I would reply to Peter Mortensen, but I don't have enough reputation.

His expressions are perfect for each of the specified minimum requirements. The problem with his expressions that don't require special characters is that they also don't ALLOW special characters, so they also enforce maximum requirements, which I don't believe the OP requested. Normally you want to allow your users to make their password as strong as they want; why restrict strong passwords?

So, his "minimum eight characters, at least one letter and one number" expression:

^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$

achieves the minimum requirement, but the remaining characters can only be letter and numbers. To allow (but not require) special characters, you should use something like:

^(?=.*[A-Za-z])(?=.*\d).{8,}$ to allow any characters

or

^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d$@$!%*#?&]{8,}$ to allow specific special characters

Likewise, "minimum eight characters, at least one uppercase letter, one lowercase letter and one number:"

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$

meets that minimum requirement, but only allows letters and numbers. Use:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$ to allow any characters

or

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z\d$@$!%*?&]{8,} to allow specific special characters.

Use the following Regex to satisfy the below conditions:

Conditions: 1] Min 1 uppercase letter.
            2] Min 1 lowercase letter.
            3] Min 1 special character.
            4] Min 1 number.
            5] Min 8 characters.
            6] Max 30 characters.

Regex: /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[#$@!%&*?])[A-Za-z\d#$@!%&*?]{8,30}$/    

I've found many problems here, so I made my own.

Here it is in all it's glory, with tests:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*([^a-zA-Z\d\s])).{9,}$

https://regex101.com/r/DCRR65/4/tests

Things to look out for:

1. doesn't use \w because that includes _, which I'm testing for.
2. I've had lots of troubles matching symbols, without matching the end of the line.
3. Doesn't specify symbols specifically, this is also because different locales may have different symbols on their keyboards that they may want to use.

(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+-]).{6}

Regular expressions don't have an AND operator, so it's pretty hard to write a regex that matches valid passwords, when validity is defined by something AND something else AND something else...

But, regular expressions do have an OR operator, so just apply DeMorgan's theorem, and write a regex that matches invalid passwords:

Anything with less than eight characters OR anything with no numbers OR anything with no uppercase OR or anything with no lowercase OR anything with no special characters.

So:

^(.{0,7}|[^0-9]*|[^A-Z]*|[^a-z]*|[a-zA-Z0-9]*)$

If anything matches that, then it's an invalid password.

Try this:

^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])[a-zA-Z0-9@#$%^&+=]*$

This regular expression works for me perfectly.

function myFunction() {
    var str = "c1TTTTaTTT@";
    var patt = new RegExp("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])[a-zA-Z0-9@#$%^&+=]*$");
    var res = patt.test(str);
    console.log("Is regular matches:", res);
}