Full list here

Overall, just stop reinventing the wheel and use a library which maintainers already covered more corner cases than you’re willing to think of. If everybody just used what’s already out there we wouldn’t have ad-hoc “password validators” complaining that & is not a valid character when they explicitly ask for special characters in it.