aiyushkumar007
🔐 Secure Auth Helper
A comprehensive security utility library for Node.js applications, providing password strength analysis, secure password generation, and email validation.
Features
🔒 Password Security
- 🛡️ Pwned Password Checking: Privacy-preserving breach detection using HaveIBeenPwned API
- Advanced Password Strength Analysis: Multi-layered evaluation with realistic crack time estimation
- Smart Pattern Detection: Detects keyboard patterns, leet speak, dates, phone numbers, and statistical anomalies
- Cryptographically Secure Generation: Uses Node.js crypto for unpredictable password creation
- Multiple Attack Scenario Modeling: Online, offline, and fast offline crack time estimates
- Memorable Password Generation: Human-friendly passwords with customizable word patterns
📧 Email Validation
- Comprehensive Email Validation: RFC-compliant syntax, domain, and deliverability checking
- Disposable Email Detection: 70,000+ disposable email providers from actively maintained database
- Role-based Email Detection: Identifies organizational emails (admin@, support@, etc.)
- DNS Verification: Domain existence and MX record validation
- Smart Scoring System: 0-100 scoring with actionable suggestions
- Batch Processing: Validate multiple emails efficiently
🚀 Developer Experience
- 🖥️ Command Line Interface: Direct CLI tools for password and email checking
- High Performance: 140μs per generation, 40μs per analysis - suitable for high-throughput applications
- TypeScript Support: Complete type definitions with IntelliSense support
- Zero Dependencies: Lightweight with no external dependencies
- Comprehensive Testing: 100+ tests ensuring reliability
Installation
npm install secure-auth-helper
Quick Start
import {
checkPasswordStrength,
generatePassword,
validateEmail
} from 'secure-auth-helper';
// Check password strength
const result = checkPasswordStrength('myPassword123!');
console.log(result);
// {
// score: 4,
// verdict: "strong",
// suggestions: ["Consider using 12+ characters for better security"],
// crackTime: {
// online: { humanReadable: "77 thousand years", attackScenario: "online" },
// offline: { humanReadable: "8 years", attackScenario: "offline" },
// offlineFast: { humanReadable: "29 days", attackScenario: "offline_fast" }
// }
// }
// Generate a secure password
const password = generatePassword({
length: 16,
numbers: true,
symbols: true,
uppercase: true,
lowercase: true
});
console.log(password); // "Xz!7jLmR$1@qN9pK"
// Validate email address
const emailResult = await validateEmail('user@example.com');
console.log(emailResult);
// {
// email: "user@example.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: true,
// mailbox_exists: true,
// is_disposable: false,
// is_role_based: false
// },
// score: 90,
// status: "VALID"
// }🖥️ Command Line Interface
Password Breach Checking
Check any password for breaches directly from the command line:
# Direct usage
node checkPwned.js password123
# 🚨 PWNED: Found 918,824 times in data breaches
# Using npm script
npm run check-pwned "MySecurePassword123!"
# ✅ Not found in known data breaches
# Without arguments shows help
node checkPwned.js
# Usage: node checkPwned.js <password>Email Validation CLI
Comprehensive email validation with detailed analysis:
# Direct usage
node checkEmail.js
# 🔍 Email Validation Demo - Interactive validation of test emails
# Using npm script
npm run check-email
# Shows validation results for sample emails including disposable detectionCLI Features
- Privacy-Preserving: Uses k-anonymity - only first 5 SHA-1 hash characters sent to API
- Real-time Data: Checks against HaveIBeenPwned and disposable email databases
- Comprehensive Analysis: Domain validation, MX records, disposable/role-based detection
- Clear Output: Shows detailed validation results and suggestions
- Error Handling: Graceful network error handling
Password Strength Checker
Basic Usage
import { PasswordChecker, checkPasswordStrength } from 'secure-auth-helper';
// Synchronous (backward compatible)
const result = PasswordChecker.checkPassword('MySecurePassword123!');
// OR using convenience function
const result = checkPasswordStrength('MySecurePassword123!');
// Asynchronous with pwned checking
const resultWithPwned = await PasswordChecker.checkPasswordWithPwnedCheck('MySecurePassword123!');Return Format
Synchronous Methods (checkPassword, checkPasswordStrength):
interface PasswordStrengthResult {
score: number; // 0-5 scale
verdict: "weak" | "medium" | "strong" | "very strong";
suggestions: string[]; // Array of improvement suggestions
crackTime: {
online: CrackTimeEstimate; // Online attack (1K attempts/sec)
offline: CrackTimeEstimate; // Offline attack (100B attempts/sec)
offlineFast: CrackTimeEstimate; // Fast offline (10T attempts/sec)
};
}Asynchronous Methods (checkPasswordWithPwnedCheck):
interface PasswordStrengthResultWithPwned extends PasswordStrengthResult {
pwnedCheck: {
isPwned: boolean; // True if found in breaches
breachCount: number | null; // Times found in breaches
errorMessage?: string; // Error if API call failed
};
}Common Interface:
interface CrackTimeEstimate {
seconds: number;
humanReadable: string; // "5 years", "3 months", "instantly"
attackScenario: string;
}Examples
// Weak password
checkPasswordStrength('password');
// {
// score: 0,
// verdict: "weak",
// suggestions: [
// "Avoid common passwords - use a unique combination",
// "Use at least 8 characters",
// "Add uppercase letters (A-Z)",
// "Add numbers (0-9)",
// "Add special characters (!@#$%^&*)"
// ],
// crackTime: {
// online: { seconds: 0, humanReadable: "instantly", attackScenario: "online" },
// offline: { seconds: 0, humanReadable: "instantly", attackScenario: "offline" },
// offlineFast: { seconds: 0, humanReadable: "instantly", attackScenario: "offline_fast" }
// }
// }
// Strong password
checkPasswordStrength('MyV3ry$tr0ngP@ssw0rd!');
// {
// score: 5,
// verdict: "very strong",
// suggestions: [
// "Great password! Consider using a password manager for unique passwords across all accounts"
// ],
// crackTime: {
// online: { seconds: 1.38e+25, humanReadable: "4.3 quintillion billion years", attackScenario: "online" },
// offline: { seconds: 1.38e+17, humanReadable: "438 trillion years", attackScenario: "offline" },
// offlineFast: { seconds: 1.38e+15, humanReadable: "4.4 billion years", attackScenario: "offline_fast" }
// }
// }
// Pattern detection example
checkPasswordStrength('qwerty123');
// {
// score: 0,
// verdict: "weak",
// suggestions: ["Avoid common passwords - use a unique combination"],
// crackTime: {
// online: { seconds: 0, humanReadable: "instantly", attackScenario: "online" }
// // ... offline times also "instantly" due to pattern detection
// }
// }Strength Criteria
The password checker evaluates:
- Length: Minimum 8 characters recommended, 12+ preferred
- Character Variety: Uppercase, lowercase, numbers, symbols
- Common Passwords: Checks against database of 100+ weak passwords and variations
- Advanced Pattern Detection:
- Keyboard Patterns: qwerty, asdf, 123456, etc.
- Leet Speak: Converts p@ssw0rd → password for analysis
- Date Patterns: Years (1990-2024), MM/DD/YYYY formats
- Phone Numbers: Various formats (555-1234, (555) 123-4567)
- Repeating Substrings: abcabc, 123123, etc.
- Sequential Characters: abc, 123, qwe sequences
- Statistical Analysis: Character transition patterns and alternating sequences
- Smart Attack Modeling: Dictionary attacks, mask attacks, hybrid attacks
- Entropy Calculation: Realistic randomness assessment with pattern penalties
- Crack Time Estimation: Based on current hardware capabilities (2024)
Crack Time Estimation
The password checker provides realistic crack time estimates for three attack scenarios:
Attack Scenarios
- Online Attacks (1,000 attempts/sec): Rate-limited attacks against live systems
- Offline Attacks (100 billion attempts/sec): Attacks against stolen password hashes with modern GPUs
- Fast Offline Attacks (10 trillion attempts/sec): High-end cloud computing or ASIC attacks
Smart Attack Modeling
The estimation considers how real attackers work:
- Dictionary attacks first: Common passwords crack instantly
- Hybrid attacks: Dictionary words + number/symbol variations
- Mask attacks: Targeted patterns for dates, phones, etc.
- Pattern optimization: Keyboard walks, repeated sequences
const result = checkPasswordStrength('Winter2023!');
console.log(result.crackTime.online.humanReadable); // "7650 billion years"
console.log(result.crackTime.offline.humanReadable); // "77 thousand years"
console.log(result.crackTime.offlineFast.humanReadable); // "765 years"Password Generator
Basic Usage
import { PasswordGenerator } from 'secure-auth-helper';
// Generate with default options (12 chars, all types)
const password = PasswordGenerator.generatePassword();
// Generate with custom options
const customPassword = PasswordGenerator.generatePassword({
length: 16,
numbers: true,
symbols: true,
uppercase: true,
lowercase: true,
excludeSimilar: true // Excludes 0, O, 1, l, I, |
});Configuration Options
interface GeneratePasswordOptions {
length?: number; // Default: 12
numbers?: boolean; // Default: true
symbols?: boolean; // Default: true
uppercase?: boolean; // Default: true
lowercase?: boolean; // Default: true
excludeSimilar?: boolean; // Default: false
}Advanced Generation
// Generate the strongest possible password from multiple candidates
const strongPassword = PasswordGenerator.generateStrongPassword({
length: 20,
excludeSimilar: true
});
// Generate memorable password (word-based)
const memorablePassword = PasswordGenerator.generateMemorablePassword(4, true, true);
// Example: "Brave-Ocean-Tiger-Music-47!"Memorable Passwords
For passwords that are easier to remember:
import { generateMemorablePassword } from 'secure-auth-helper';
// Generate with default options (4 words + number + symbol)
const password = generateMemorablePassword();
// "Correct-Horse-Battery-Staple-73!"
// Customize word count and additions
const customPassword = generateMemorablePassword(
3, // word count
true, // add numbers
false // exclude symbols
);
// "Apple-River-Knight-42"Email Validation
Basic Usage
import { EmailChecker, validateEmail, isValidEmailSyntax } from 'secure-auth-helper';
// Quick syntax validation (synchronous)
const isValid = isValidEmailSyntax('user@example.com');
console.log(isValid); // true
// Comprehensive validation (asynchronous)
const result = await validateEmail('user@example.com');
console.log(result);Return Format
interface EmailValidationResult {
email: string; // Normalized email address
validations: {
syntax: boolean; // RFC-compliant format
domain_exists: boolean; // Domain DNS lookup
mx_records: boolean; // Mail server records
mailbox_exists: boolean; // Mailbox accessibility
is_disposable: boolean; // Temporary email service
is_role_based: boolean; // Organizational email (admin@, support@)
};
score: number; // 0-100 validation score
status: "VALID" | "INVALID";
suggestions?: string[]; // Improvement recommendations
}Examples
// Valid business email
await validateEmail('john.doe@company.com');
// {
// email: "john.doe@company.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: true,
// mailbox_exists: true,
// is_disposable: false,
// is_role_based: false
// },
// score: 90,
// status: "VALID"
// }
// Disposable email detection
await validateEmail('test@10minutemail.com');
// {
// email: "test@10minutemail.com",
// validations: {
// syntax: true,
// domain_exists: true,
// mx_records: false,
// mailbox_exists: false,
// is_disposable: true, // Detected as disposable
// is_role_based: false
// },
// score: 35,
// status: "INVALID",
// suggestions: [
// "This appears to be a disposable/temporary email address. Consider using a permanent email address."
// ]
// }
// Role-based email detection
await validateEmail('admin@company.com');
// {
// validations: {
// is_role_based: true, // Detected as organizational
// // ... other validations
// },
// suggestions: [
// "This appears to be a role-based email address. Consider using a personal email address if required."
// ]
// }Advanced Features
// Batch email validation
const emails = ['user1@domain.com', 'user2@domain.com', 'invalid-email'];
const results = await validateEmails(emails);
console.log(results); // Array of EmailValidationResult
// Class-based usage for advanced scenarios
const checker = new EmailChecker();
const result = await EmailChecker.validateEmail('test@example.com');
// Quick syntax-only validation for performance-critical scenarios
const syntaxValid = EmailChecker.isValidEmailSyntax('user@domain.com');Validation Criteria
The email validator performs comprehensive checks:
Syntax Validation
- RFC 5322 compliant format checking
- Local part length validation (≤64 characters)
- Domain length validation (≤253 characters)
- Special character and dot placement rules
- Unicode character support
Domain Verification
- DNS lookup to verify domain existence
- MX record checking for mail server availability
- Timeout handling for network requests
Disposable Email Detection
- 70,000+ Domain Database: Regularly updated from GitHub repository
- Smart Caching: 24-hour cache with automatic refresh
- Fallback Protection: Works offline with basic detection
- Common Providers: 10minutemail, mailinator, guerrillamail, etc.
Role-based Email Detection
- 60+ Role Patterns: admin, support, info, sales, etc.
- Smart Pattern Matching: Handles variations (admin1, support-team)
- Organizational Context: Identifies non-personal email addresses
Scoring System
- Syntax (30 points): Valid email format
- Domain Exists (25 points): DNS verification
- MX Records (20 points): Mail server availability
- Mailbox Exists (15 points): Estimated deliverability
- Disposable Penalty (-20 points): Temporary email services
- Role-based Penalty (-10 points): Organizational emails
Integration Examples
// User registration validation
app.post('/register', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
if (validation.status === 'INVALID') {
return res.status(400).json({
error: 'Invalid email address',
suggestions: validation.suggestions
});
}
if (validation.validations.is_disposable) {
return res.status(400).json({
error: 'Disposable email addresses are not allowed'
});
}
// Proceed with registration
});
// Newsletter signup with quality scoring
app.post('/newsletter', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
// Only accept high-quality emails
if (validation.score < 70) {
return res.status(400).json({
error: 'Please provide a valid, permanent email address',
score: validation.score
});
}
// Add to newsletter
});Security Features
Cryptographically Secure Random Generation
The library uses Node.js's crypto.randomBytes() for secure random number generation, ensuring passwords are unpredictable.
Common Password Detection
Checks against a comprehensive list of common weak passwords including:
- Numeric sequences (123456, etc.)
- Common words (password, admin, etc.)
- Keyboard patterns (qwerty, asdfgh, etc.)
- Date patterns and simple variations
Entropy Calculation
Passwords are evaluated for entropy based on:
- Character set size
- Password length
- Pattern detection and statistical analysis
- Advanced attack modeling and keyspace reduction
- Real-world password cracking techniques
Performance
Designed for high-throughput applications:
- Password Generation: ~140 microseconds per password
- Password Analysis: ~40 microseconds per analysis
- 100% Uniqueness: Cryptographically secure randomness
- Memory Efficient: Suitable for bulk operations
- Thread Safe: Safe for concurrent usage
// Generate 1000 passwords efficiently
const passwords = Array.from({ length: 1000 }, () =>
generatePassword({ length: 16 })
);
// Analyze 1000 passwords rapidly
passwords.forEach(password => {
const strength = checkPasswordStrength(password);
// Processing completes in milliseconds
});TypeScript Support
Full TypeScript definitions are included:
import {
// Password types
PasswordStrengthResult,
PwnedCheckResult,
GeneratePasswordOptions,
PasswordVerdict,
// Email validation types
EmailValidationResult,
EmailValidations,
EmailStatus
} from 'secure-auth-helper';
// Password validation (synchronous)
const checkResult: PasswordStrengthResult = checkPasswordStrength('test');
// Password validation with breach checking (asynchronous)
const pwnedResult: Promise<PasswordStrengthResult & {pwnedCheck: PwnedCheckResult}> =
checkPasswordStrengthWithPwnedCheck('test');
// Password generation
const options: GeneratePasswordOptions = { length: 16, symbols: false };
// Email validation (asynchronous)
const emailResult: Promise<EmailValidationResult> = validateEmail('test@example.com');
// Email validation result structure
const result: EmailValidationResult = {
email: 'test@example.com',
validations: {
syntax: true,
domain_exists: true,
mx_records: true,
mailbox_exists: true,
is_disposable: false,
is_role_based: false
},
score: 90,
status: 'VALID'
};🔄 Backward Compatibility
✅ Existing users are NOT affected by v1.1.0 updates!
All existing code continues to work exactly as before:
// v1.0.x code continues to work unchanged
import { checkPasswordStrength, generatePassword } from 'secure-auth-helper';
const result = checkPasswordStrength('myPassword123!');
console.log(result.score, result.verdict); // Same as before
const password = generatePassword({ length: 12 });
// All existing functionality preservedThe new pwned password checking is opt-in only via new methods:
checkPasswordStrengthWithPwnedCheck()- Async with breach checkingcheckIfPasswordPwned()- Standalone breach checking
API Reference
Password Checker (Synchronous - Original)
| Method | Parameters | Returns | Description |
|---|---|---|---|
checkPasswordStrength(password) |
string |
PasswordStrengthResult |
Analyzes password strength (sync) |
PasswordChecker.checkPassword(password) |
string |
PasswordStrengthResult |
Class method for password analysis (sync) |
Password Checker (Asynchronous - v1.1.0)
| Method | Parameters | Returns | Description |
|---|---|---|---|
checkPasswordStrengthWithPwnedCheck(password) |
string |
Promise<PasswordStrengthResultWithPwned> |
Analyzes with breach checking (async) |
PasswordChecker.checkPasswordWithPwnedCheck(password) |
string |
Promise<PasswordStrengthResultWithPwned> |
Class method with breach checking (async) |
checkIfPasswordPwned(password) |
string |
Promise<PwnedCheckResult> |
Standalone breach checking (async) |
Password Generator
| Method | Parameters | Returns | Description |
|---|---|---|---|
generatePassword(options?) |
GeneratePasswordOptions |
string |
Generates secure random password |
generateStrongPassword(options?) |
GeneratePasswordOptions |
string |
Generates optimized strong password |
generateMemorablePassword(wordCount?, addNumbers?, addSymbols?) |
number, boolean, boolean |
string |
Generates word-based password |
Email Validation (New in v1.2.0)
| Method | Parameters | Returns | Description |
|---|---|---|---|
validateEmail(email) |
string |
Promise<EmailValidationResult> |
Comprehensive email validation (async) |
validateEmails(emails) |
string[] |
Promise<EmailValidationResult[]> |
Batch email validation (async) |
isValidEmailSyntax(email) |
string |
boolean |
Quick syntax validation (sync) |
EmailChecker.validateEmail(email) |
string |
Promise<EmailValidationResult> |
Class method for email validation (async) |
EmailChecker.isValidEmailSyntax(email) |
string |
boolean |
Class method for syntax validation (sync) |
EmailChecker.validateEmails(emails) |
string[] |
Promise<EmailValidationResult[]> |
Class method for batch validation (async) |
Examples
Web Application Integration
// User registration validation with password and email checking
app.post('/register', async (req, res) => {
const { email, password } = req.body;
// Validate password strength
const passwordStrength = checkPasswordStrength(password);
if (passwordStrength.score < 3) {
return res.status(400).json({
error: 'Password too weak',
suggestions: passwordStrength.suggestions
});
}
// Validate email comprehensively
const emailValidation = await validateEmail(email);
if (emailValidation.status === 'INVALID') {
return res.status(400).json({
error: 'Invalid email address',
suggestions: emailValidation.suggestions
});
}
// Block disposable emails for user accounts
if (emailValidation.validations.is_disposable) {
return res.status(400).json({
error: 'Disposable email addresses are not allowed for registration'
});
}
// Proceed with registration
});
// Password reset with secure generation
app.post('/reset-password', (req, res) => {
const temporaryPassword = generatePassword({
length: 12,
excludeSimilar: true
});
// Send secure temporary password
});
// Newsletter signup with quality filtering
app.post('/newsletter', async (req, res) => {
const { email } = req.body;
const validation = await validateEmail(email);
// Accept disposable emails for newsletters but track quality
if (validation.score < 50) {
return res.status(400).json({
error: 'Please provide a valid email address',
score: validation.score
});
}
// Add to newsletter with quality score for segmentation
await addToNewsletter(email, validation.score);
});CLI Tool
#!/usr/bin/env node
import { checkPasswordStrength, generatePassword, validateEmail } from 'secure-auth-helper';
const [,, action, input] = process.argv;
if (action === 'check-password' && input) {
const result = checkPasswordStrength(input);
console.log(`Score: ${result.score}/5`);
console.log(`Verdict: ${result.verdict}`);
console.log('Suggestions:', result.suggestions.join(', '));
} else if (action === 'check-email' && input) {
validateEmail(input).then(result => {
console.log(`Email: ${result.email}`);
console.log(`Score: ${result.score}/100`);
console.log(`Status: ${result.status}`);
console.log(`Disposable: ${result.validations.is_disposable ? 'Yes' : 'No'}`);
console.log(`Role-based: ${result.validations.is_role_based ? 'Yes' : 'No'}`);
if (result.suggestions) {
console.log('Suggestions:', result.suggestions.join(', '));
}
});
} else if (action === 'generate') {
console.log(generatePassword({ length: 16 }));
} else {
console.log('Usage:');
console.log(' node cli.js check-password <password>');
console.log(' node cli.js check-email <email>');
console.log(' node cli.js generate');
}Testing
Run the comprehensive test suite:
npm testThe package includes 100+ comprehensive tests covering:
Core Functionality
- Password strength evaluation across all scoring criteria
- Password generation algorithms with all option combinations
- Memorable password generation with various configurations
- Email validation with all validation criteria
- TypeScript type definitions and API compatibility
Advanced Features
- Pattern detection (keyboard, leet speak, dates, phones)
- Statistical analysis and entropy calculation
- Crack time estimation accuracy
- Smart attack modeling verification
- Disposable email detection with 70,000+ domains
- Role-based email pattern matching
- DNS and MX record validation
Edge Cases & Reliability
- Unicode character handling in passwords and emails
- Very long password processing (200+ characters)
- Malformed email address handling
- Network error handling for email validation
- Boundary value testing
- Error handling for invalid inputs
- Performance testing with bulk operations
- Concurrent operation safety
Email Validation Testing
- RFC compliance validation
- Disposable email database accuracy
- Role-based email detection precision
- DNS timeout and error handling
- Batch validation performance
- Cache behavior and refresh logic
Test Results
- ✅ 102/102 tests passing
- ✅ 100% success rate
- ✅ All edge cases covered
- ✅ Production-ready reliability
Contributing
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
License
MIT License - see LICENSE file for details.
Security Notice
This library is designed for general-purpose password utilities. For high-security applications, consider additional measures such as:
- Server-side validation
- Rate limiting
- Account lockout policies
- Multi-factor authentication
- Professional security audit
Changelog
v1.2.0 (Latest)
- 📧 Email Validation System: Comprehensive email validation with syntax, domain, and deliverability checking
- 🗃️ Disposable Email Detection: 70,000+ disposable email providers from actively maintained GitHub database
- 🏢 Role-based Email Detection: Identifies organizational emails (admin@, support@, etc.) with 60+ patterns
- 🌐 DNS Verification: Domain existence and MX record validation with timeout handling
- 📊 Smart Scoring System: 0-100 email quality scoring with actionable suggestions
- ⚡ Batch Processing: Efficient validation of multiple emails simultaneously
- 🖥️ Email CLI Tool: Command-line interface for email validation (
npm run check-email) - 🔄 Smart Caching: 24-hour cache for disposable domains with automatic refresh
- 📱 TypeScript Support: Complete type definitions for all email validation features
- 🧪 Comprehensive Testing: 40+ new tests covering all email validation scenarios
v1.1.1
- 📚 Enhanced Documentation: Clarified API behavior and method differences
- 🔄 Backward Compatibility: Clear documentation that existing users are unaffected
- 📖 Improved Examples: Better TypeScript examples and usage patterns
v1.1.0
- 🛡️ Pwned Password Checking: HaveIBeenPwned API integration with privacy-preserving k-anonymity
- 🖥️ Command Line Interface: CLI tool for direct password breach checking
- Enhanced API: New async methods with full backward compatibility
- Comprehensive Testing: 65+ tests including pwned password functionality
- Enhanced Documentation: Comprehensive README with all advanced features showcased
- Complete API Documentation: Full TypeScript interfaces and crack time examples
- Performance Metrics: Added benchmarks and testing statistics
- Advanced Features Highlighting: Pattern detection, attack modeling, statistical analysis
v1.0.0
- Advanced Password Strength Analysis with 0-5 scoring system
- Smart Pattern Detection: Keyboard patterns, leet speak, dates, phone numbers
- Realistic Crack Time Estimation: Online, offline, and fast offline attack scenarios
- Cryptographically Secure Password Generation with flexible options
- Memorable Password Generation using word-based patterns
- High-Performance Implementation: 140μs generation, 40μs analysis
- Statistical Analysis Engine: Character transitions and alternating patterns
- Smart Attack Modeling: Dictionary, hybrid, and mask attack simulation
- Enhanced Common Password Database: 100+ entries with leet variations
- Complete TypeScript Support with comprehensive type definitions
- 58 Comprehensive Tests: 100% passing with full edge case coverage
- Unicode Character Support for international passwords
- Production-Ready Performance: Suitable for high-throughput applications