@philnash/pwned

@philnash/pwned

An easy, promise based, way to test passwords securely against the Pwned Passwords API v2 in Node.js.

About

Troy Hunt's Pwned Passwords API V2 allows you to check if a password has been found in any of the huge data breaches.

@philnash/pwned is a JavaScript library to use the Pwned Passwords API's k-Anonymity model to test a password against the API without sending the entire password to the service.

The data from this API is provided by Have I been pwned?. Before using the API, please check the acceptable uses and license of the API.

Installation

npm install @philnash/pwned

Usage

With promises

const pwned = require('@philnash/pwned').default;

pwned('password').then(password => {
  if (password.pwned) {
    console.log(`Your password has been pwned ${password.pwnedCount} times`);
  } else {
    console.log('Your password is safe, for now');
  }
});

With async/await

import pwned from '@philnash/pwned';

const testPassword = async attempt => {
  const password = await pwned(attempt);
  if (password.pwned) {
    console.log(`Your password has been pwned ${password.pwnedCount} times`);
  } else {
    console.log('Your password is safe, for now');
  }
};
testPassword('password');

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/philnash/pwned.js. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

This package is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Pwned project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.