I’m no regex wiz but I’ll give this a shot to the best of my understanding.
/(?=\w{5,})(?=\d)/
Your second lookahead is trying to match a place in your string where a pointer could be placed such that the pointer is immediately followed by 5 or more word characters \w and immediately followed by one digit character \d. Using variations of your password see where your regex will fail.
astronaut false (obviously)
22astronaut true
a22stronaut true
as22tronaut true
ast22ronaut true
astr22onaut true
astro22naut true
astron22aut true (last variation where both are possible)
astrona22ut false
astronau22t false
astronaut22 false
/(?=\w{5,})(?=\D*\d)/
Your first regex is still trying to match a place in your string where a pointer could be placed such that the pointer is immediately followed by 5 or more word characters but allows for the pointer to be followed by zero or more non-digit characters \D* and then a digit character.
This is more flexible about where that digit is in relation to the pointer - it does not have to follow immediately, it just has to be there.
astronaut false (obviously again)
22astronaut true
a22stronaut true
as22tronaut true
ast22ronaut true
astr22onaut true
astro22naut true
astron22aut true
astrona22ut true
astronau22t true
astronaut22 true
Now to pass the challenge your regex would need to test that there are at least two consecutive digits. Your regex as written is only testing for one.
Hope this helps some.