git404hub

what is zxcvbn fr?

dropbox/zxcvbn — explained in plain English

Analysis updated 2026-06-24

15,958CoffeeScriptAudience · developerComplexity · 2/5Setup · easy

tl;dr

zxcvbn is a JavaScript library that estimates how hard a password is to crack by recognizing real attack patterns like common words, keyboard sequences, and dates, giving users a realistic 0-to-4 strength score.

vibe map

mindmap
  root((zxcvbn))
    What it does
      Pattern recognition
      Crack time estimate
      Score 0 to 4
    Attack patterns detected
      Common passwords
      Keyboard sequences
      Dictionary words
      Dates and l33t speak
    Integration
      Browser JS
      Node.js server
      Community ports
    Use cases
      Signup forms
      Password policies
      Security audits

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Add realistic password strength feedback to a signup form so users understand why their chosen password is weak.

VIBE 2

Display estimated crack time alongside a strength meter so users see the real-world impact of their password choice.

VIBE 3

Pass a user's name and email to zxcvbn as user inputs so personal details that weaken passwords are flagged.

what's the stack?

CoffeeScriptJavaScript

how it stacks up fr

dropbox/zxcvbnjashkenas/coffeescriptmojs/mojs
Stars15,95816,57718,701
LanguageCoffeeScriptCoffeeScriptCoffeeScript
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

in plain english

zxcvbn is a password strength estimator, a library you can add to a website or app to give users instant, realistic feedback on how strong their chosen password is. Instead of enforcing rigid rules like "must contain a number and a symbol," zxcvbn analyzes how hard a password would be for an attacker to guess, which is a better measure of actual security. It does this by recognizing common patterns: 30,000 frequently used passwords, common English words, popular names, keyboard sequences like "qwerty", repeated characters, dates, and "l33t speak" substitutions (like replacing letters with numbers). For each password, it estimates how many guesses an attacker would need to crack it under different attack scenarios, for example, an online attack where attempts are limited versus an offline attack using fast hardware. The result tells you both a numeric score from 0 to 4 and a rough estimate of crack time, plus brief human-readable suggestions to help users pick better passwords. The library is built with CoffeeScript (a language that compiles to JavaScript) and was created at Dropbox, which uses it in its own products. It works in web browsers and on servers, and community-contributed ports exist for many other programming languages. You call it with a single function, passing in the password string and optionally a list of user-specific terms (like the user's name or email) that should count as weak. The full README is longer than what was provided.

prompts (copy fr)

prompt 1
Add a zxcvbn password strength meter to my React signup form that shows a color-coded bar and the estimated crack time as the user types.
prompt 2
I want to block passwords with a zxcvbn score below 2 on my Node.js registration endpoint. Show me the server-side validation code.
prompt 3
Display the zxcvbn feedback suggestions below my password field in plain English so users know exactly how to improve their password.
prompt 4
I need to test zxcvbn with my own wordlist of company-specific weak passwords. How do I extend the default dictionary?
prompt 5
Help me integrate zxcvbn into a vanilla HTML form with no framework, show me the CDN include and the event listener that updates a score indicator.

Frequently asked questions

what is zxcvbn fr?

zxcvbn is a JavaScript library that estimates how hard a password is to crack by recognizing real attack patterns like common words, keyboard sequences, and dates, giving users a realistic 0-to-4 strength score.

What language is zxcvbn written in?

Mainly CoffeeScript. The stack also includes CoffeeScript, JavaScript.

How hard is zxcvbn to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is zxcvbn for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.