Sentinel Password

Appearance

Sentinel PasswordFlexible Password Validation

Accessible, customizable password validation for JavaScript and React

Get Started
Try Playground
View on GitHub
Sentinel Password
🎯

Flexible & Configurable

Tune all seven built-in checks through a single flat options object — set length, character-type, and repetition thresholds, supply `personalInfo`, or short-circuit the sequential, keyboard-pattern, and common-password checks via their `check*` flags.

Designed for AAA

Built with WCAG 2.1 AAA in mind — semantic HTML, ARIA live region, keyboard navigation, and a `useId()`-linked label. Full page conformance depends on your CSS (contrast) and surrounding markup.

🎨

Headless Components

Bring your own styles. Our React components are completely unstyled, giving you full control over the UI.

📦

Tiny Bundle Size

Core package is ~5.5 KB gzipped (under the 10 KB CI limit) with zero dependencies. Tree-shakeable validators load only what you need.

🌍

Pluggable i18n

Pass a `messages` template map or a `formatMessage` callback to localize validator output. Eight stable `MessageCode`s plug into react-intl, i18next, lingui, or FormatJS/ICU.

Zero Dependencies

The core package has no external dependencies, ensuring minimal bundle impact and maximum compatibility.

📊

Optional Entropy Estimator

Add `@sentinel-password/entropy` (≤ 30 KB gzipped, also zero-dep) for Shannon entropy + crack-time estimates under four standard attacker models — dictionary, l33t, sequence, and repetition detection included.

🔒

Security Conscious

Checks against common passwords, keyboard patterns, and personal information to help users create stronger passwords.

📱

Framework Agnostic

Use the core package with any JavaScript framework, or pull in our React hook and headless components for seamless integration.

TypeScript First

Written in TypeScript with full type definitions for excellent IDE support and type safety.

Quick Start 

npm install @sentinel-password/core
typescript
import { validatePassword } from '@sentinel-password/core'

const result = validatePassword('MyP@ssw0rd!', {
  minLength: 8,
  maxLength: 128,
  requireUppercase: true,
  requireLowercase: true,
  requireDigit: true,
  requireSymbol: true,
  checkCommonPasswords: true
})

if (result.valid) {
  console.log('Password is valid!')
} else {
  console.log('Suggestions:', result.feedback.suggestions)
}

React Integration

typescript
import { usePasswordValidator } from '@sentinel-password/react'

function SignupForm() {
  const { password, setPassword, result } = usePasswordValidator({
    minLength: 8,
    requireUppercase: true
  })

  return (
    <div>
      <input 
        type="password" 
        value={password} 
        onChange={(e) => setPassword(e.target.value)} 
      />
      {result && !result.valid && result.feedback.suggestions.map((suggestion, index) => (
        <p key={index}>{suggestion}</p>
      ))}
    </div>
  )
}

Ready-to-Use Components

typescript
import { PasswordInput } from '@sentinel-password/react-components'

function App() {
  return (
    <PasswordInput
      label="Create Password"
      onValidationChange={(result) => console.log(result)}
    />
  )
}

Optional: Entropy & Crack-Time Estimation

typescript
import { validatePassword } from '@sentinel-password/core'
import { estimateEntropy } from '@sentinel-password/entropy'

const rule = validatePassword(pwd)
const ent = estimateEntropy(pwd)

console.log(ent.bits)                          // ~28
console.log(ent.score)                         // 0–4 (aligns with core's StrengthScore)
console.log(ent.crackTime.offlineSlowHash.display)  // "5 hours"
console.log(ent.patterns)                      // ['l33t', 'capitalization']

The entropy package is intentionally decoupled from core. Install it only when you want a "how long would this survive a brute-force attack?" signal in addition to rule-based validity. See the Entropy API reference for details.

Released under the MIT License.

Copyright © 2024-present Alex Kankov