Since I mostly blog/commit to remember for my own future usage, another handy codesnip which I probably will need again. Requirement from our IAM provider for is user credentials was a certain password complexity of at least 8 characters (easy) and the combination of at least 3 out of 4 character sets (lowercase, uppercase, numbers and weird characters aka non-alphanumeric. The last criteria could be done with a blunt knife but we tried to be gentle.

    // Check password complexity
    const hasUpperCase = /[A-Z]/.test(password);
    const hasLowerCase = /[a-z]/.test(password);
    const hasNumbers = /d/.test(password);
    const hasNonalphas = /W/.test(password);
    const totalPassword = [ hasUpperCase, hasLowerCase, hasNumbers, hasNonalphas ].filter(v => v).length;
    if (password.length < 8 || totalPassword < 3) {
        console.error(`password length:${password.length} charsets:${totalPassword}`);
        // fancy error handling stuff

The regex for frontend if usable: