Somewhat typical situation with a password is that it should not be totally random - it should for example contain one number, one lowercase character and one uppercase character. Or it should contain a special character.

Currently the passwords are generated entirely randomly. So let's say I wanted to create a password that would match following regexes: ~[0-9]~, ~[a-f]~. Then with $generator->generateString(12, 'abcdef0123456789'); you'll get a password aaaabbbbcccc or something like that that wouldn't match the expected format as it's missing the numbers. It's certainly possible to test the generated password and try again unless it passes, but that may well lead to approximately endless loop.

Do you think it would be possible to extend the generator to add an option to generate random strings that pass typical requirements (contains numbers, uppercase, lowercase, special char)? Or what approach would you suggest in such scenarios?

I'm worried that userland implementations (like replacing random character with rand(0,9) if number is missing) could mean potential security issues and it's something this library tries to prevent.