data-strength
Real-time password strength meter with configurable rules checklist. Shows weak/fair/good/strong levels as the user types.
Overview
The data-strength attribute adds a real-time password strength meter to any password input. A visual meter bar and rules checklist update as the user types, giving instant feedback on password quality.
How It Works
Add data-strength to a password input inside a <form-field>. The init script:
- Parses the
data-rulesattribute into a list of validation rules - Creates a
.strength-meterelement with a fill bar after the input - Creates a
.strength-ruleschecklist showing each rule and its status - Listens for
inputevents and evaluates the password against each rule - Calculates a percentage score based on how many rules are met
- Maps the percentage to a strength level: weak, fair, good, or strong
- Updates the meter fill width, color, and ARIA attributes in real time
The input must be inside a <form-field> so the meter and checklist render in the correct position within the field layout.
Attributes
| Attribute | Type | Description |
|---|---|---|
data-strength |
boolean | Enables the password strength meter on the input. |
data-rules |
string | Comma-separated list of rules. Available rules: length:N, uppercase, lowercase, number, special. |
data-strength-init |
boolean | Set automatically to prevent double-binding. Do not set manually. |
Rules
The data-rules attribute accepts a comma-separated list of validation rules. Each rule is evaluated independently and contributes equally to the overall score.
| Rule | Syntax | Description |
|---|---|---|
| Minimum length | length:N |
Password must be at least N characters. Checklist shows "At least N characters". |
| Uppercase | uppercase |
Must contain at least one uppercase letter (A–Z). |
| Lowercase | lowercase |
Must contain at least one lowercase letter (a–z). |
| Number | number |
Must contain at least one digit (0–9). |
| Special character | special |
Must contain at least one special character (!@#$%^&* etc.). |
Strength Levels
The percentage of rules met determines the strength level:
- Weak — less than 40% of rules met (
--color-danger) - Fair — 40% to 74% of rules met (
--color-warning) - Good — 75% to 99% of rules met (
--color-info) - Strong — 100% of rules met (
--color-success)
The meter fill bar changes color and width to reflect the current level.
Custom Rule Combinations
Mix and match rules to set the appropriate strength requirements for your use case. Fewer rules make it easier to reach "strong"; more rules require a more complex password.
With Password Toggle
The strength meter works alongside the data-show-password toggle. Both enhancements coexist without conflict — the show/hide button and strength meter each enhance the same input independently.
DOM Structure
After initialization, the following elements are inserted after the password input within the <form-field>:
The .strength-meter uses role="meter" with ARIA attributes for the current score. The .strength-rules checklist marks met rules with data-met.
Events
The strength meter updates on native input events. You can read the current level and score from the generated DOM.
Styling
The meter, fill bar, and rules checklist are fully customizable via CSS. Styles are scoped to the generated class names and the data-level attribute on the fill bar.
Dynamic Elements
Strength-enhanced inputs added to the DOM after page load are automatically enhanced via a MutationObserver. No manual initialization is needed.
Accessibility
- The meter uses
role="meter"witharia-label="Password strength",aria-valuemin,aria-valuemax,aria-valuenow, andaria-valuetext aria-valuetextis set to the current level name (weak, fair, good, strong) for screen reader announcements- The rules checklist uses
aria-label="Password requirements"for context - Met rules are indicated with
data-metand can be styled with a checkmark icon for visual feedback - Must be inside
<form-field>for proper layout and association with the label - The password input requires a visible
<label> - Without JavaScript, the input works as a normal password field — progressive enhancement