@misok/password-checker 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/fixtures/blooms.generated.json +1 -1
- package/package.json +1 -1
- package/src/index.js +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## 0.1.2
|
|
6
|
+
- Apply baseline entropy multiplier `0.8` to reduce over-scoring of human-readable compounds
|
|
7
|
+
- Harden Bloom pipeline with NFKC normalization, config validation, and decoded payload size sanity checks
|
|
8
|
+
- Add Bloom builder warnings for risky parameter profiles (hash count, bit density, FPR, token length)
|
|
9
|
+
- Keep debug simulation factor controls always visible for easier tuning consistency
|
|
10
|
+
|
|
5
11
|
## 0.1.1
|
|
6
12
|
- Add passphrase-aware scoring so long multi-word passwords are not over-penalized as generic dictionary patterns
|
|
7
13
|
- Extend `analyze()` output with `strategy`, `dictionaryWordCount`, and `scoreBreakdown.bonuses.passphrase`
|
package/package.json
CHANGED
package/src/index.js
CHANGED
|
@@ -317,7 +317,7 @@ export class PasswordDefenseCore {
|
|
|
317
317
|
if (/[A-Z]/.test(pw)) charsetSize += 26;
|
|
318
318
|
if (/[0-9]/.test(pw)) charsetSize += 10;
|
|
319
319
|
if (/[^A-Za-z0-9]/.test(pw)) charsetSize += 33;
|
|
320
|
-
const baselineScore = (pw.length * Math.log2(charsetSize || 1) / 80) * 100;
|
|
320
|
+
const baselineScore = ((pw.length * Math.log2(charsetSize || 1) / 80) * 100) * 0.8;
|
|
321
321
|
let score = baselineScore;
|
|
322
322
|
|
|
323
323
|
let penalty = 0;
|