Validates the given PasswordRequirements instance's values.

This returns a mutated copy of the config instance where the values satisfy "sane minimum requirements" suitable for any password.

The phrase "sane minimum requirements" implies

1. length is not less than 10

2. To avoid repetitions, length is not more than

   • 52 if only letters (no decimal integers or special characters) are used
   • 62 if only letters and decimal integers are used
   • 68 if only letters and special characters are used
   • 78 if letters, decimal integers, and special characters are used
   • 65535 if repeated characters are allowed

3. specials character count does not overrule the required number of

   • letters (2; 1 uppercase and 1 lowercase)
   • decimal integers (if decimal is specified as non-zero value)

4. decimal character count does not overrule the required number of

   • letters (2; 1 uppercase and 1 lowercase)
   • special characters (if specials is specified as non-zero value)

About resolving conflicts

If this function finds a conflict between the specified number of specials characters and decimal, then decimal integers takes precedence.

For example:

const cpg = require('@mk-pass/mk-pass');
const assert = require('node:assert/strict');
let config = {
  length: 16,
  specials: 15,
  decimal: 15
};
let expected = {
  length: 16,
  decimal: 13,
  specials: 1,
  firstIsLetter: true
};
assert.isDeepStrictEqual(
  validateRequirements(config),
  expected
);
Copy