversity Analysis
Evaluates presence of lowercase, uppercase, digits, and special characters to measure password complexity.
Granular Strength Scoring
Returns a clear numeric scale (0–4), enabling tiered feedback or UI indicators in password fields.
Early Exit Optimization
Short-circuits evaluation for clearly weak or blacklisted passwords, improving efficiency.
Lightweight & Fast
No dependencies and minimal computation make it suitable for real-time input feedback.
Tests | Examples
1test('returns 0 for common patterns', () => {
2 expect(getPasswordStrength('123456')).toBe(0);
3 expect(getPasswordStrength('qwerty')).toBe(0);
4 expect(getPasswordStrength('admin123')).toBe(0);
5});
6
7test('returns 1 for lowercase only', () => {
8 expect(getPasswordStrength('abcdef')).toBe(1);
9});
10
11test('returns 2 for lowercase and digits', () => {
12 expect(getPasswordStrength('abc123')).toBe(0); // common pattern
13 expect(getPasswordStrength('abz478')).toBe(2);
14});
15
16test('returns 3 for lowercase, digits and uppercase', () => {
17 expect(getPasswordStrength('Abc123')).toBe(3);
18});
19
20test('returns 4 for all categories', () => {
21 expect(getPasswordStrength('Abc$123')).toBe(4);
22});
23
24test('returns 0 for too short passwords', () => {
25 expect(getPasswordStrength('aB1')).toBe(0);
26});
27
28test('returns 2 for digits and special characters', () => {
29 expect(getPasswordStrength('1234$%')).toBe(2);
30});Common Use Cases
Signup & Registration Forms
Provide immediate visual feedback on password strength to encourage better security practices.
Password Update Flows
Evaluate new passwords when users change their credentials and enforce a minimum score.
Security Audits or Reports
Run bulk assessments on stored (hashed) passwords by applying logic at input time or during reviews.
Progressive Disclosure UX
Trigger additional hints or suggestions based on detected weaknesses (e.g., lack of uppercase or special chars).
Client-Side Validation
Reduce server load by rejecting obviously weak passwords before submission.