depends on what you believe
length beats complexity
so if you take length and the character set in consideration -> lets assume ascii for this example and only the letters in upper and lowercase.
you have 54 possibilities per position so based on the length it can be
54^8 = 7,230196134×10¹³ possibilities
54^4 = 8503056 possibilities
so the complexity idea is to increase the base by "special characters and numbers" which allows you to keep shorter passwords which are harder to bruteforce.
68^4 = 21381376 possibilities
as you see that increasing the base does make it harder, still it's safer to just write a password sentence like "inmyopinionilikebatmanmorethansuperman" which would be
54^38 = 6,775835802×10⁶⁵ possibilities
so basically you can take those ranges and define ranges like "0-4 chars weak" "5-8 chars medium" "5-8 chars plus one number and one specialcharacter safe enough" > "good password"
basically you first check the length > than the alphabet and if it's above a certain number of possibilities you say it's safe :) .....
i would recommend a lib for that :)