@xsolla/xui-input-password 0.174.2 → 0.175.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -0
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -1,6 +1,82 @@
|
|
|
1
1
|
# Input Password
|
|
2
2
|
|
|
3
3
|
A cross-platform React password input component with visibility toggle, validation checkmark, and clear functionality.
|
|
4
|
+
<!-- BEGIN:xui-mcp-instructions:input-password -->
|
|
5
|
+
A specialised text input for password entry. Extends the standard input with password-specific controls: a show/hide visibility toggle, an optional clear button, an optional check icon for password confirmation fields, and a right icons block that groups these controls. Always renders with type=*"password"* semantics (masked by default) unless the user explicitly toggles visibility.
|
|
6
|
+
|
|
7
|
+
### When to use
|
|
8
|
+
|
|
9
|
+
For any field where the user must enter a password — login, registration, account settings, password reset
|
|
10
|
+
|
|
11
|
+
For password confirmation fields (e.g. *"Confirm new password"*) — use alongside the primary password field
|
|
12
|
+
|
|
13
|
+
When the form requires the user to create a new password and strength feedback is shown nearby
|
|
14
|
+
|
|
15
|
+
### When not to use
|
|
16
|
+
|
|
17
|
+
- For non-sensitive text fields — use the standard Input component
|
|
18
|
+
- For PINs or short numeric codes — use a dedicated PIN input or a numeric Input with inputmode=*"numeric"*
|
|
19
|
+
- When the input must always remain masked with no reveal option (e.g. a hardware security key PIN) — handle with a custom component that omits the visibility toggle
|
|
20
|
+
|
|
21
|
+
### Content guidelines
|
|
22
|
+
|
|
23
|
+
Placeholder text — use Password or a format hint like At least 8 characters for create-password fields. Do not use verbose instructions as placeholder — they disappear when the user starts typing.
|
|
24
|
+
|
|
25
|
+
Field labels — always provide a visible label: *"Password"*, *"Current password"*, *"New password"*, *"Confirm new password"*. Do not rely on placeholder alone.
|
|
26
|
+
Error messages — be specific:
|
|
27
|
+
- *"Password is required"*
|
|
28
|
+
- *"Password must be at least 8 characters"*
|
|
29
|
+
- *"Password must contain at least one number and one special character"*
|
|
30
|
+
- *"Passwords do not match"* (on the confirm field)
|
|
31
|
+
- *"Incorrect password"* (on the login form after a failed attempt)
|
|
32
|
+
- Visibility toggle label — the toggle icon button must have an accessible label that reflects the current state: aria-label=*"Show password"* when masked, aria-label=*"Hide password"* when revealed.
|
|
33
|
+
- Avoid password rules in error messages only — communicate password requirements upfront (e.g. in a helper text or a requirements list below the field) so users know the rules before they make a mistake.
|
|
34
|
+
|
|
35
|
+
Behaviour guidelines (from industry practice)
|
|
36
|
+
|
|
37
|
+
Default masking — the field must always render in masked state (Visibility=False) on mount, even if a value is pre-filled. Never initialise with Visibility=True.
|
|
38
|
+
|
|
39
|
+
Visibility toggle — clicking the eye icon toggles between masked and plain text. The toggle must work with mouse, touch, and keyboard (Enter/Space when the icon has focus). After toggling, focus must remain in the input field, not on the icon button.
|
|
40
|
+
|
|
41
|
+
Remove button — show the remove button only when the field has a value (Filled=True). Hide it in the empty state. Clicking removes the value and returns focus to the input.
|
|
42
|
+
|
|
43
|
+
Check icon right — update in real time as the user types in either password field. Show when values match, hide when they diverge. Do not show the check icon if either field is empty.
|
|
44
|
+
|
|
45
|
+
Autocomplete — use autocomplete=*"current-password"* for login/current-password fields and autocomplete=*"new-password"* for create-password/confirm-password fields. This allows password managers to fill and save credentials correctly and satisfies WCAG 1.3.5.
|
|
46
|
+
|
|
47
|
+
Password managers — do not block paste (onpaste prevention) in password fields. Password managers and users rely on paste. Blocking paste is a security anti-pattern and degrades usability significantly.
|
|
48
|
+
|
|
49
|
+
Validation timing — validate on blur (when the user leaves the field) or on form submit. Do not validate every keystroke. For *"Confirm password"* fields, re-validate when either field changes.
|
|
50
|
+
|
|
51
|
+
Error state — switch to State=Error with a specific error message on blur or submit:
|
|
52
|
+
- If the password does not meet requirements, show which requirement failed
|
|
53
|
+
- If passwords do not match, show the error on the confirm field (not the primary)
|
|
54
|
+
- Strength indicator — password strength feedback (e.g. a progress bar or label) lives outside the InputPassword component. Place it between the primary and confirm password fields.
|
|
55
|
+
- Caps Lock warning — optionally surface a Caps Lock indicator when the user has Caps Lock active in a masked field. Show it as a helper text below the field or a tooltip on the visibility icon.
|
|
56
|
+
- Disabled state — use State=Disable for fields that cannot be edited in the current context (e.g. a federated account where the password is managed externally). Always show a reason nearby.
|
|
57
|
+
|
|
58
|
+
### Accessibility
|
|
59
|
+
|
|
60
|
+
The field must use type=*"password"* in masked state and type=*"text"* in revealed state. Never use type=*"text"* permanently for a password field.
|
|
61
|
+
|
|
62
|
+
Provide a visible label via <label for> or aria-labelledby. Do not use placeholder as the only label.
|
|
63
|
+
|
|
64
|
+
Use autocomplete=*"current-password"* or autocomplete=*"new-password"* as appropriate — required for WCAG 1.3.5 (Identify Input Purpose).
|
|
65
|
+
|
|
66
|
+
The visibility toggle icon button must have a dynamic aria-label reflecting current state: *"Show password"* or *"Hide password"*. It must also have aria-pressed (or aria-expanded) set appropriately, or use aria-label alone to communicate the current action.
|
|
67
|
+
|
|
68
|
+
When the field transitions to Visibility=True, announce the change to screen readers using aria-live=*"polite"* on a visually hidden region (e.g. *"Password is now visible"*).
|
|
69
|
+
|
|
70
|
+
The remove button (✕) must have aria-label=*"Clear password"*.
|
|
71
|
+
|
|
72
|
+
The check icon (✓) is status feedback — it must be wrapped in an aria-live=*"polite"* region that announces *"Passwords match"* when it appears and *"Passwords do not match"* when it disappears.
|
|
73
|
+
|
|
74
|
+
When State=Error, the error message must be associated via aria-describedby so screen readers announce it when the field receives focus.
|
|
75
|
+
|
|
76
|
+
When State=Disable, the field must have aria-disabled=*"true"*.
|
|
77
|
+
|
|
78
|
+
The visibility toggle must be keyboard-operable: Tab to focus, Enter/Space to activate.
|
|
79
|
+
<!-- END:xui-mcp-instructions:input-password -->
|
|
4
80
|
|
|
5
81
|
## Installation
|
|
6
82
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@xsolla/xui-input-password",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.175.0",
|
|
4
4
|
"main": "./web/index.js",
|
|
5
5
|
"module": "./web/index.mjs",
|
|
6
6
|
"types": "./web/index.d.ts",
|
|
@@ -13,9 +13,9 @@
|
|
|
13
13
|
"test:coverage": "vitest run --coverage"
|
|
14
14
|
},
|
|
15
15
|
"dependencies": {
|
|
16
|
-
"@xsolla/xui-core": "0.
|
|
17
|
-
"@xsolla/xui-icons-base": "0.
|
|
18
|
-
"@xsolla/xui-primitives-core": "0.
|
|
16
|
+
"@xsolla/xui-core": "0.175.0",
|
|
17
|
+
"@xsolla/xui-icons-base": "0.175.0",
|
|
18
|
+
"@xsolla/xui-primitives-core": "0.175.0"
|
|
19
19
|
},
|
|
20
20
|
"peerDependencies": {
|
|
21
21
|
"react": ">=16.8.0",
|