typesecure 0.1.0

package/dist/index.mjs

@@ -0,0 +1,662 @@
+// src/utils/hash.ts
+import CryptoJS from "crypto-js";
+
+// src/types/index.ts
+import { z } from "zod";
+var PasswordStrengthSchema = z.object({
+  score: z.number().min(0).max(4),
+  feedback: z.object({
+    warning: z.string().optional(),
+    suggestions: z.array(z.string()).optional()
+  }),
+  isStrong: z.boolean()
+});
+var HashOptionsSchema = z.object({
+  algorithm: z.enum(["md5", "sha1", "sha256", "sha512", "sha3"]).default("sha256"),
+  encoding: z.enum(["hex", "base64"]).default("hex")
+});
+var PasswordHashOptionsSchema = z.object({
+  algorithm: z.enum(["pbkdf2", "argon2", "bcrypt"]).default("pbkdf2"),
+  iterations: z.number().min(1e3).default(1e4),
+  saltLength: z.number().min(16).default(32),
+  keyLength: z.number().min(16).default(64)
+});
+var TimingSafeOptionsSchema = z.object({
+  encoding: z.enum(["utf8", "hex", "base64"]).default("utf8")
+});
+var EncryptionOptionsSchema = z.object({
+  mode: z.enum(["aes-cbc", "aes-ctr", "aes-ecb", "aes-gcm"]).default("aes-cbc"),
+  padding: z.enum(["Pkcs7", "NoPadding", "ZeroPadding"]).default("Pkcs7"),
+  iv: z.string().optional(),
+  authTag: z.string().optional(),
+  aad: z.string().optional()
+  // Additional authenticated data for GCM mode
+});
+var ConfigSchema = z.object({
+  minimumPasswordLength: z.number().min(8).default(12),
+  requireNumbers: z.boolean().default(true),
+  requireSymbols: z.boolean().default(true),
+  requireUppercase: z.boolean().default(true),
+  requireLowercase: z.boolean().default(true)
+});
+
+// src/utils/hash.ts
+function hash(input, options) {
+  const validatedOptions = HashOptionsSchema.parse({
+    algorithm: options?.algorithm || "sha256",
+    encoding: options?.encoding || "hex"
+  });
+  let hashedValue;
+  switch (validatedOptions.algorithm) {
+    case "md5":
+      hashedValue = CryptoJS.MD5(input);
+      break;
+    case "sha1":
+      hashedValue = CryptoJS.SHA1(input);
+      break;
+    case "sha256":
+      hashedValue = CryptoJS.SHA256(input);
+      break;
+    case "sha512":
+      hashedValue = CryptoJS.SHA512(input);
+      break;
+    case "sha3":
+      hashedValue = CryptoJS.SHA3(input);
+      break;
+    default:
+      hashedValue = CryptoJS.SHA256(input);
+  }
+  return validatedOptions.encoding === "base64" ? hashedValue.toString(CryptoJS.enc.Base64) : hashedValue.toString(CryptoJS.enc.Hex);
+}
+function verifyHash(input, hashedValue, options) {
+  const newHash = hash(input, options);
+  return newHash === hashedValue;
+}
+function hmac(input, key, options) {
+  const validatedOptions = HashOptionsSchema.parse({
+    algorithm: options?.algorithm || "sha256",
+    encoding: options?.encoding || "hex"
+  });
+  let hmacValue;
+  switch (validatedOptions.algorithm) {
+    case "md5":
+      hmacValue = CryptoJS.HmacMD5(input, key);
+      break;
+    case "sha1":
+      hmacValue = CryptoJS.HmacSHA1(input, key);
+      break;
+    case "sha256":
+      hmacValue = CryptoJS.HmacSHA256(input, key);
+      break;
+    case "sha512":
+      hmacValue = CryptoJS.HmacSHA512(input, key);
+      break;
+    case "sha3":
+      hmacValue = CryptoJS.HmacSHA3(input, key);
+      break;
+    default:
+      hmacValue = CryptoJS.HmacSHA256(input, key);
+  }
+  return validatedOptions.encoding === "base64" ? hmacValue.toString(CryptoJS.enc.Base64) : hmacValue.toString(CryptoJS.enc.Hex);
+}
+function hashPassword(password, options) {
+  const validatedOptions = PasswordHashOptionsSchema.parse({
+    algorithm: options?.algorithm || "pbkdf2",
+    iterations: options?.iterations || 1e4,
+    saltLength: options?.saltLength || 32,
+    keyLength: options?.keyLength || 64
+  });
+  const salt = CryptoJS.lib.WordArray.random(validatedOptions.saltLength / 2).toString(
+    CryptoJS.enc.Hex
+  );
+  let hashedPassword;
+  switch (validatedOptions.algorithm) {
+    case "pbkdf2":
+      hashedPassword = CryptoJS.PBKDF2(password, salt, {
+        keySize: validatedOptions.keyLength / 4,
+        // keySize is in 32-bit words
+        iterations: validatedOptions.iterations
+      }).toString(CryptoJS.enc.Hex);
+      break;
+    case "argon2":
+      hashedPassword = CryptoJS.PBKDF2(password, salt, {
+        keySize: validatedOptions.keyLength / 4,
+        iterations: validatedOptions.iterations * 2
+        // Higher iterations to simulate Argon2 costs
+      }).toString(CryptoJS.enc.Hex);
+      break;
+    case "bcrypt":
+      hashedPassword = CryptoJS.PBKDF2(password, salt, {
+        keySize: validatedOptions.keyLength / 4,
+        iterations: 1024 + validatedOptions.iterations % 1024
+        // bcrypt simulation
+      }).toString(CryptoJS.enc.Hex);
+      break;
+    default:
+      hashedPassword = CryptoJS.PBKDF2(password, salt, {
+        keySize: validatedOptions.keyLength / 4,
+        iterations: validatedOptions.iterations
+      }).toString(CryptoJS.enc.Hex);
+  }
+  return {
+    hash: hashedPassword,
+    salt,
+    params: validatedOptions
+  };
+}
+function verifyPassword(password, hash2, salt, options) {
+  const validatedOptions = PasswordHashOptionsSchema.parse({
+    algorithm: options?.algorithm || "pbkdf2",
+    iterations: options?.iterations || 1e4,
+    saltLength: options?.saltLength || 32,
+    keyLength: options?.keyLength || 64
+  });
+  const { hash: generatedHash } = hashPassword(password, validatedOptions);
+  return timingSafeEqual(generatedHash, hash2);
+}
+function timingSafeEqual(a, b, options) {
+  const validatedOptions = TimingSafeOptionsSchema.parse({
+    encoding: options?.encoding || "utf8"
+  });
+  if (a.length !== b.length) {
+    return false;
+  }
+  let bufferA = a;
+  let bufferB = b;
+  if (validatedOptions.encoding === "hex") {
+    try {
+      bufferA = CryptoJS.enc.Hex.parse(a).toString(CryptoJS.enc.Utf8);
+      bufferB = CryptoJS.enc.Hex.parse(b).toString(CryptoJS.enc.Utf8);
+    } catch {
+      return false;
+    }
+  } else if (validatedOptions.encoding === "base64") {
+    try {
+      bufferA = CryptoJS.enc.Base64.parse(a).toString(CryptoJS.enc.Utf8);
+      bufferB = CryptoJS.enc.Base64.parse(b).toString(CryptoJS.enc.Utf8);
+    } catch {
+      return false;
+    }
+  }
+  let result = 0;
+  for (let i = 0; i < bufferA.length; i++) {
+    result |= bufferA.charCodeAt(i) ^ bufferB.charCodeAt(i);
+  }
+  return result === 0;
+}
+function generateRandomBytes(length = 32, encoding = "hex") {
+  const randomBytes = CryptoJS.lib.WordArray.random(length);
+  return encoding === "base64" ? randomBytes.toString(CryptoJS.enc.Base64) : randomBytes.toString(CryptoJS.enc.Hex);
+}
+
+// src/utils/encryption.ts
+import CryptoJS2 from "crypto-js";
+var SecurityLevel = /* @__PURE__ */ ((SecurityLevel2) => {
+  SecurityLevel2["HIGH"] = "HIGH";
+  SecurityLevel2["MEDIUM"] = "MEDIUM";
+  SecurityLevel2["LOW"] = "LOW";
+  SecurityLevel2["INSECURE"] = "INSECURE";
+  return SecurityLevel2;
+})(SecurityLevel || {});
+function getSecurityLevel(options) {
+  if (options.mode === "aes-gcm") {
+    return "HIGH" /* HIGH */;
+  }
+  if (options.mode === "aes-cbc" || options.mode === "aes-ctr") {
+    return "HIGH" /* HIGH */;
+  }
+  if (options.mode === "aes-ecb") {
+    return "INSECURE" /* INSECURE */;
+  }
+  return "LOW" /* LOW */;
+}
+function logSecurityWarning(options) {
+  const securityLevel = getSecurityLevel(options);
+  switch (securityLevel) {
+    case "INSECURE" /* INSECURE */:
+      console.warn(
+        `\u26A0\uFE0F SECURITY WARNING: ${options.mode} mode is insecure and should not be used in production!`
+      );
+      break;
+    case "LOW" /* LOW */:
+      console.warn(
+        `\u26A0\uFE0F Security Warning: ${options.mode} with ${options.padding} padding provides low security.`
+      );
+      break;
+    case "MEDIUM" /* MEDIUM */:
+      console.info(
+        `\u2139\uFE0F Security Note: ${options.mode} with ${options.padding} padding provides adequate security for most use cases.`
+      );
+      break;
+    case "HIGH" /* HIGH */:
+      break;
+  }
+}
+function encrypt(text, key, options) {
+  const validatedOptions = EncryptionOptionsSchema.parse({
+    mode: options?.mode || "aes-cbc",
+    padding: options?.padding || "Pkcs7",
+    iv: options?.iv,
+    authTag: options?.authTag,
+    aad: options?.aad
+  });
+  logSecurityWarning(validatedOptions);
+  const keyWordArray = CryptoJS2.enc.Utf8.parse(key);
+  let encrypted;
+  const paddingOption = CryptoJS2.pad[validatedOptions.padding];
+  switch (validatedOptions.mode) {
+    case "aes-gcm": {
+      const iv = validatedOptions.iv ? CryptoJS2.enc.Utf8.parse(validatedOptions.iv) : CryptoJS2.lib.WordArray.random(12);
+      const aad = validatedOptions.aad ? CryptoJS2.enc.Utf8.parse(validatedOptions.aad) : void 0;
+      encrypted = CryptoJS2.AES.encrypt(text, keyWordArray, {
+        iv,
+        mode: CryptoJS2.mode.CTR,
+        // Use CTR as a base for GCM simulation
+        padding: paddingOption
+      });
+      const authData = aad ? aad.concat(encrypted.ciphertext) : encrypted.ciphertext;
+      const authTag = CryptoJS2.HmacSHA256(authData, keyWordArray).toString().substring(0, 32);
+      const ivHex = iv.toString(CryptoJS2.enc.Hex);
+      return `${ivHex}:${authTag}:${encrypted.toString()}`;
+    }
+    case "aes-cbc": {
+      const iv = validatedOptions.iv ? CryptoJS2.enc.Utf8.parse(validatedOptions.iv) : CryptoJS2.lib.WordArray.random(16);
+      encrypted = CryptoJS2.AES.encrypt(text, keyWordArray, {
+        iv,
+        padding: paddingOption,
+        mode: CryptoJS2.mode.CBC
+      });
+      if (!validatedOptions.iv) {
+        const ivHex = iv.toString(CryptoJS2.enc.Hex);
+        return `${ivHex}:${encrypted.toString()}`;
+      }
+      break;
+    }
+    case "aes-ctr": {
+      const iv = validatedOptions.iv ? CryptoJS2.enc.Utf8.parse(validatedOptions.iv) : CryptoJS2.lib.WordArray.random(16);
+      encrypted = CryptoJS2.AES.encrypt(text, keyWordArray, {
+        iv,
+        padding: paddingOption,
+        mode: CryptoJS2.mode.CTR
+      });
+      if (!validatedOptions.iv) {
+        const ivHex = iv.toString(CryptoJS2.enc.Hex);
+        return `${ivHex}:${encrypted.toString()}`;
+      }
+      break;
+    }
+    case "aes-ecb":
+      encrypted = CryptoJS2.AES.encrypt(text, keyWordArray, {
+        padding: paddingOption,
+        mode: CryptoJS2.mode.ECB
+      });
+      break;
+    default:
+      throw new Error(`Unsupported encryption mode: ${validatedOptions.mode}`);
+  }
+  return encrypted.toString();
+}
+function decrypt(encryptedText, key, options) {
+  const validatedOptions = EncryptionOptionsSchema.parse({
+    mode: options?.mode || "aes-cbc",
+    padding: options?.padding || "Pkcs7",
+    iv: options?.iv,
+    authTag: options?.authTag,
+    aad: options?.aad
+  });
+  const keyWordArray = CryptoJS2.enc.Utf8.parse(key);
+  let cipherText = encryptedText;
+  let iv;
+  let authTag;
+  if (validatedOptions.mode === "aes-gcm" && encryptedText.includes(":")) {
+    const parts = encryptedText.split(":");
+    if (parts.length >= 3) {
+      const ivHex = parts[0];
+      authTag = parts[1];
+      cipherText = parts[2];
+      iv = CryptoJS2.enc.Hex.parse(ivHex);
+    }
+  } else if (encryptedText.includes(":") && !validatedOptions.iv) {
+    const parts = encryptedText.split(":");
+    const ivHex = parts[0];
+    cipherText = parts[1];
+    iv = CryptoJS2.enc.Hex.parse(ivHex);
+  } else if (validatedOptions.iv) {
+    iv = CryptoJS2.enc.Utf8.parse(validatedOptions.iv);
+  }
+  const paddingOption = CryptoJS2.pad[validatedOptions.padding];
+  let decrypted;
+  switch (validatedOptions.mode) {
+    case "aes-gcm": {
+      if (!iv) {
+        throw new Error("IV is required for GCM mode decryption");
+      }
+      if (!authTag && !validatedOptions.authTag) {
+        throw new Error("Authentication tag is required for GCM mode decryption");
+      }
+      const actualAuthTag = authTag || validatedOptions.authTag;
+      const aad = validatedOptions.aad ? CryptoJS2.enc.Utf8.parse(validatedOptions.aad) : void 0;
+      decrypted = CryptoJS2.AES.decrypt(cipherText, keyWordArray, {
+        iv,
+        mode: CryptoJS2.mode.CTR,
+        padding: paddingOption
+      });
+      const cipherTextObj = CryptoJS2.enc.Base64.parse(cipherText);
+      const authData = aad ? aad.concat(cipherTextObj) : cipherTextObj;
+      const calculatedAuthTag = CryptoJS2.HmacSHA256(authData, keyWordArray).toString().substring(0, 32);
+      if (calculatedAuthTag !== actualAuthTag) {
+        throw new Error("Authentication failed: Invalid authentication tag");
+      }
+      break;
+    }
+    case "aes-cbc":
+      if (!iv && validatedOptions.mode === "aes-cbc") {
+        throw new Error("IV is required for CBC mode decryption");
+      }
+      decrypted = CryptoJS2.AES.decrypt(cipherText, keyWordArray, {
+        iv,
+        padding: paddingOption,
+        mode: CryptoJS2.mode.CBC
+      });
+      break;
+    case "aes-ctr":
+      if (!iv && validatedOptions.mode === "aes-ctr") {
+        throw new Error("IV is required for CTR mode decryption");
+      }
+      decrypted = CryptoJS2.AES.decrypt(cipherText, keyWordArray, {
+        iv,
+        padding: paddingOption,
+        mode: CryptoJS2.mode.CTR
+      });
+      break;
+    case "aes-ecb":
+      console.warn(
+        "\u26A0\uFE0F WARNING: ECB mode does not provide semantic security and should not be used in most applications"
+      );
+      decrypted = CryptoJS2.AES.decrypt(cipherText, keyWordArray, {
+        padding: paddingOption,
+        mode: CryptoJS2.mode.ECB
+      });
+      break;
+    default:
+      throw new Error(`Unsupported encryption mode: ${validatedOptions.mode}`);
+  }
+  try {
+    return decrypted.toString(CryptoJS2.enc.Utf8);
+  } catch {
+    throw new Error("Failed to decrypt: Invalid key or corrupted data");
+  }
+}
+function generateKey(length = 32) {
+  return CryptoJS2.lib.WordArray.random(length).toString(CryptoJS2.enc.Hex);
+}
+
+// src/utils/password.ts
+function calculatePasswordEntropy(password) {
+  if (!password || password.length === 0) return 0;
+  let poolSize = 0;
+  const hasLowercase = /[a-z]/.test(password);
+  const hasUppercase = /[A-Z]/.test(password);
+  const hasDigits = /\d/.test(password);
+  const hasSymbols = /[^A-Za-z0-9]/.test(password);
+  if (hasLowercase) poolSize += 26;
+  if (hasUppercase) poolSize += 26;
+  if (hasDigits) poolSize += 10;
+  if (hasSymbols) poolSize += 33;
+  const entropy = password.length * Math.log2(poolSize);
+  return Math.round(entropy * 100) / 100;
+}
+function analyzePasswordPatterns(password) {
+  const patterns = [];
+  let entropyReduction = 0;
+  const keyboardPatterns = [
+    "qwerty",
+    "asdfgh",
+    "zxcvbn",
+    "qwertz",
+    "azerty",
+    "123456",
+    "654321"
+  ];
+  const sequentialCheck = (pwd) => {
+    for (let i = 0; i < pwd.length - 2; i++) {
+      const c1 = pwd.charCodeAt(i);
+      const c2 = pwd.charCodeAt(i + 1);
+      const c3 = pwd.charCodeAt(i + 2);
+      if (c1 + 1 === c2 && c2 + 1 === c3 || c1 - 1 === c2 && c2 - 1 === c3) {
+        return true;
+      }
+    }
+    return false;
+  };
+  const repeatedPatternCheck = (pwd) => {
+    if (pwd.length <= 2) return false;
+    for (let len = 2; len <= pwd.length / 2; len++) {
+      for (let i = 0; i <= pwd.length - len * 2; i++) {
+        const pattern = pwd.substring(i, i + len);
+        const nextPart = pwd.substring(i + len, i + len * 2);
+        if (pattern === nextPart) {
+          return true;
+        }
+      }
+    }
+    return false;
+  };
+  for (const pattern of keyboardPatterns) {
+    if (password.toLowerCase().includes(pattern)) {
+      patterns.push("Contains keyboard pattern");
+      entropyReduction += 0.2;
+      break;
+    }
+  }
+  if (sequentialCheck(password)) {
+    patterns.push("Contains sequential characters");
+    entropyReduction += 0.15;
+  }
+  if (repeatedPatternCheck(password)) {
+    patterns.push("Contains repeated patterns");
+    entropyReduction += 0.2;
+  }
+  const l33tMap = {
+    "4": "a",
+    "@": "a",
+    "8": "b",
+    "3": "e",
+    "6": "g",
+    "1": "i",
+    "!": "i",
+    "0": "o",
+    "9": "g",
+    $: "s",
+    "5": "s",
+    "+": "t",
+    "7": "t",
+    "%": "x",
+    "2": "z"
+  };
+  let transformedPassword = password.toLowerCase();
+  for (const [digit, letter] of Object.entries(l33tMap)) {
+    const safeDigit = digit.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    transformedPassword = transformedPassword.replace(
+      new RegExp(safeDigit, "g"),
+      letter
+    );
+  }
+  const commonWords = [
+    "password",
+    "admin",
+    "user",
+    "login",
+    "welcome",
+    "secure",
+    "secret"
+  ];
+  for (const word of commonWords) {
+    if (transformedPassword.includes(word)) {
+      patterns.push("Contains common word with substitutions");
+      entropyReduction += 0.25;
+      break;
+    }
+  }
+  if (/^[a-z]+$/.test(password) || /^[A-Z]+$/.test(password) || /^[0-9]+$/.test(password) || /^[^A-Za-z0-9]+$/.test(password)) {
+    patterns.push("Uses only one character type");
+    entropyReduction += 0.3;
+  }
+  entropyReduction = Math.min(entropyReduction, 0.9);
+  return { entropyReduction, patterns };
+}
+function checkPasswordStrength(password, config) {
+  const validatedConfig = ConfigSchema.parse({
+    minimumPasswordLength: config?.minimumPasswordLength || 12,
+    requireNumbers: config?.requireNumbers !== void 0 ? config.requireNumbers : true,
+    requireSymbols: config?.requireSymbols !== void 0 ? config.requireSymbols : true,
+    requireUppercase: config?.requireUppercase !== void 0 ? config.requireUppercase : true,
+    requireLowercase: config?.requireLowercase !== void 0 ? config.requireLowercase : true
+  });
+  const hasMinLength = password.length >= validatedConfig.minimumPasswordLength;
+  const hasNumbers = /\d/.test(password);
+  const hasSymbols = /[^A-Za-z0-9]/.test(password);
+  const hasUppercase = /[A-Z]/.test(password);
+  const hasLowercase = /[a-z]/.test(password);
+  const suggestions = [];
+  let warning = "";
+  let criteriaCount = 0;
+  if (hasMinLength) criteriaCount++;
+  if (hasNumbers && validatedConfig.requireNumbers) criteriaCount++;
+  if (hasSymbols && validatedConfig.requireSymbols) criteriaCount++;
+  if (hasUppercase && validatedConfig.requireUppercase) criteriaCount++;
+  if (hasLowercase && validatedConfig.requireLowercase) criteriaCount++;
+  if (!hasMinLength) {
+    warning = "Password is too short";
+    suggestions.push(
+      `Password should be at least ${validatedConfig.minimumPasswordLength} characters long`
+    );
+  }
+  if (validatedConfig.requireNumbers && !hasNumbers) {
+    suggestions.push("Add numbers to make your password stronger");
+  }
+  if (validatedConfig.requireSymbols && !hasSymbols) {
+    suggestions.push("Add symbols to make your password stronger");
+  }
+  if (validatedConfig.requireUppercase && !hasUppercase) {
+    suggestions.push("Add uppercase letters to make your password stronger");
+  }
+  if (validatedConfig.requireLowercase && !hasLowercase) {
+    suggestions.push("Add lowercase letters to make your password stronger");
+  }
+  const entropy = calculatePasswordEntropy(password);
+  const { entropyReduction, patterns } = analyzePasswordPatterns(password);
+  const effectiveEntropy = entropy * (1 - entropyReduction);
+  suggestions.push(
+    ...patterns.map((p) => `${p}: Consider a more random pattern`)
+  );
+  let score;
+  if (effectiveEntropy < 28) {
+    score = 0;
+    if (!warning) warning = "Very weak password";
+  } else if (effectiveEntropy < 36) {
+    score = 1;
+    if (!warning) warning = "Weak password";
+  } else if (effectiveEntropy < 60) {
+    score = 2;
+  } else if (effectiveEntropy < 80) {
+    score = 3;
+  } else {
+    score = 4;
+  }
+  const criteriaBoost = criteriaCount >= 5 ? 1 : 0;
+  score = Math.min(4, score + criteriaBoost);
+  if (!hasMinLength || validatedConfig.requireNumbers && !hasNumbers || validatedConfig.requireSymbols && !hasSymbols || validatedConfig.requireUppercase && !hasUppercase || validatedConfig.requireLowercase && !hasLowercase) {
+    score = Math.min(score, 2);
+  }
+  if (effectiveEntropy < 50) {
+    suggestions.push(
+      `Increase password entropy (currently ~${Math.round(
+        effectiveEntropy
+      )} bits)`
+    );
+  }
+  const isStrong = hasMinLength && (!validatedConfig.requireNumbers || hasNumbers) && (!validatedConfig.requireSymbols || hasSymbols) && (!validatedConfig.requireUppercase || hasUppercase) && (!validatedConfig.requireLowercase || hasLowercase) && score >= 3;
+  return PasswordStrengthSchema.parse({
+    score,
+    feedback: {
+      warning,
+      suggestions: suggestions.length > 0 ? suggestions : void 0
+    },
+    isStrong
+  });
+}
+function generateSecurePassword(config) {
+  const validatedConfig = ConfigSchema.parse({
+    minimumPasswordLength: config?.minimumPasswordLength || 12,
+    requireNumbers: config?.requireNumbers !== void 0 ? config.requireNumbers : true,
+    requireSymbols: config?.requireSymbols !== void 0 ? config.requireSymbols : true,
+    requireUppercase: config?.requireUppercase !== void 0 ? config.requireUppercase : true,
+    requireLowercase: config?.requireLowercase !== void 0 ? config.requireLowercase : true
+  });
+  const length = validatedConfig.minimumPasswordLength;
+  const lowercaseChars = "abcdefghijklmnopqrstuvwxyz";
+  const uppercaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  const numbers = "0123456789";
+  const symbols = "!@#$%^&*()_+-=[]{}|;:,.<>?";
+  let characters = "";
+  let password = "";
+  if (validatedConfig.requireLowercase) characters += lowercaseChars;
+  if (validatedConfig.requireUppercase) characters += uppercaseChars;
+  if (validatedConfig.requireNumbers) characters += numbers;
+  if (validatedConfig.requireSymbols) characters += symbols;
+  if (validatedConfig.requireLowercase) {
+    password += lowercaseChars.charAt(
+      Math.floor(Math.random() * lowercaseChars.length)
+    );
+  }
+  if (validatedConfig.requireUppercase) {
+    password += uppercaseChars.charAt(
+      Math.floor(Math.random() * uppercaseChars.length)
+    );
+  }
+  if (validatedConfig.requireNumbers) {
+    password += numbers.charAt(Math.floor(Math.random() * numbers.length));
+  }
+  if (validatedConfig.requireSymbols) {
+    password += symbols.charAt(Math.floor(Math.random() * symbols.length));
+  }
+  for (let i = password.length; i < length; i++) {
+    password += characters.charAt(
+      Math.floor(Math.random() * characters.length)
+    );
+  }
+  return shuffleString(password);
+}
+function shuffleString(str) {
+  const array = str.split("");
+  for (let i = array.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [array[i], array[j]] = [array[j], array[i]];
+  }
+  return array.join("");
+}
+export {
+  ConfigSchema,
+  EncryptionOptionsSchema,
+  HashOptionsSchema,
+  PasswordHashOptionsSchema,
+  PasswordStrengthSchema,
+  SecurityLevel,
+  TimingSafeOptionsSchema,
+  analyzePasswordPatterns,
+  calculatePasswordEntropy,
+  checkPasswordStrength,
+  decrypt,
+  encrypt,
+  generateKey,
+  generateRandomBytes,
+  generateSecurePassword,
+  getSecurityLevel,
+  hash,
+  hashPassword,
+  hmac,
+  timingSafeEqual,
+  verifyHash,
+  verifyPassword
+};