I don't know if zxcvbn has a particular policy about thread safety, but issue #16 suggests that it is desirable.
The system for lazy-loading ranked dictionaries in commit f416148 does not appear to be thread-safe. If one thread enters get_ranked_dictionaries and sees that RANKED_DICTIONARIES is None, it will initialise it to an empty dictionary and start to populate it. In the meantime, if a second thread enters that function, it will see the empty (or partially populated) dictionary and return it. Thus there is a small window of time where calls to zxcvbn will operate with an incorrect RANKED_DICTIONARIES.
For multithreaded applications that care about this, the workaround would be to call get_ranked_dictionaries once at startup.
I don't know if zxcvbn has a particular policy about thread safety, but issue #16 suggests that it is desirable.
The system for lazy-loading ranked dictionaries in commit f416148 does not appear to be thread-safe. If one thread enters
get_ranked_dictionariesand sees thatRANKED_DICTIONARIESisNone, it will initialise it to an empty dictionary and start to populate it. In the meantime, if a second thread enters that function, it will see the empty (or partially populated) dictionary and return it. Thus there is a small window of time where calls to zxcvbn will operate with an incorrectRANKED_DICTIONARIES.For multithreaded applications that care about this, the workaround would be to call
get_ranked_dictionariesonce at startup.