This change allows a blank password for basic auth. The exists() function is just the code generated by coffeescript's existence operator. Blank password is required for the particular API I am working with (recur.ly).
The username could be made to allow blank through the same mechanism, but I can't imagine there being an actual use case for it, so I left the username validation as it is.
added npm test script
allow for empty password on basic auth