GSoC 2026 Proposal Draft – Idea 8: Password strength indicator - Arjit Singh

GSoC GSoC Proposal Drafts
1

Links

Link to Google Doc Proposal Page - Project 8 Proposal - Joplin - Google Docs

Personal Information

  • Name: Arjit Singh

  • Education: B.Tech in Computer Science (AI/ML specialization, Data Analytics minor), Amity University Gurugram, India

  • Background: Completed Harvard CS50 (Introduction to Computer Science), currently pursuing CS50 Web Programming. Experienced in Python, C, JavaScript, TypeScript, React, Flask, Django, SQL, and HTML/CSS.

  • Motivation: As a first‑year student, I may not yet be perfect in every area, but I am eager to learn through open‑source collaboration. I am committed to completing my work on time, iterating based on feedback, and ensuring that the final deliverable is polished, reliable, and valuable to the Joplin community.

  • Programming Experience -

    I have a strong foundation in computer science and web development, built through both academic coursework and self‑driven projects:

    • Languages & Core Skills
      Proficient in Python, C, JavaScript, TypeScript, SQL, and HTML/CSS. These languages form the backbone of my programming journey, enabling me to work across backend logic, frontend design, and database management.

    • Frameworks & Tools
      Experienced with React, React Native, Flask, and Django, which I have used to build responsive web applications and refine UI/UX with animations and professional design standards. I am also familiar with Jest and React Testing Library for writing unit and component tests.

    • Project‑Based Learning
      Through Harvard’s CS50 Introduction to Computer Science and CS50 Web Programming, I have developed structured problem‑solving skills and hands‑on experience in building scalable applications. I actively apply these skills in hackathons and personal projects, focusing on polished, demo‑ready solutions.

    • Active Research & Exploration
      My current browsing activity reflects my preparation for this project:

      • Studying the zxcvbn-ts library for password strength estimation.

      • Reviewing the Joplin GSoC ideas page and proposal writing guidelines.

      • Exploring React Native documentation for mobile integration.

      • Reading WCAG 2.1 accessibility standards to ensure compliance.

      • Practicing with Jest and React Testing Library for robust testing.

    • Problem‑Solving Approach
      I excel at breaking complex tasks into smaller, manageable steps, iterating through design and testing, and refining based on feedback. This structured approach ensures reliability and professional polish in my work.

  • Experience with Open Source -

    Although I am still early in my journey as a contributor, I have actively engaged with open‑source communities and tools to build my skills and prepare for meaningful contributions:

    • Learning from Open‑Source Projects
      I have studied and experimented with open‑source frameworks such as React, React Native, and Django, building small demo applications and refining my understanding of modular codebases. This has given me exposure to collaborative coding practices and the importance of clear documentation.

    • Exploring Joplin’s Codebase
      I have cloned and explored the Joplin repository to understand its monorepo structure and identify where password input modules are located. This exploration helped me map out integration points for the Password Strength Indicator project.

    • Community Interaction
      I have introduced myself on the Joplin forum and begun engaging with discussions to better understand community expectations. I plan to continue this by sharing drafts, collecting feedback, and iterating on my work in collaboration with mentors and contributors.

    • Commitment to Contribution
      While my pull requests to Joplin are still in progress, I am committed to submitting clean, well‑documented PRs during this project. Even if my current contributions are small, I see this GSoC project as an opportunity to grow into a consistent and reliable contributor.

Synopsis

Currently, Joplin allows users to set a master password without feedback on its strength. This can lead to weak or easily guessable passwords, reducing overall data security.

This project proposes the implementation of a Password Strength Indicator across Joplin’s desktop and mobile applications. The indicator will:

  • Evaluate password strength in real time using zxcvbn-ts.

  • Display a clear visual bar (Weak → Strong).

  • Provide crack‑time estimates and actionable suggestions.

  • Follow WCAG 2.1 AA accessibility standards (color + text labels).

The feature will be advisory only — empowering users with information without enforcing restrictions. Deliverables include the component, integration across platforms, unit/component tests, and developer documentation.

  • What Problem does it solve -

    Currently, Joplin allows users to set a master password without providing any feedback on its strength. This creates several issues:

    • Risk of Weak Passwords
      Users may unknowingly choose passwords that are short, predictable, or easily guessable. Without guidance, they might assume their password is secure when it is not.

    • Lack of Security Awareness
      Many users are not familiar with password best practices. Without visual or textual feedback, they have no way of understanding whether their chosen password can withstand brute‑force or dictionary attacks.

    • No Educational Value
      The absence of feedback means Joplin misses an opportunity to educate users about password strength, crack‑time estimates, and improvement strategies.

    • Inconsistent User Experience
      Modern applications often provide password strength indicators. Joplin’s lack of this feature may feel outdated to users and reduce confidence in its security practices.

  • How this project addresses the problem -

    By implementing a Password Strength Indicator, the project directly solves these issues:

    • Provides real‑time feedback on password strength using zxcvbn-ts.

    • Displays visual indicators (bar + text labels) to guide users toward stronger passwords.

    • Offers crack‑time estimates and actionable suggestions, educating users without enforcing restrictions.

    • Ensures accessibility compliance (WCAG 2.1 AA) so all users benefit equally.

    • Creates a consistent, modern experience across desktop and mobile platforms.

Benefits to Joplin

  • Enhances user security awareness.

  • Improves user experience with actionable feedback.

  • Aligns with Joplin’s mission of privacy and data protection.

  • Provides consistency across desktop and mobile platforms.

Benefits to the Community

Implementing a Password Strength Indicator in Joplin will provide significant value to the community in multiple dimensions:

Enhanced Security Awareness

  • Users will gain real‑time insight into the strength of their chosen master password. By showing crack‑time estimates and actionable suggestions, the feature educates users about password best practices without enforcing restrictions. This empowers the community to make informed decisions about their data protection.

Improved User Experience

  • The indicator offers clear, accessible feedback through both color and text labels. This reduces uncertainty when setting a password and builds user confidence. Accessibility compliance ensures that all users, including those with visual impairments, benefit equally from the feature.

Cross‑Platform Consistency

  • By integrating the component into both desktop and mobile applications, the community experiences a unified interface. This consistency strengthens Joplin’s reputation as a reliable, professional tool across devices.

Technical Details

  • Library: @zxcvbn-ts/core for password evaluation.

  • UI: 4‑segment bar with WCAG compliance.

  • Performance: Debounced updates (150ms).

  • Accessibility: Suggestions hidden once password reaches Good/Strong.

  • Testing: Jest + React Testing Library.

  • Integration: Desktop (Electron) and Mobile (React Native).

Technical Approach

Architecture & Components

The project will be implemented as a modular React + TypeScript component called PasswordStrengthIndicator.

  • Core Logic: Uses zxcvbn-ts to evaluate password strength in real time.

  • UI Layer: Displays a strength bar (Weak → Strong), crack‑time estimates, and improvement suggestions.

  • Accessibility Layer: Adds WCAG 2.1 AA compliance with text labels, ARIA attributes, and color contrast.

  • Cross‑Platform Integration: Designed to work seamlessly in both Joplin’s desktop (Electron + React) and mobile (React Native) applications.

Changes to the Joplin Codebase

  • Desktop: Integrate the component into EncryptionConfigScreen where users set their master password.

  • Mobile: Adapt the component for React Native and integrate it into the mobile password input screen.

  • Testing: Add unit and component tests under Joplin’s test suite to ensure reliability.

  • Documentation: Update developer docs to explain usage and integration of the new component.

Libraries & Technologies

  • @zxcvbn-ts/core – Password strength estimation library.

  • React + TypeScript – For building reusable, strongly typed components.

  • React Native – For mobile integration.

  • Jest – Unit testing framework.

  • React Testing Library – Component testing and accessibility validation.

  • WCAG 2.1 Guidelines – Accessibility compliance standards.

Potential Challenges

  • Cross‑Platform Consistency: Ensuring identical behavior and UI across desktop and mobile environments.

  • Performance Optimization: Debouncing updates to avoid lag during typing, especially on mobile devices.

  • Accessibility Compliance: Meeting WCAG 2.1 AA standards requires careful design and testing.

  • Edge Cases: Handling unusual password inputs (e.g., extremely long strings, repeated characters, unicode).

  • Community Feedback Iteration: Incorporating suggestions while maintaining scope and timeline.

image
image1536×1024 191 KB

Implementation Plan

Step 1: Setup & Research →

  • Clone and build Joplin locally to ensure the environment is ready.

  • Explore the monorepo structure (packages/app-desktop, mobile code) to identify where password inputs are handled.

  • Confirm feasibility of integrating zxcvbn-ts by testing a small demo inside Joplin’s environment.

  • Deliverable: A clear map of where the component will be inserted.

(Flow: Joplin repo → Identify password modules → Demo integration test)

Step 2: Component Development (Desktop) →

  • Create a reusable React + TypeScript component called PasswordStrengthIndicator.

  • Integrate with EncryptionConfigScreen so that the indicator appears directly below the password input field.

  • Implement real‑time feedback: strength bar (0–4), crack‑time estimates, and suggestions.

  • Deliverable: A working desktop component with live feedback.

(Flow: Password input → zxcvbn-ts evaluation → Strength bar + suggestions)

Step 3: Accessibility & UI Refinement →

  • Apply WCAG 2.1 AA standards: add text labels alongside color indicators for clarity.

  • Ensure screen reader compatibility with ARIA attributes.

  • Refine UI/UX for clarity, responsiveness, and professional polish.

  • Deliverable: Accessible, user‑friendly desktop component.

(Flow: Strength bar → Color + text labels → Screen reader support)

Step 4: Mobile Integration →

  • Adapt the component for React Native, ensuring compatibility with mobile password input screens.

  • Optimize performance for mobile devices (debounced updates, lightweight rendering).

  • Maintain consistency between desktop and mobile UI.

  • Deliverable: Mobile password strength indicator with identical functionality.

(Flow: Mobile password input → React Native component → Consistent UI)

Step 5: Testing →

  • Unit tests for password strength logic (zxcvbn-ts scoring, suggestions).

  • Component tests using Jest + React Testing Library to validate rendering and feedback.

  • Accessibility validation (color contrast, keyboard navigation, screen reader output).

  • Deliverable: A robust test suite ensuring reliability and accessibility.

(Flow: Input → zxcvbn-ts → Output → Test cases → Verified results)

Step 6: Iteration & Feedback →

  • Share initial implementation with mentors/community for feedback.

  • Refine edge cases (e.g., very long passwords, unusual character sets).

  • Polish UI interactions based on suggestions.

  • Deliverable: Improved component after community review.

(Flow: Community feedback ↔ Developer refinement → Polished UI)

Step 7: Documentation & Final Review →

  • Write developer documentation explaining how the component works and how to extend it.

  • Prepare final PRs with clean commits and clear descriptions.

  • Conduct final review with mentors before merging.

  • Deliverable: Documented, tested, and reviewed feature ready for release.

(Flow: Documentation → PR submission → Mentor review → Final merge)

Weekly Timeline

Week 1: Setup & Research (15–20 hours)

Goal: Understand Joplin’s architecture and plan integration points.

  • Clone and build Joplin’s desktop and mobile apps locally.

  • Explore the monorepo structure to locate password input screens.

  • Identify where the master password is set (e.g., EncryptionConfigScreen).

  • Test integration of zxcvbn-ts in a sandbox component.

Document findings and finalize the insertion strategy.

  • Outcome: A clear technical map of where and how the component will be integrated.

Week 2: Desktop Component Development (20–25 hours)

Goal: Build the core password strength indicator for desktop.

  • Create a reusable React + TypeScript component (PasswordStrengthIndicator).

  • Integrate it into the desktop password input screen.

  • Use zxcvbn-ts to evaluate password strength in real time.

Display strength bar (0–4), crack-time estimates, and suggestions.

  • Outcome: A working desktop component with live feedback and advisory suggestions.

Week 3: Accessibility & UI Refinement (20 hours)

Goal: Make the component accessible and visually polished.

  • Apply WCAG 2.1 AA standards: color contrast, text labels, ARIA attributes.

  • Ensure screen reader compatibility and keyboard navigation.

  • Refine UI layout, spacing, and responsiveness.

Hide suggestions once password reaches “Good” or “Strong.”

  • Outcome: A clean, accessible, and user-friendly desktop experience.

Week 4: Mobile Integration (20–25 hours)

Goal: Extend the component to React Native for mobile.

  • Adapt the component for mobile password input screens.

  • Ensure compatibility with React Native APIs and styling.

  • Optimize performance (debounced updates, lightweight rendering).

Maintain visual and functional consistency with desktop.

  • Outcome: A fully functional mobile password strength indicator.

Week 5: Testing – Unit & Component (20 hours)

Goal: Ensure reliability and correctness through testing.

  • Write unit tests for password scoring and feedback logic.

  • Add component tests using Jest + React Testing Library.

  • Validate accessibility features (labels, ARIA roles, contrast).

Test edge cases (e.g., very long passwords, repeated patterns).

  • Outcome: A robust test suite that ensures the component works as expected.

Week 6: Iteration & Feedback (15–20 hours)

Goal: Refine the feature based on mentor and community input.

  • Share initial implementation with mentors and the Joplin community.

  • Collect feedback on UI, accessibility, and performance.

  • Address bugs, edge cases, and usability concerns.

Polish animations, transitions, and error handling.

  • Outcome: A refined and community-approved version of the feature.

Week 7: Documentation & Final Review (10–15 hours)

Goal: Finalize the project and prepare for submission.

  • Write developer documentation explaining component usage and integration.

  • Prepare clean, well-documented PRs with clear commit history.

Conduct final review with mentors and make last adjustments.

  • Outcome: A complete, documented, and production-ready feature ready to merge.

Skills Required

To successfully complete this project, the following skills are essential:

  • React + TypeScript: For building reusable, typed components across desktop and mobile.

  • JavaScript Fundamentals: Including ES6+ syntax, event handling, and modular structuring.

  • UI/UX Design: Creating accessible, responsive, and user-friendly interfaces.

  • Accessibility Standards: Applying WCAG 2.1 AA compliance (color contrast, ARIA labels).

  • Testing Frameworks: Writing unit and component tests using Jest and React Testing Library.

  • Version Control & Contribution Workflow: Using Git, managing branches, and submitting clean PRs.

Deliverables

By the end of the project, the following will be completed and available in the Joplin codebase:

Implemented Features

  • A reusable PasswordStrengthIndicator component built with React + TypeScript.

  • Real-time password strength evaluation using zxcvbn-ts, with:

    • A 4-level strength bar (Weak, Fair, Good, Strong).

    • Crack-time estimates.

    • Actionable improvement suggestions.

  • Full integration into:

    • Desktop app (EncryptionConfigScreen).

    • Mobile app (React Native password input screen).

  • Accessibility compliance following WCAG 2.1 AA standards:

    • Color contrast.

    • Text labels.

    • ARIA attributes for screen readers.

Tests

  • Unit tests for password scoring logic and feedback generation.

  • Component tests using Jest and React Testing Library to validate rendering, accessibility, and edge cases.

  • Cross-platform validation to ensure consistent behavior on desktop and mobile.

Documentation

  • Developer documentation explaining:

    • Component structure and usage.

    • Integration points in the codebase.

    • How to extend or modify the feature.

  • Clear commit history and pull request descriptions for maintainability.

Availability

  • Time Zone: India Standard Time (IST) – UTC +5:30

  • Weekly Availability: I will be available for approximately 20–25 hours per week throughout the GSoC coding period. My schedule is flexible and I can adjust my working hours to align with mentor availability across time zones.

  • Daily Commitment:

    • Weekdays: 3–4 hours/day

    • Weekends: 5–6 hours/day (available for longer review and testing sessions)

  • Other Commitments:
    I do not have any conflicting academic or professional obligations during the GSoC period. My university summer break aligns with the timeline, allowing me to dedicate focused time to this project. I am fully committed to completing all milestones on time and actively engaging with mentors and the Joplin community.

Difficulty Level

While listed as an Easy project, the realistic scope — including cross-platform integration, accessibility, and testing — places this project at an Easy to Medium level. As a first-year student, I expect to invest 120–150 hours to complete the project thoroughly, with time allocated for learning, iteration, and mentor feedback.

References

  • Google GSoC Proposal Guide

Writing a proposal | Google Summer of Code Guides

  • Joplin GSoC Ideas Page

gsoc/ideas.md at master · joplin/gsoc

  • Joplin Proposal Submission Guidelines.

GSoC 2026: How to Submit Your Proposal Draft - GSoC - Joplin Forum

  • zxcvbn-ts Library

GitHub - zxcvbn-ts/zxcvbn: Low-Budget Password Strength Estimation · GitHub

  • WCAG 2.1 Accessibility Guidelines

Web Content Accessibility Guidelines (WCAG) 2.1

  • React Native Documentation

Introduction · React Native

  • Jest Testing Framework

Jest · :joker: Delightful JavaScript Testing

  • React Testing Library

Introduction | Testing Library

2

Hello,

Thank you for your draft proposal. Unfortunately we had to remove the idea from the list as described here: https://github.com/joplin/gsoc/pull/16

Please consider creating a new draft proposal based on a different idea or on your own idea.