What exactly does password-format provide for validation ? Is it possible to add strong-password validation instead?

[branlok]

as readme suggests:
'password: password string according to the openApi 3.0.0 specification'

1. the openapi states...'A hint to UIs to obscure input.'

2. The formats.ts shows that any string will just pass validation.

Wondering if we can benefit instead by adding a replacement password format that actually validates some kind of complexity requirement.

[shane-js]

Hi I ran into this open issue today when I realized the same thing. After seeing no response and finding no other package I decided to make https://www.npmjs.com/package/ajv-formats-strong-password (https://github.com/shane-js/ajv-formats-strong-password) in the same spirit of ajv-formats.

May help others in same situation - you simply import it like ajv-formats & add it to your ajv instance:

import addStrongPasswordFormat from 'ajv-formats-strong-password';

const myPasswordCriteriaObj = {...};
ajv.addStrongPasswordFormat({
    ajvInstance: ajv,
    passwordCriteria: myPasswordCriteriaObj
});

Then you can use the 'strong-password' format. The criteria is currently configurable to enforce whatever minimum length, uppercase characters, lowercase characters, digits, and special characters you pass it so should be pretty flexible to multiple use cases.

[agzar-ahmed]

I believe this need to be fixed within the AVJ formats package it self, cause it says in documentation, it uses open API specification but unfortunately it is not working.