diff --git a/.changeset/large-kangaroos-call.md b/.changeset/large-kangaroos-call.md new file mode 100644 index 00000000..d72dce7a --- /dev/null +++ b/.changeset/large-kangaroos-call.md @@ -0,0 +1,5 @@ +--- +'pwned': minor +--- + +Add the `--pad` (`-p`) option to the `pw` command, allowing you to ask the remote API to add padding to the response to obscure the password prefix. See https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/ for more information. diff --git a/src/commands/pw.ts b/src/commands/pw.ts index 8aa12df7..d8d8507c 100644 --- a/src/commands/pw.ts +++ b/src/commands/pw.ts @@ -9,11 +9,13 @@ export const describe = 'securely check a password for public exposure'; interface PwArgvOptions { password: string; + p?: boolean; r?: boolean; } interface PwHandlerOptions { password: string; + pad?: boolean; raw?: boolean; } @@ -30,13 +32,19 @@ export function builder(yargs: Argv): Argv { } return true; }) + .option('p', { + alias: 'pad', + describe: 'add padding to the API response to obscure the contents', + type: 'boolean', + default: false, + }) .option('r', { alias: 'raw', describe: 'disable the console spinner', type: 'boolean', default: false, }) - .group(['r'], 'Command Options:') + .group(['r', 'p'], 'Command Options:') .group(['h', 'v'], 'Global Options:'); } /* c8 ignore stop */ @@ -52,6 +60,7 @@ export function builder(yargs: Argv): Argv { */ export async function handler({ password, + pad, raw, }: PwHandlerOptions): Promise { if (!raw) { @@ -59,7 +68,10 @@ export async function handler({ } try { - const pwnCount = await pwnedPassword(password, { userAgent }); + const pwnCount = await pwnedPassword(password, { + userAgent, + addPadding: pad, + }); if (pwnCount) { const pwnedMessage = `Oh no — pwned ${pwnCount} times!`; if (!raw) {