whatisgithub

What is password-manager-resources?

apple/password-manager-resources — explained in plain English

Analysis updated 2026-06-26

4,696JavaScriptAudience · developerComplexity · 1/5Setup · easy

In one sentence

A shared data repository where password manager developers pool knowledge about website quirks, password rules, linked login domains, change-password URLs, and 2FA login patterns, plus a JavaScript parser for the rules.

Mindmap

mindmap
  root((Password Resources))
    Data files
      Password rules
      Linked domains
      Change password URLs
      2FA quirks
    Parsers
      JavaScript parser
      Rust parser
    Use Cases
      Password managers
      Browser autofill
    Audience
      Tool developers
      Browser engineers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Integrate password rule data so your password manager generates a compliant password on the first attempt for any website.

USE CASE 2

Use the linked-domains file to suggest a saved password when a user visits a related site that shares the same login backend.

USE CASE 3

Add direct change-password URLs to your tool so users can update weak passwords in one click.

USE CASE 4

Detect sites that append a 2FA code to the password so your autofill doesn't break their login flow.

What is it built with?

JavaScriptRust

How does it compare?

apple/password-manager-resourcessupasate/connected-react-routerdevelopit/greenlet
Stars4,6964,6954,694
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyeasymoderateeasy
Complexity1/53/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Data files are plain JSON, just download and parse, a JavaScript parser is included in the repo.

So what is it?

This is a collaborative project started by Apple where password manager developers share data files that help their tools work better with real websites. The core idea is that the web is full of quirks: individual websites have unusual requirements or behaviors that no universal rule can handle, and it makes more sense for the industry to pool that knowledge in one place than for each password manager to rediscover it independently. The project contains four main data files. The first maps website domains to password rules, describing the exact requirements a site has for passwords (minimum length, required character types, and so on) so that a password manager can generate a compatible password on the first try. The second groups websites that share the same login backend, so that if you saved a password for site A, your password manager can suggest it when you visit the related site B. The third lists direct URLs to each website's change-password page, making it easier for password managers to send users there when promoting a password upgrade. The fourth covers websites that append a two-factor authentication code to the end of the password during login, a non-standard pattern that password managers need to know about to avoid breaking the login flow. Alongside the data files, the project includes a JavaScript parser for the Password Rules language so that developers can read and apply the rules in their own tools. A Rust parser maintained by a third party is also available. The target audience is developers building password managers or browsers with autofill features, though the data is openly published so anyone can inspect which sites have unusual password policies. Apple uses this data directly in Safari and iOS autofill. The project encourages contributors to submit discoveries back so that all participating tools benefit from the shared knowledge.

Copy-paste prompts

Prompt 1
Using the apple/password-manager-resources JSON data, parse the password rules for 'amazon.com' and generate a compliant password in JavaScript.
Prompt 2
How do I use the website-quirks dataset to make my browser extension recognize that two different domains share the same login system?
Prompt 3
Find all sites in the password-manager-resources dataset that require a 2FA code appended to the password and list their domains.
Prompt 4
Integrate the JavaScript password-rules parser from apple/password-manager-resources into my autofill extension to validate generated passwords before inserting them.

Frequently asked questions

What is password-manager-resources?

A shared data repository where password manager developers pool knowledge about website quirks, password rules, linked login domains, change-password URLs, and 2FA login patterns, plus a JavaScript parser for the rules.

What language is password-manager-resources written in?

Mainly JavaScript. The stack also includes JavaScript, Rust.

How hard is password-manager-resources to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is password-manager-resources for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.