npm - @pwd-meter/core - Versions diffs - 2.0.0 - Mend

@pwd-meter/core 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,323 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  analyzePassword: () => analyzePassword,
+  analyzePasswordAsync: () => analyzePasswordAsync,
+  checkPwnedPassword: () => checkPwnedPassword,
+  generateSecurePassword: () => generateSecurePassword,
+  getPasswordChecks: () => getPasswordChecks,
+  getStrengthColor: () => getStrengthColor,
+  getStrengthMessage: () => getStrengthMessage
+});
+module.exports = __toCommonJS(index_exports);
+var import_zxcvbn = __toESM(require("zxcvbn"), 1);
+// src/hibp.ts
+var DEFAULT_BASE_URL = "https://api.pwnedpasswords.com/range";
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 503]);
+async function sha1Hex(value) {
+  const data = new TextEncoder().encode(value);
+  const digest = await crypto.subtle.digest("SHA-1", data);
+  return Array.from(new Uint8Array(digest)).map((byte) => byte.toString(16).toUpperCase().padStart(2, "0")).join("");
+}
+function parseCount(line) {
+  const [, count = "0"] = line.split(":");
+  return Number.parseInt(count, 10) || 0;
+}
+function sleep(ms) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}
+async function fetchRange(fetchImpl, url, timeoutMs, retryCount, retryDelayMs) {
+  const maxAttempts = retryCount + 1;
+  let delayMs = retryDelayMs;
+  for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      const response = await fetchImpl(url, {
+        method: "GET",
+        headers: { Accept: "text/plain" },
+        signal: controller.signal
+      });
+      if (RETRYABLE_STATUSES.has(response.status) && attempt < maxAttempts - 1) {
+        await sleep(delayMs);
+        delayMs *= 2;
+        continue;
+      }
+      return response;
+    } catch (error) {
+      if (attempt < maxAttempts - 1) {
+        await sleep(delayMs);
+        delayMs *= 2;
+        continue;
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+  throw new Error("HIBP request failed after retries.");
+}
+async function checkPwnedPassword(password, options = {}) {
+  if (!password) {
+    return { isPwned: false, count: 0 };
+  }
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("fetch is not available. Provide options.fetch for this environment.");
+  }
+  const hash = await sha1Hex(password);
+  const prefix = hash.slice(0, 5);
+  const suffix = hash.slice(5);
+  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+  const url = new URL(`${baseUrl}/${prefix}`);
+  if (options.addPadding ?? true) {
+    url.searchParams.set("padding", "true");
+  }
+  const response = await fetchRange(
+    fetchImpl,
+    url.toString(),
+    options.timeoutMs ?? 5e3,
+    options.retryCount ?? 2,
+    options.retryDelayMs ?? 1e3
+  );
+  if (!response.ok) {
+    throw new Error(`HIBP request failed with status ${response.status}.`);
+  }
+  const body = await response.text();
+  for (const line of body.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    const [hashSuffix] = trimmed.split(":");
+    if (hashSuffix.toUpperCase() === suffix) {
+      return { isPwned: true, count: parseCount(trimmed) };
+    }
+  }
+  return { isPwned: false, count: 0 };
+}
+// src/index.ts
+var LABELS = {
+  0: "weak",
+  1: "fair",
+  2: "good",
+  3: "strong",
+  4: "very-strong"
+};
+var DEFAULT_CHARSET = {
+  lowercase: "abcdefghijklmnopqrstuvwxyz",
+  uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+  numbers: "0123456789",
+  symbols: "!@#$%^&*()-_=+[]{}"
+};
+var PWNED_FEEDBACK = {
+  warning: "This password has appeared in a known data breach.",
+  suggestions: [
+    "Choose a unique password that has not been exposed online.",
+    "Use a passphrase or the password generator for a safer option."
+  ]
+};
+function getPasswordChecks(password) {
+  return {
+    length: password.length >= 12,
+    lowercase: /[a-z]/.test(password),
+    uppercase: /[A-Z]/.test(password),
+    number: /\d/.test(password),
+    symbol: /[^\w\s]/.test(password)
+  };
+}
+function buildZxcvbnResult(password) {
+  const result = (0, import_zxcvbn.default)(password);
+  return {
+    password,
+    score: result.score,
+    label: LABELS[result.score],
+    crackTimeDisplay: String(result.crack_times_display.offline_slow_hashing_1e4_per_second),
+    isPwned: false,
+    feedback: {
+      warning: result.feedback.warning ?? void 0,
+      suggestions: result.feedback.suggestions
+    },
+    checks: getPasswordChecks(password)
+  };
+}
+function buildPwnedResult(password, pwned) {
+  return {
+    password,
+    score: 0,
+    label: "pwned",
+    crackTimeDisplay: "instant",
+    isPwned: true,
+    pwnedCount: pwned.count,
+    feedback: {
+      warning: PWNED_FEEDBACK.warning,
+      suggestions: PWNED_FEEDBACK.suggestions
+    },
+    checks: getPasswordChecks(password)
+  };
+}
+function analyzePassword(password) {
+  if (!password) {
+    return {
+      password,
+      score: 0,
+      label: "empty",
+      crackTimeDisplay: "instant",
+      isPwned: false,
+      feedback: { suggestions: [] },
+      checks: getPasswordChecks("")
+    };
+  }
+  return buildZxcvbnResult(password);
+}
+async function analyzePasswordAsync(password, options = {}) {
+  const base = analyzePassword(password);
+  if (!password || !options.checkPwned) {
+    return base;
+  }
+  try {
+    const pwned = await checkPwnedPassword(password, options.hibp);
+    if (pwned.isPwned) {
+      return buildPwnedResult(password, pwned);
+    }
+    return base;
+  } catch {
+    return {
+      ...base,
+      feedback: {
+        ...base.feedback,
+        warning: base.feedback.warning || "Could not verify breach status. Check your connection."
+      }
+    };
+  }
+}
+function randomIndex(max) {
+  const array = new Uint32Array(1);
+  crypto.getRandomValues(array);
+  return array[0] % max;
+}
+function pick(charset) {
+  return charset.charAt(randomIndex(charset.length));
+}
+function shuffle(value) {
+  const chars = value.split("");
+  for (let i = chars.length - 1; i > 0; i -= 1) {
+    const j = randomIndex(i + 1);
+    [chars[i], chars[j]] = [chars[j], chars[i]];
+  }
+  return chars.join("");
+}
+function generateSecurePassword(options = {}) {
+  const {
+    length = 16,
+    includeUppercase = true,
+    includeLowercase = true,
+    includeNumbers = true,
+    includeSymbols = true,
+    minScore = 3,
+    maxAttempts = 25
+  } = options;
+  if (length < 8) {
+    throw new Error("Password length must be at least 8 characters.");
+  }
+  const pools = [
+    includeLowercase ? DEFAULT_CHARSET.lowercase : "",
+    includeUppercase ? DEFAULT_CHARSET.uppercase : "",
+    includeNumbers ? DEFAULT_CHARSET.numbers : "",
+    includeSymbols ? DEFAULT_CHARSET.symbols : ""
+  ].filter(Boolean);
+  if (!pools.length) {
+    throw new Error("At least one character set must be enabled.");
+  }
+  for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+    let password = pools.map((pool) => pick(pool)).join("");
+    while (password.length < length) {
+      password += pick(pools.join(""));
+    }
+    password = shuffle(password.slice(0, length));
+    const analysis = analyzePassword(password);
+    if (analysis.score >= minScore) {
+      return password;
+    }
+  }
+  throw new Error("Could not generate a password that meets the requested strength.");
+}
+function getStrengthColor(label) {
+  switch (label) {
+    case "pwned":
+    case "weak":
+      return "#dc2626";
+    case "fair":
+      return "#ea580c";
+    case "good":
+      return "#ca8a04";
+    case "strong":
+      return "#16a34a";
+    case "very-strong":
+      return "#059669";
+    default:
+      return "#94a3b8";
+  }
+}
+function getStrengthMessage(result) {
+  if (result.pwnedCheckPending) {
+    return "Checking breach database\u2026";
+  }
+  switch (result.label) {
+    case "empty":
+      return "Enter a password to check strength.";
+    case "pwned":
+      return result.pwnedCount ? `Found in ${result.pwnedCount.toLocaleString()} breaches \u2014 choose another password.` : "Found in a data breach \u2014 choose another password.";
+    case "weak":
+      return "Weak password.";
+    case "fair":
+      return "Fair, but could be stronger.";
+    case "good":
+      return "Good password.";
+    case "strong":
+      return "Strong password.";
+    case "very-strong":
+      return "Very strong password.";
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  analyzePassword,
+  analyzePasswordAsync,
+  checkPwnedPassword,
+  generateSecurePassword,
+  getPasswordChecks,
+  getStrengthColor,
+  getStrengthMessage
+});

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,65 @@
+type HibpOptions = {
+    fetch?: typeof fetch;
+    baseUrl?: string;
+    timeoutMs?: number;
+    /** Add padding to the range request to reduce response fingerprinting. Default: true */
+    addPadding?: boolean;
+    /** Retries after HTTP 429/503. Default: 2 */
+    retryCount?: number;
+    /** Initial delay before retry in ms. Doubles each attempt. Default: 1000 */
+    retryDelayMs?: number;
+};
+type PwnedPasswordResult = {
+    isPwned: boolean;
+    count: number;
+};
+declare function checkPwnedPassword(password: string, options?: HibpOptions): Promise<PwnedPasswordResult>;
+type StrengthLabel = "empty" | "weak" | "fair" | "good" | "strong" | "very-strong" | "pwned";
+type PasswordStrengthResult = {
+    password: string;
+    score: 0 | 1 | 2 | 3 | 4;
+    label: StrengthLabel;
+    crackTimeDisplay: string;
+    isPwned: boolean;
+    pwnedCount?: number;
+    pwnedCheckPending?: boolean;
+    feedback: {
+        warning?: string;
+        suggestions: string[];
+    };
+    checks: {
+        length: boolean;
+        lowercase: boolean;
+        uppercase: boolean;
+        number: boolean;
+        symbol: boolean;
+    };
+};
+type AnalyzePasswordOptions = {
+    checkPwned?: boolean;
+    hibp?: HibpOptions;
+};
+type GeneratePasswordOptions = {
+    length?: number;
+    includeUppercase?: boolean;
+    includeLowercase?: boolean;
+    includeNumbers?: boolean;
+    includeSymbols?: boolean;
+    minScore?: 0 | 1 | 2 | 3 | 4;
+    maxAttempts?: number;
+};
+declare function getPasswordChecks(password: string): {
+    length: boolean;
+    lowercase: boolean;
+    uppercase: boolean;
+    number: boolean;
+    symbol: boolean;
+};
+declare function analyzePassword(password: string): PasswordStrengthResult;
+declare function analyzePasswordAsync(password: string, options?: AnalyzePasswordOptions): Promise<PasswordStrengthResult>;
+declare function generateSecurePassword(options?: GeneratePasswordOptions): string;
+declare function getStrengthColor(label: StrengthLabel): string;
+declare function getStrengthMessage(result: PasswordStrengthResult): string;
+export { type AnalyzePasswordOptions, type GeneratePasswordOptions, type HibpOptions, type PasswordStrengthResult, type PwnedPasswordResult, type StrengthLabel, analyzePassword, analyzePasswordAsync, checkPwnedPassword, generateSecurePassword, getPasswordChecks, getStrengthColor, getStrengthMessage };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+type HibpOptions = {
+    fetch?: typeof fetch;
+    baseUrl?: string;
+    timeoutMs?: number;
+    /** Add padding to the range request to reduce response fingerprinting. Default: true */
+    addPadding?: boolean;
+    /** Retries after HTTP 429/503. Default: 2 */
+    retryCount?: number;
+    /** Initial delay before retry in ms. Doubles each attempt. Default: 1000 */
+    retryDelayMs?: number;
+};
+type PwnedPasswordResult = {
+    isPwned: boolean;
+    count: number;
+};
+declare function checkPwnedPassword(password: string, options?: HibpOptions): Promise<PwnedPasswordResult>;
+type StrengthLabel = "empty" | "weak" | "fair" | "good" | "strong" | "very-strong" | "pwned";
+type PasswordStrengthResult = {
+    password: string;
+    score: 0 | 1 | 2 | 3 | 4;
+    label: StrengthLabel;
+    crackTimeDisplay: string;
+    isPwned: boolean;
+    pwnedCount?: number;
+    pwnedCheckPending?: boolean;
+    feedback: {
+        warning?: string;
+        suggestions: string[];
+    };
+    checks: {
+        length: boolean;
+        lowercase: boolean;
+        uppercase: boolean;
+        number: boolean;
+        symbol: boolean;
+    };
+};
+type AnalyzePasswordOptions = {
+    checkPwned?: boolean;
+    hibp?: HibpOptions;
+};
+type GeneratePasswordOptions = {
+    length?: number;
+    includeUppercase?: boolean;
+    includeLowercase?: boolean;
+    includeNumbers?: boolean;
+    includeSymbols?: boolean;
+    minScore?: 0 | 1 | 2 | 3 | 4;
+    maxAttempts?: number;
+};
+declare function getPasswordChecks(password: string): {
+    length: boolean;
+    lowercase: boolean;
+    uppercase: boolean;
+    number: boolean;
+    symbol: boolean;
+};
+declare function analyzePassword(password: string): PasswordStrengthResult;
+declare function analyzePasswordAsync(password: string, options?: AnalyzePasswordOptions): Promise<PasswordStrengthResult>;
+declare function generateSecurePassword(options?: GeneratePasswordOptions): string;
+declare function getStrengthColor(label: StrengthLabel): string;
+declare function getStrengthMessage(result: PasswordStrengthResult): string;
+export { type AnalyzePasswordOptions, type GeneratePasswordOptions, type HibpOptions, type PasswordStrengthResult, type PwnedPasswordResult, type StrengthLabel, analyzePassword, analyzePasswordAsync, checkPwnedPassword, generateSecurePassword, getPasswordChecks, getStrengthColor, getStrengthMessage };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,282 @@
+// src/index.ts
+import zxcvbn from "zxcvbn";
+// src/hibp.ts
+var DEFAULT_BASE_URL = "https://api.pwnedpasswords.com/range";
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 503]);
+async function sha1Hex(value) {
+  const data = new TextEncoder().encode(value);
+  const digest = await crypto.subtle.digest("SHA-1", data);
+  return Array.from(new Uint8Array(digest)).map((byte) => byte.toString(16).toUpperCase().padStart(2, "0")).join("");
+}
+function parseCount(line) {
+  const [, count = "0"] = line.split(":");
+  return Number.parseInt(count, 10) || 0;
+}
+function sleep(ms) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}
+async function fetchRange(fetchImpl, url, timeoutMs, retryCount, retryDelayMs) {
+  const maxAttempts = retryCount + 1;
+  let delayMs = retryDelayMs;
+  for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      const response = await fetchImpl(url, {
+        method: "GET",
+        headers: { Accept: "text/plain" },
+        signal: controller.signal
+      });
+      if (RETRYABLE_STATUSES.has(response.status) && attempt < maxAttempts - 1) {
+        await sleep(delayMs);
+        delayMs *= 2;
+        continue;
+      }
+      return response;
+    } catch (error) {
+      if (attempt < maxAttempts - 1) {
+        await sleep(delayMs);
+        delayMs *= 2;
+        continue;
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+  throw new Error("HIBP request failed after retries.");
+}
+async function checkPwnedPassword(password, options = {}) {
+  if (!password) {
+    return { isPwned: false, count: 0 };
+  }
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("fetch is not available. Provide options.fetch for this environment.");
+  }
+  const hash = await sha1Hex(password);
+  const prefix = hash.slice(0, 5);
+  const suffix = hash.slice(5);
+  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+  const url = new URL(`${baseUrl}/${prefix}`);
+  if (options.addPadding ?? true) {
+    url.searchParams.set("padding", "true");
+  }
+  const response = await fetchRange(
+    fetchImpl,
+    url.toString(),
+    options.timeoutMs ?? 5e3,
+    options.retryCount ?? 2,
+    options.retryDelayMs ?? 1e3
+  );
+  if (!response.ok) {
+    throw new Error(`HIBP request failed with status ${response.status}.`);
+  }
+  const body = await response.text();
+  for (const line of body.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    const [hashSuffix] = trimmed.split(":");
+    if (hashSuffix.toUpperCase() === suffix) {
+      return { isPwned: true, count: parseCount(trimmed) };
+    }
+  }
+  return { isPwned: false, count: 0 };
+}
+// src/index.ts
+var LABELS = {
+  0: "weak",
+  1: "fair",
+  2: "good",
+  3: "strong",
+  4: "very-strong"
+};
+var DEFAULT_CHARSET = {
+  lowercase: "abcdefghijklmnopqrstuvwxyz",
+  uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+  numbers: "0123456789",
+  symbols: "!@#$%^&*()-_=+[]{}"
+};
+var PWNED_FEEDBACK = {
+  warning: "This password has appeared in a known data breach.",
+  suggestions: [
+    "Choose a unique password that has not been exposed online.",
+    "Use a passphrase or the password generator for a safer option."
+  ]
+};
+function getPasswordChecks(password) {
+  return {
+    length: password.length >= 12,
+    lowercase: /[a-z]/.test(password),
+    uppercase: /[A-Z]/.test(password),
+    number: /\d/.test(password),
+    symbol: /[^\w\s]/.test(password)
+  };
+}
+function buildZxcvbnResult(password) {
+  const result = zxcvbn(password);
+  return {
+    password,
+    score: result.score,
+    label: LABELS[result.score],
+    crackTimeDisplay: String(result.crack_times_display.offline_slow_hashing_1e4_per_second),
+    isPwned: false,
+    feedback: {
+      warning: result.feedback.warning ?? void 0,
+      suggestions: result.feedback.suggestions
+    },
+    checks: getPasswordChecks(password)
+  };
+}
+function buildPwnedResult(password, pwned) {
+  return {
+    password,
+    score: 0,
+    label: "pwned",
+    crackTimeDisplay: "instant",
+    isPwned: true,
+    pwnedCount: pwned.count,
+    feedback: {
+      warning: PWNED_FEEDBACK.warning,
+      suggestions: PWNED_FEEDBACK.suggestions
+    },
+    checks: getPasswordChecks(password)
+  };
+}
+function analyzePassword(password) {
+  if (!password) {
+    return {
+      password,
+      score: 0,
+      label: "empty",
+      crackTimeDisplay: "instant",
+      isPwned: false,
+      feedback: { suggestions: [] },
+      checks: getPasswordChecks("")
+    };
+  }
+  return buildZxcvbnResult(password);
+}
+async function analyzePasswordAsync(password, options = {}) {
+  const base = analyzePassword(password);
+  if (!password || !options.checkPwned) {
+    return base;
+  }
+  try {
+    const pwned = await checkPwnedPassword(password, options.hibp);
+    if (pwned.isPwned) {
+      return buildPwnedResult(password, pwned);
+    }
+    return base;
+  } catch {
+    return {
+      ...base,
+      feedback: {
+        ...base.feedback,
+        warning: base.feedback.warning || "Could not verify breach status. Check your connection."
+      }
+    };
+  }
+}
+function randomIndex(max) {
+  const array = new Uint32Array(1);
+  crypto.getRandomValues(array);
+  return array[0] % max;
+}
+function pick(charset) {
+  return charset.charAt(randomIndex(charset.length));
+}
+function shuffle(value) {
+  const chars = value.split("");
+  for (let i = chars.length - 1; i > 0; i -= 1) {
+    const j = randomIndex(i + 1);
+    [chars[i], chars[j]] = [chars[j], chars[i]];
+  }
+  return chars.join("");
+}
+function generateSecurePassword(options = {}) {
+  const {
+    length = 16,
+    includeUppercase = true,
+    includeLowercase = true,
+    includeNumbers = true,
+    includeSymbols = true,
+    minScore = 3,
+    maxAttempts = 25
+  } = options;
+  if (length < 8) {
+    throw new Error("Password length must be at least 8 characters.");
+  }
+  const pools = [
+    includeLowercase ? DEFAULT_CHARSET.lowercase : "",
+    includeUppercase ? DEFAULT_CHARSET.uppercase : "",
+    includeNumbers ? DEFAULT_CHARSET.numbers : "",
+    includeSymbols ? DEFAULT_CHARSET.symbols : ""
+  ].filter(Boolean);
+  if (!pools.length) {
+    throw new Error("At least one character set must be enabled.");
+  }
+  for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
+    let password = pools.map((pool) => pick(pool)).join("");
+    while (password.length < length) {
+      password += pick(pools.join(""));
+    }
+    password = shuffle(password.slice(0, length));
+    const analysis = analyzePassword(password);
+    if (analysis.score >= minScore) {
+      return password;
+    }
+  }
+  throw new Error("Could not generate a password that meets the requested strength.");
+}
+function getStrengthColor(label) {
+  switch (label) {
+    case "pwned":
+    case "weak":
+      return "#dc2626";
+    case "fair":
+      return "#ea580c";
+    case "good":
+      return "#ca8a04";
+    case "strong":
+      return "#16a34a";
+    case "very-strong":
+      return "#059669";
+    default:
+      return "#94a3b8";
+  }
+}
+function getStrengthMessage(result) {
+  if (result.pwnedCheckPending) {
+    return "Checking breach database\u2026";
+  }
+  switch (result.label) {
+    case "empty":
+      return "Enter a password to check strength.";
+    case "pwned":
+      return result.pwnedCount ? `Found in ${result.pwnedCount.toLocaleString()} breaches \u2014 choose another password.` : "Found in a data breach \u2014 choose another password.";
+    case "weak":
+      return "Weak password.";
+    case "fair":
+      return "Fair, but could be stronger.";
+    case "good":
+      return "Good password.";
+    case "strong":
+      return "Strong password.";
+    case "very-strong":
+      return "Very strong password.";
+  }
+}
+export {
+  analyzePassword,
+  analyzePasswordAsync,
+  checkPwnedPassword,
+  generateSecurePassword,
+  getPasswordChecks,
+  getStrengthColor,
+  getStrengthMessage
+};

package/package.json ADDED Viewed

@@ -0,0 +1,49 @@
+{
+  "name": "@pwd-meter/core",
+  "version": "2.0.0",
+  "description": "Modern password strength analysis with optional HIBP breach checks and secure generation.",
+  "license": "MIT",
+  "author": "Alen Joy <alenjoy333@gmail.com>",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/alenjoy333/Password-Strength-Checker.git",
+    "directory": "packages/core"
+  },
+  "keywords": [
+    "password",
+    "strength",
+    "security",
+    "zxcvbn",
+    "hibp",
+    "pwned-passwords"
+  ],
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "sideEffects": false,
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "clean": "rm -rf dist",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "zxcvbn": "^4.4.2"
+  },
+  "devDependencies": {
+    "@types/zxcvbn": "^4.4.5",
+    "tsup": "^8.5.0",
+    "typescript": "^5.8.3",
+    "vitest": "^3.2.4"
+  }
+}