Security & Auth Validators

Security validators for password strength, XSS prevention, token generation, and hash verification.

19 code snippets available

XSS Sanitize (Basic)

security

Escapes HTML special characters to prevent XSS.

#sanitization#html#protection
ts
const escapeHtml = (unsafe: string): string => 
  unsafe.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");

Generate Random String

security

Creates a cryptographically secure random string.

#random#token#crypto
ts
const randomString = (length: number): string => {
  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  return Array.from(crypto.getRandomValues(new Uint32Array(length)))
    .map(x => chars[x % chars.length]).join('');
};

Hash String (SHA-256)

security

Creates SHA-256 hash of a string.

#hash#crypto
ts
const sha256 = async (str: string): Promise<string> => {
  const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(str));
  return Array.from(new Uint8Array(buf)).map(b => b.toString(16).padStart(2, '0')).join('');
};

JWT (Strict)

security

Header.Payload.Signature structure.

#jwt#token
ts
const isValid = (s: string): boolean => /^[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+$/.test(s);

Bcrypt Hash

security

Standard bcrypt hash string.

#hash#crypto
ts
const isValid = (s: string): boolean => /^\$2[ayb]\$.{56}$/.test(s);

Stripe Secret Key

security

Stripe Live Secret Key.

#api#stripe
ts
const isValid = (s: string): boolean => /^sk_live_[0-9a-zA-Z]{24}$/.test(s);

Slack Token

security

Slack Bot/User Token.

#api#slack
ts
const isValid = (s: string): boolean => /^xox[baprs]-([0-9a-zA-Z]{10,48})$/.test(s);

Google OAuth Token

security

Google Access Token.

#api#google
ts
const isValid = (s: string): boolean => /^ya29\.[0-9A-Za-z_-]+$/.test(s);

AWS Access Key

security

AWS Access Key ID.

#aws#cloud
ts
const isValid = (s: string): boolean => /^AKIA[0-9A-Z]{16}$/.test(s);

AWS Secret Key

security

AWS Secret Access Key.

#aws#cloud
ts
const isValid = (s: string): boolean => /^[A-Za-z0-9/+=]{40}$/.test(s);

GitHub Token

security

GitHub personal access token.

#github#token
ts
const isValid = (s: string): boolean => /^gh[ps]_[a-zA-Z0-9]{36}$/.test(s);

NPM Token

security

NPM auth token.

#npm#token
ts
const isValid = (s: string): boolean => /^npm_[a-zA-Z0-9]{36}$/.test(s);

Heroku API Key

security

Heroku API key format.

#heroku#api
ts
const isValid = (s: string): boolean => /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(s);

Firebase API Key

security

Firebase Web API key.

#firebase#google
ts
const isValid = (s: string): boolean => /^AIza[0-9A-Za-z_-]{35}$/.test(s);

SendGrid API Key

security

SendGrid API key format.

#sendgrid#email
ts
const isValid = (s: string): boolean => /^SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}$/.test(s);

Twilio Account SID

security

Twilio account identifier.

#twilio#sms
ts
const isValid = (s: string): boolean => /^AC[a-f0-9]{32}$/.test(s);

SQL Injection (Basic)

security

Detects common SQL injection.

#security#sqli
ts
const isValid = (s: string): boolean => /(--|;|'|\"|\/\*|\*\/|xp_|union|select|insert|update|delete|drop|exec)/.test(s);

XSS Pattern (Basic)

security

Detects common XSS patterns.

#security#xss
ts
const isValid = (s: string): boolean => /(<script|javascript:|on\w+=|<iframe|<object|<embed)/.test(s);

Bearer Token

security

Bearer authorization.

#auth#bearer
ts
const isValid = (s: string): boolean => /^Bearer\s[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$/.test(s);

About Security & Auth Validators

Our security & auth validation snippets are designed to handle the most common validation scenarios you'll encounter in modern software development. Each snippet is thoroughly tested, optimized for performance, and follows industry best practices.

All validators are available in multiple programming languages including JavaScript, TypeScript, Python, Go, PHP, C#, and Rust. Simply copy the code snippet, adapt it to your specific needs, and integrate it into your project. Every snippet is MIT licensed—free for personal and commercial use.

Browse Other Categories

String & RegexDate & TimeFile & UploadsNetwork & IPCloud & DevOpsBackend & DB