Since v2.3.0, it looks ignoring commandline arguments.

% node -v
v12.18.0
% npm -v
6.14.5

% sudo npm -g update
/usr/local/bin/password-generator -> /usr/local/lib/node_modules/password-generator/bin/password-generator
+ [email protected]
removed 3 packages and updated 1 package in 0.533s
% password-generator -h
gavufivoni

% sudo npm -g i [email protected]
/usr/local/bin/password-generator -> /usr/local/lib/node_modules/password-generator/bin/password-generator
+ [email protected]
updated 1 package in 0.278s
% password-generator -h
xuwenazejo

The latest valid ver. is v2.2.3:

% sudo npm -g i [email protected]
/usr/local/bin/password-generator -> /usr/local/lib/node_modules/password-generator/bin/password-generator
+ [email protected]
added 3 packages from 2 contributors and updated 1 package in 0.935s
% password-generator -h
Generates a memorable password

Options:
  -l: Password length                      [default: null]
  -c: Generates a non memorable password   [default: "memorable"]
  -p: Pattern to match for the generated password
  -h: Displays this help

I want to create username's that conform to UTF-8 (chars only) based on emails. If I could plug in a seed for the random password generator then I could use your library to generate usernames based on email addresses.

It is not possible to generate a password with a tilde (~) character in it. We get an error when this is executed:
generatePassword(12, false, /[\~]/)

The error lies in the loop bounds on Line 39 of /dist/password-generator.js:
for (i = 33; 126 > i; i += 1) {
The variable i will never reach ASCII 126 (the tilde character)

That line should be updated to:
for (i = 33; 126 >= i; i += 1) {
or the more normal representation:
for (i = 33; i <= 126; i += 1) {

(I saw that you just fixed issue #25 and released v2.2.2. Thank you! I wish I had caught this sooner so that it could have been rolled into that release.)

generatePassword(12, false, /0-9/)

I'm having a rough time with a specific requirement for a pattern. I'm following the OWASP password strength requirements in a project & I'm trying to provide a randomly generated password using this package. However, trying to write a pattern to pass into this generator is proving very difficult.

My requirements:

1. Must contain at least one number
2. Must contain at least one uppercase letter
3. Must contain at least one lowercase letter
4. Must contain at least one special character
5. Must NOT contain sequences of three or more repeated characters

Any advice on how to pass these requirements into generatePassword ?

One issue I keep having with this package, when I pass in a seemingly correctly formatted pattern, is the following message..

[Error: Could not find characters that match the password pattern /([A-Z]\w+)([a-z]\w+)([0-9]\w+)([\!\?]+)/. Patterns must match individual characters, not the password as a whole.]

This error makes sense to me, but the limitation of the generator doesn't. Shouldn't I be able to match against the "password as a whole"?

with https://www.npmjs.com/advisories/1500 coming up last night, could you please check to upgrade yargs-parser?

yarn audit v1.21.1
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ password-generator                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ password-generator > yargs-parser                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

When calling the method like this:
generatePassword(11, false, /test/)
in the browser you will receive this error:
Uncaught RangeError: Maximum call stack size exceeded

Is this project still being maintained? Build status is unknown on homepage.

For some reason the method hangs indefinitely when supplying these arguments for the third parameter:

/\d\W/
/\d\p/

I'm on Windows if it matters.

I'm pretty sure that there is some kind of bug, that prevents capital A from appearing in passwords.
I've run this command: password-generator -c -l 50 -p "[a-zA-Z]" around 500 times and not a single 'A' appeared.

Here are some example results i ran into when I was examining this:

$ password-generator -c -l 50 -p "[Aa]"
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
$ password-generator -c -l 50 -p "[Aab]"
> baaabbbababababababababaaabbabababbababbabaabbaaab
$ password-generator -c -l 50 -p "[AaBb]"
> bBbBBBbBBbbabaaBbbbaabBBaBBaababBBBaBbbBaBaBabBbbB
$ password-generator -c -l 50 -p "[BAa]"
> aaBaaaaBBaaBaBBaBBBBBBBBaaBaaaBBaBBBBBaBBaBaBaaaBa

Moreover, it also affects other capital letters if they're only one in the pattern:

$ password-generator -c -l 50 -p "[aBb]"
> aaaabbaabaabbbbbbaaaabaabbbbbaaabbbbbababaabaabbab
$ password-generator -c -l 50 -p "[a-zC]"
> urjxuxmsjxpcfnssijcwwlxikgxgeqchuqeliwtyqjrnzbqxvt
$ password-generator -c -l 50 -p "[a-zAB]"
> tvkobyiyBztramssvestxsagbmzohboebshxBnxxdnlwtkiomh
$ password-generator -c -l 50 -p "[a-zABC]"
> wCfkzoxicsxomhshdibfvtpBiuraisbdyaootuBeavboaypxdc

Also, giving it one letter as pattern generates "Maximum call stack size exceeded" error.
All those generate this error:
password-generator -c -l 50 -p "[A]"
password-generator -c -l 50 -p "A"
password-generator -c -l 50 -p "[a]"
password-generator -c -l 50 -p "a"

But that may be working as intended, because of required at least 2 characters in the pattern for some randomness.

And a screenshot from console:

Typed arrays (UInt8Array) was only added in IE10 (http://caniuse.com/#feat=typedarrays)

Hi,
Am using following method to generate random password
var pwd = generatePassword(8, false)
but sometimes its generating letters only passwords. How to make sure my password must contains both letters and digits.
Thank you.

optimist is deprecated. Can I put in a PR to switch to use minimist?

How likely are generated passwords to be unique? Is there any mechanism in the algorithm used that can ensure uniqueness with high probability?

if memorable is enabled, you cannot get a password that matches the pattern. Always generates lower-cased letters.

generatePassword(10, true, /\d/);           // —> cuyupizuvo  (no numbers)
generatePassword(10, true, /[a-zA-Z]/);     // —> felunaturo  (could be FeluNAturo)
generatePassword(10, true, /[a-zA-Z\d]/);   // —> cimatugije  (could be C1matu9ije)

I am not sure if this is possible , but would like to know if this can be used with Angular 6.

If yes can someone suggest me steps to use it cause i tried by creating a service and directly requiring this library but i ran into issues.

I also tried directly including this password-generator.min.js in angular.json file and accessing the function in my service that didn't work either typescript slaps a function not defined error!

If some one could help I would be really grateful. Thank you.

When I try to install version 2.0.0 from bower I get error:

E:\work\personal\>bower install
bower password-generator#^2.0.0       not-cached git://github.com/bermi/password-generator.git#^2.0.0
bower password-generator#^2.0.0          resolve git://github.com/bermi/password-generator.git#^2.0.0
bower password-generator#^2.0.0     ENORESTARGET No tag found that was able to satisfy ^2.0.0

Additional error details:
Available versions: 1.0.1, 1.0.0, 0.2.4, 0.2.3, 0.2.2, 0.1.1, 0.1.0, 0.0.2

It is critical that this library be updated to use a cryptographically secure pseudo-random number generator.

Math.random is not considered secure, while window.crypto.getRandomValues is:

http://stackoverflow.com/questions/5651789/is-math-random-cryptographically-secure
http://stackoverflow.com/questions/578700/how-trustworthy-is-javascripts-random-implementation-in-various-browsers
http://stackoverflow.com/questions/4083204/secure-random-numbers-in-javascript
https://dl.packetstormsecurity.net/papers/general/Google_Chrome_3.0_Beta_Math.random_vulnerability.pdf
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html

Here's how to get random bytes with window.crypto.getRandomValues:

var array = new Uint8Array(32)
var randomBytes = window.crypto.getRandomValues(array)

i would like to know if there is a known algorithm behind this password generation library. if there is one, which one?
thank you

The readme includes an example where we are using Math.random. This is bad practice and should be discouraged in favour of a cryptographically sure source of randomness.

Folder dist is missing in npm install or yarn add in recent versions

subj