search

mathiscode / password-leak

A library to check for compromised passwords
MIT License
97 stars 7 forks source link
haveibeenpwned javascript-library password-safety security-tools

readme

password-leak

Version Downloads Standardjs PRs Welcome GitHub license

Build Status Known Vulnerabilities

Also check out the password-leak-monitor browser extension!

Introduction

password-leak is a JavaScript module that can be used to determine if a password is compromised by checking with the Have I Been Pwned API.

How is this safe?

Your passwords are NEVER transmitted to any other system. This library makes use of the Have I Been Pwned API, which implements a k-Anonymity Model so your password can be checked without ever having to give it to any other party.

Installation

npm install @mathiscode/password-leak

Usage in Browser

<script src="https://cdn.jsdelivr.net/npm/@mathiscode/password-leak@latest"></script>

<script>
  isPasswordCompromised('myPassword').then(isCompromised => {
    console.log('Is compromised?', isCompromised)
  })
</script>

Usage in Node.js

With import/await

import isPasswordCompromised from '@mathiscode/password-leak'

const isCompromised = await isPasswordCompromised('myPassword')
console.log('Is compromised?', isCompromised)

With require/promises

const isPasswordCompromised = require('@mathiscode/password-leak').default

isPasswordCompromised('myPassword').then(isCompromised => {
  console.log('Is compromised?', isCompromised)
})

Usage in Command Line

Install globally, or use npx @mathiscode/password-leak

npm install -g @mathiscode/password-leak

You can then run password-leak to interactively enter the masked password, or provide the password as an argument, eg. password-leak myPassword

The exit status will be 0 (not compromised) or 1 (compromised).