Skip to content
/ lockly Public

Cryptographically secure password generator CLI.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kjunine/lockly

BranchesTags

Repository files navigation

lockly

Cryptographically secure password generator CLI.

Generates unpredictable random passwords instantly using the Web Crypto API (crypto.getRandomValues()).

Features

  • Cryptographically secure — CSPRNG via Web Crypto API
  • Browser compatible — works in Node.js and browsers
  • Fast — under 50ms response time
  • Customizable — length, character sets, count, charset inclusion guarantee (--ensure)
  • Pipe-friendly — clean stdout output, no ANSI colors
  • Zero install — run instantly with npx

Install

# Run instantly with npx (recommended)
npx lockly

# Or install globally
npm install -g lockly

Usage

Basic

# Default: generate a 16-character password
lockly

# Set length (32 characters)
lockly -l 32
lockly --length 32

# Generate multiple passwords (5)
lockly -c 5
lockly --count 5

Character set filtering

# Exclude symbols
lockly --no-symbols

# Digits only (PIN)
lockly --no-uppercase --no-lowercase --no-symbols -l 6

# Uppercase and digits only
lockly --no-lowercase --no-symbols

Ensure charset inclusion

# Guarantee at least one character from each active charset
lockly --ensure

# Short password with guaranteed diversity
lockly --ensure -l 4

Piping

# Copy to clipboard (macOS)
lockly | pbcopy

# Copy to clipboard (Linux)
lockly | xclip -selection clipboard

# Copy to clipboard (Windows PowerShell)
lockly | Set-Clipboard

# Save to file
lockly -c 10 -l 32 > passwords.txt

# Set as environment variable
export DB_PASSWORD=$(lockly -l 24 --no-symbols)

Options

Option Description Default Range
-l, --length <number> Password length 16 1–1024
-c, --count <number> Number of passwords 1 1+
--no-uppercase Exclude uppercase (A-Z) included -
--no-lowercase Exclude lowercase (a-z) included -
--no-numbers Exclude digits (0-9) included -
--no-symbols Exclude symbols included -
--ensure Guarantee at least one char from each active charset off -
-V, --version Show version - -
-h, --help Show help - -

Security

  • CSPRNG: Uses crypto.getRandomValues() (Web Crypto API) instead of Math.random()
  • Local execution: No network requests — passwords are generated locally
  • Stateless: Generated passwords are never stored
  • No modulo bias: Rejection sampling ensures uniform distribution

Security tips

  • Store generated passwords immediately in a secure location (e.g. password manager)
  • Use piping to avoid passwords appearing in terminal history
  • Use -l 32 or longer for high-security purposes (root accounts, financial services, etc.)

Programmatic API

Use lockly as a library in your TypeScript/JavaScript project.

import { generatePassword } from 'lockly';

// Default usage
const passwords = generatePassword();
console.log(passwords[0]); // 16-character password

// With options
const customPasswords = generatePassword({
  length: 32,
  count: 5,
  uppercase: true,
  lowercase: true,
  numbers: true,
  symbols: false
});

// Ensure at least one character from each active charset
const ensured = generatePassword({
  length: 16,
  ensure: true
});

Requirements

  • Node.js 20+ or any modern browser with Web Crypto API support

License

MIT

About

Cryptographically secure password generator CLI.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

 
 
 

Contributors

Languages