Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Javascript Password Validator

A simple JS password validator that use a Bloom Filter.


The idea behind this project is to build a simpler and client-side version of "have I been pwned". A Bloom Filter is obviously the best data structure to implement it.

"HIBP" store millions of pawned passwords and provide a very clever and privacy friendly API, but I wanted a client-side only solution, and obviously sending and storing all that data is impossible.

Instead, storing the most common 10K passwords in Bloom Filter and sending them is easy and provide a useful protection against the use of common passwords.

How it works

Read more about Bloom Filters at Wikipedia

The script builder.js create a Bloom Filter, insert all the passwords inside the password.txt file and then return it as a simple JSON.

At this point the JSON file must be manually copied inside an HTML page or a JS script and then validate.js will provide you a simple way to import it and to validate the passwords in your forms.

This process will soon be automated using Webpack or Gulp to create a simple self-contained JS file like validator.10K.min.js (will check against the 10K most common passwords) or validator.1K.min.js

How to use it

Untill I write a good documentations use test_page.html as example


npm test or yarn test


This only a simple side project built to improve my Javascript skills and learn how to deliver a JS library correctly.

Exactly like a Bloom Filter, this validator will only tell you if a password is with a certain probability inside the filter or definetly not inside it, so positive matches are probaly true and negative matches are absolutely true.

The probability of false-positive is depends on the number of items in the filter, the number of hash functions used and the size of the filter in bits.

In the future I plan to improve the process to choose this parameters when using the builder.


JS Password Validator using a Bloom Filter πŸ”





No releases published


No packages published