Skip to content
A library to check for compromised passwords
JavaScript HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
dist tweak webpack config Jun 26, 2019
src
test tried to get ie11 working - no joy Jun 24, 2019
.babelrc
.gitignore Initial commit Jun 23, 2019
.nvmrc
.travis.yml Initial commit Jun 23, 2019
LICENSE
README.md Updated README Jun 26, 2019
package.json 1.2.11 Jul 29, 2019
webpack.config.js
yarn.lock

README.md

password-leak

Version Downloads Standardjs PRs Welcome GitHub license Beerpay

Build Status Dependency Status devDependency Status Known Vulnerabilities

Also check out the password-leak-monitor browser extension!



Introduction

password-leak is a JavaScript module that can be used to determine if a password is compromised by checking with the Have I Been Pwned API.

How is this safe?

Your passwords are NEVER transmitted to any other system. This library makes use of the Have I Been Pwned API, which implements a k-Anonymity Model so your password can be checked without ever having to give it to any other party.

Installation

npm install @mathiscode/password-leak

Usage in Browser

<script src="https://cdn.jsdelivr.net/npm/@mathiscode/password-leak@latest"></script>

<script>
  isPasswordCompromised('myPassword').then(isCompromised => {
    console.log('Is compromised?', isCompromised)
  })
</script>

Usage in Node.js

With import/await

import isPasswordCompromised from '@mathiscode/password-leak'

const isCompromised = await isPasswordCompromised('myPassword')
console.log('Is compromised?', isCompromised)

With require/promises

const isPasswordCompromised = require('@mathiscode/password-leak').default

isPasswordCompromised('myPassword').then(isCompromised => {
  console.log('Is compromised?', isCompromised)
})

Usage in Command Line

Install globally, or use npx @mathiscode/password-leak

npm install -g @mathiscode/password-leak

You can then run password-leak to interactively enter the masked password, or provide the password as an argument, eg. password-leak myPassword

The exit status will be 0 (not compromised) or 1 (compromised).

You can’t perform that action at this time.