Skip to main content

Introduction to ValidAuth

ValidAuth is a modern JavaScript library that provides robust validators for authentication forms. Built with security and developer experience in mind, it helps you validate emails, passwords, usernames, and more with just a few lines of code.
ValidAuth is framework-agnostic and works seamlessly with React, Vue, Angular, vanilla JavaScript, Node.js, and any other JavaScript environment.

Why ValidAuth?

Authentication validation shouldn’t be complicated. ValidAuth eliminates the complexity of writing regex patterns, manual security checks, and repetitive validation logic.

Before ValidAuth

// Complex regex patterns that are hard to maintain
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
const usernameRegex = /^[a-zA-Z][a-zA-Z0-9_-]{2,29}$/;

if (!emailRegex.test(email)) {
  return 'Invalid email';
}

// Manual password checks scattered everywhere
if (password.length < 8) return 'Too short';
if (!/[A-Z]/.test(password)) return 'Need uppercase';
if (!/[0-9]/.test(password)) return 'Need numbers';

// No protection against common passwords
// No customization, no detailed error messages
// Lots of repetitive boilerplate code

After ValidAuth

import { isEmail, isPassword, isUsername } from 'validauth';

const emailResult = isEmail(email, {
  blockedDomains: ['tempmail.com'],
  details: true
});

const passwordResult = isPassword(password, {
  minLength: 10,
  forbidCommonPasswords: true,
  details: true
});

const usernameResult = isUsername(username, {
  blockedUsernames: ['admin', 'root'],
  details: true
});

// Clean, readable, comprehensive validation with detailed error messages
if (!emailResult.valid) return emailResult.errors;

Key Features

Zero Dependencies

Completely standalone with no external dependencies. Keep your bundle size minimal.

Lightweight

Only ~14KB minified and ~5KB gzipped. Tree-shakeable to import only what you need.

Security-First

Built-in protection against common passwords, XSS attacks, and security vulnerabilities.

Highly Configurable

Extensive options to customize validation rules for your specific requirements.

Detailed Error Messages

Get comprehensive error feedback to guide users through fixing validation issues.

Framework Agnostic

Works with React, Vue, Angular, Svelte, or vanilla JavaScript - no lock-in.

What Can You Validate?

ValidAuth provides validators for all common authentication scenarios:
  • Email addresses - RFC-compliant validation with domain blocking, plus addressing, and TLD requirements
  • Passwords - Strength checking, common password detection, configurable complexity rules
  • Usernames - Length limits, character restrictions, reserved name blocking
  • OTP codes - One-time password validation with attempt limiting
  • Session tokens - JWT-style token generation and validation
  • XSS prevention - Input sanitization to prevent cross-site scripting attacks
Each validator supports both simple boolean validation and detailed mode that returns comprehensive error information and metadata.

How ValidAuth Compares

FeatureValidAuthvalidator.jsjoiyup
Bundle Size~14KB~100KB~150KB~80KB
Dependencies00ManyMany
Auth-Focused
Common Password Check
Password Strength
Detailed Errors⚠️
Easy to Use⚠️⚠️
While general-purpose validation libraries like Joi and Yup are powerful, they require learning complex schemas and APIs. ValidAuth focuses specifically on authentication, making it simpler and more efficient for this use case.

Design Philosophy

ValidAuth is built on three core principles:
  1. Simplicity - Simple, intuitive API that developers can learn in minutes
  2. Security - Built-in protection against common vulnerabilities and attack vectors
  3. Flexibility - Extensive configuration options without sacrificing ease of use

Real-World Use Cases

Validate email, password, and username simultaneously with customized rules for each field. Block disposable emails, enforce strong passwords, and reserve admin usernames.
Accept both email and username as login identifiers with flexible validation that adapts based on input format.
Enforce strong password requirements and prevent users from reusing old passwords or including their username in the new password.
Validate OTP codes with attempt limiting and expiration tracking to secure your 2FA implementation.
Validate handles/usernames with custom character rules, length limits, and reserved name protection.

Browser and Environment Support

ValidAuth works everywhere JavaScript runs:
  • Browsers: Chrome, Firefox, Safari, Edge (latest versions)
  • Node.js: Version 12 and above
  • Server-side: Express, Fastify, Koa, Next.js API routes
  • Frontend: React, Vue, Angular, Svelte, vanilla JS
  • Mobile: React Native, Ionic, Capacitor

Next Steps

Installation

Install ValidAuth and set up your project in under a minute

Quick Start

Get started with practical examples and common use cases

Build docs developers (and LLMs) love

Get started for freeTalk to us