stupid-passwords is an NPM module that can be used to verify the user provided password is not one
of the top 10,000 worst passwords as analysed by a respectable IT security analyst.
Read about it all here or from
Wired
'use strict';
const app = require('express')();
const stupidPasswords = require('stupid-passwords');
...
app.post('/user/create', (req, res) => {
const userPassword = req.body.userPassword;
if(stupidPasswords.isStupid(userPassword)) {
const rate = stupidPasswords.rateOfUsage(userPassword);
let message = 'That\'s a stupid password. For every 10,000 people, ';
message += rate + ' are using that password';
res.status(200).send(message);
} else{
// that password is awesome!
// that useer SMART! Give them the key to success!
}
});
...
app.listen(8080, () => {
console.log('Express server listening on on port 8080');
});
// expose app
module.exports = app;$ npm install stupid-passwords --save