I rewrote zxcvbn in TypeScript — and fixed 16 bugs the original never addressed

I've been using zxcvbn — Dropbox's password strength estimator — for a while. It's a great library but the original is written in CoffeeScript, hasn't been maintained in years and has a long list of open issues nobody every fixed. So I rewrote it in TypeScript from scratch. Here's what I found along the way Why rewrite it? The original library has a few fundamental problems: No TypeScript Support — you get any everywhere, no autocomplete, no type safety on the match objects 7.72MB Unpacked — nearly all of it hardcoded string data compiled into every build target Open Security Issues — a ReDoS vulnerability reported in 2023 that was never patched Stale Regex — the "recent year" detector stopped working in 2020 I wanted a version I could actually use in a modern TypeScript project without fighting it. What I built zxcvbn-ts — a full TypeScript rewrite with: Strict TypeScript, discriminated-union Match type for exhaustive pattern narrowing Dual CJS/ESM output 93,855 dictionary words bundl

I rewrote zxcvbn in TypeScript — and fixed 16 bugs the original never addressed

Related Articles

Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production

Bipolar and Sleep Deprivation: What Actually Happens

Learn how to develop like a pro for free

I didn't have to drill these renter-friendly smart lights into my wall - and I love them for it

How to Create and Use Checkboxes in Figma

Related Articles

How-To
Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production
Medium Programming • 3h ago

How-To
Bipolar and Sleep Deprivation: What Actually Happens
Dev.to • 3h ago

How-To
Learn how to develop like a pro for free
Medium Programming • 4h ago

How-To
I didn't have to drill these renter-friendly smart lights into my wall - and I love them for it
ZDNet • 5h ago

How-To
How to Create and Use Checkboxes in Figma
FreeCodeCamp • 6h ago