I am wondering if there is a reason why this package does not run not in NodeJs ?
when i install and then run your sample code like

const passwordStrength = require('check-password-strength')
console.log(passwordStrength('asdfasdf').value)

TypeError: passwordStrength is not a function

Im forced to import this like: import { passwordStrength } from 'check-password-strength/dist'
Before version "2.0.8" was like: import { passwordStrength } from 'check-password-strength'

Im using nuxt 3 and as you can read here they use a different bundler:
https://github.com/nuxt/nuxt/releases/tag/v3.10.0

📦 Bundler module resolution
With nuxt/nuxt#24837, we are now opting in to the TypeScript bundler resolution which should more closely resemble the actual way that we resolve subpath imports for modules in Nuxt projects.

'Bundler' module resolution is recommended by Vue and by Vite, but unfortunately there are still many packages that do not have the correct entries in their package.json.

great package!
are you considering adding type support to your package?

According to Readme you have wrong default value for password strength.
Right now it is { id: 2, value: 'Weak }. Should be Strong. Add some test to it please :)

Hi,

what would be the drawbacks in using this instead?
^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9])(?=.{10,})

Thanks

I just upgraded from v2.0.7 to v2.0.9, and it appears the changes related to ESM (perhaps?) now cause a critical error on app build.

@deanilvincent @Ennoriel Why were these changes marked as a patch version update and not a major update given the breaking changes?

EDIT: appears that the removal of the default export was perhaps the issue? I see this is identified in the setup docs, but was not called out in the release notes.

an error with empty string

Hello!

Your library does a great job!

I would be glad to make a PR to make it configurable, say with a parameter

[
  {
     id: 0,
     value: 'Weak',
     requires: ['lowercase', 'uppercase']
     length: 5
  },...
]

It would be retrocompatible with a default parameter set as the actual configuration.

What do you think?

The error message when using the package inside an angular script is below

Warning: depends on 'check-password-strength'. CommonJS or AMD dependencies can cause optimization bailouts. For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Any solutions besides adding it to the "allowlist"?

Hi there,

Thank you for a nicely written library :)

Would you be keen to release an UMD version of the library too so it can be easily embed on a site through a CDN link?

Hello,

thanks for your librairy, it's really nice.

I just noticed that the 3 following characters are "transformed" after a user choose them in his password :

< is transformed in <
> is transformed in >
& is transformed in &

Example : a user chooses the password password@444&, then the passwordStrength checking actually checks password@444&. Then, some medium passwords become strong because of length.

What can we do ?

Julien

Hi,

The equal (=) symbol does not seem to be included in your regexp that checks for symbols.

Is it on purpose ?

If not could you add it ?

Thanks a lot

By default only the characters !@#$%^&* are considered "symbols". I know that this can be overridden as desired, but is there a reason why this list is so restrictive by default? E.g., why are all the following characters not considered symbols?

"'()+,-./:;<=>?[]_`{|}~