question: Default definition "strong password" is unclear

[toresbe]

I was trying to...

Define DTOs for a user signup request:

export class SignupRequest {
  @IsEmail()
  @ApiProperty({ example: 'test@test.com', description: 'Email address' })
  email: string;

  @IsStrongPassword()
  @ApiProperty({ example: 'hunter2', description: 'Password' })
  password: string;
}

The problem:

I can't find a definition anywhere of what by default constitutes a strong password, nor am I able to divine it from the source code.

For me, an elaboration in the documentation would be useful and I suspect I'm not alone.

Anyway, keep up the fantastic work with this package :)

[emir-gradient]

Hello.

@IsStrongPassword is wrapper around isStrongPassword(str [, options]) from validatorjs/validator package, that is used as dependency of class-validator.

You can find spec here: https://github.com/validatorjs/validator.js/blob/master/README.md.

To quote IsStrongPassword description:

check if the string can be considered a strong password or not. Allows for custom requirements or scoring rules. If returnScore is true, then the function returns an integer score for the password rather than a boolean. Default options: { minLength: 8, minLowercase: 1, minUppercase: 1, minNumbers: 1, minSymbols: 1, returnScore: false, pointsPerUnique: 1, pointsPerRepeat: 0.5, pointsForContainingLower: 10, pointsForContainingUpper: 10, pointsForContainingNumber: 10, pointsForContainingSymbol: 10 }

[braaar]

Thanks, @emir-gradient!

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.