Not always using all the types in the pattern

jonschlinkert / randomatic

Easily generate random strings like passwords, with simple options for specifying a length and for using patterns of numeric, alpha-numeric, alphabetical, special or custom characters. (the original "generate-password")

https://github.com/jonschlinkert

MIT License

183 stars 25 forks source link

Not always using all the types in the pattern #31

Open yitzgold opened 4 years ago

yitzgold commented 4 years ago

const password = randomize("aA0", 8); console.log({password}); //{ password: 'lfwWBUif' } in this case it didn't include any Numeric character

jonschlinkert commented 1 year ago

I know this has been a while, but I'm getting this updated and wanted to address this. The readme docs indicate that any of those characters may be used. I didn't see anything that said that all the characters would be used though.

However, I do think it should provide that option. I'll leave this open for commentary while I work on updating the lib.

digipigeon commented 5 months ago

Due to this bug, we are unable to use this in a system that automatically "tests" the strength of the password based on it containing a specific property (e.g checking for uppercase, lowercase, numeric, and special characters).

I appreciate the irony that attempting to enforce entropy in some respects decreases it, but estimating password strength in our use case trumps this.