Metadata-Version: 2.4
Name: passeval
Version: 0.2.0
Summary: Offline ML-powered password strength evaluation using a trained Random Forest model.
License: MIT License
        
        Copyright (c) 2026 passeval contributors
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/swissjake/passeval
Project-URL: Repository, https://github.com/swissjake/passeval
Project-URL: Issues, https://github.com/swissjake/passeval/issues
Keywords: password,security,machine-learning,strength,offline
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: scikit-learn<2.0,>=1.6
Requires-Dist: numpy>=1.23
Requires-Dist: joblib>=1.2
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov; extra == "dev"
Requires-Dist: build; extra == "dev"
Requires-Dist: twine; extra == "dev"
Dynamic: license-file

# passeval

**Offline ML-powered password strength evaluation for Python developers.**

Built on a Random Forest classifier trained on 220,000 passwords. Runs fully locally, no API, no server.

## Installation

```bash
pip install passeval
```

## Quick Start

```python
from passeval import evaluate_password

result = evaluate_password("Monkey2024!")
print(result)
```

```json
{
  "score": 0,
  "label": "Weak",
  "confidence": 1.0,
  "features": {
    "length": 11,
    "entropy": 3.2776,
    "num_upper": 1,
    "num_digits": 4,
    "num_special": 1
  },
  "feedback": [
    "Longer passwords are significantly harder to crack",
    "Avoid predictable patterns like years or repeated digits"
  ]
}
```

## Examples

```python
from passeval import evaluate_password

evaluate_password("hunter2")["label"]                      # Weak
evaluate_password("Password1")["label"]                    # Medium
evaluate_password("blitz8-concrete2-eloquence3")["label"]  # Strong
evaluate_password("xK9#mP2$vL8@")["label"]                # Strong
```

## Key Features

- **3-class scoring** - Weak (0), Medium (1), Strong (2)
- **Confidence score** - model probability for the predicted class
- **Actionable feedback** - specific suggestions to improve weak passwords
- **Detects breach-derived patterns** - catches passwords like `Monkey2024!` that pass surface-level complexity checks
- **Fully offline** - model ships inside the package, no internet required
- **Fast after warmup** - model cached in memory, sub-millisecond from second call onward

## How It Works

`passeval` extracts 10 statistical features from each password (length, entropy, character type counts, boolean flags) then runs them through a trained Random Forest classifier. No raw characters are inspected; the model learns structural patterns, not specific passwords.

```python
from passeval import extract_features

extract_features("Monkey2024!")
# {
#   'length': 11, 'num_upper': 1, 'num_lower': 6, 'num_digits': 4,
#   'num_special': 1, 'entropy': 3.2776, 'unique_chars': 10,
#   'has_upper': 1, 'has_digit': 1, 'has_special': 1
# }
```

## vs zxcvbn

Unlike rule-based estimators like [zxcvbn](https://github.com/dwolfhub/zxcvbn-python), `passeval` detects breach-derived patterns such as `Monkey2024!` that satisfy complexity rules but remain guessable.

On realistic weak password detection:
- passeval (ML): **99.93%**
- zxcvbn (rule-based): **32.34%**

## License

MIT - see [LICENSE](LICENSE).
