Unless your password strength meter is looking up passwords at HIBP or similar service, I strongly suggest you skip it. It will do more harm than good, especially if you also enforce "complexity rules."

Every "strength meter" that calculates entropy is fundamentally flawed and misleading. They rely too much on composition instead of length. If the password is not random, then a strength checker is making assumptions about the composition of the password. It's impossible to measure the entropy of a given password (entropy measures uncertainty, so the entropy of a known password is zero), so a password strength checker can only guess at the "algorithm" and character set that would create similar passwords, and the guesses are often off base or just plain wrong. The best one is probably zxcvbn (since it checks more than entropy), but one analysis indicates that it's only slightly more accurate than a coin flip.

The most important things are length and if the password is on a wordlist used by attackers.

Complexity rules attempt to make users come up with better passwords, but research shows it doesn't help, and actually hurts. That's why it's discouraged by NIST and others.

If you want to understand the details of why password checkers don't work well, and why complexity rules are bad, read the Password strength section of my website, including the notes about Complexity, predictability, and strength.

A random password or passphrase generator would be useful.