not-pwneddeprecated

Check if your password has been pwned

Usage no npm install needed!

<script type="module">
  import notPwned from 'https://cdn.skypack.dev/not-pwned';
</script>

README

not-pwned

npm (scoped) Travis Coveralls

Check if your password has been pwned

It uses have i been pwned? to verify if a password has appeared in a data breach. In order to protect the value of the source password being searched the value is not sended through the network. Instead it uses a k-Anonymity model that allows a password to be searched for by partial hash. This allows the first 5 characters of a SHA-1 password hash to be passed to the API. Then this lib search the results of the response for the presence of their source hash and if not found, the password does not exist in the data set.

Table of Contents

Install

This project uses node and npm. Go check them out if you don't have them locally installed.

$ npm install --save not-pwned

The UMD build is also available on jsdelivr:

<script src="https://cdn.jsdelivr.net/npm/not-pwned/dist/not-pwned-browser.min.js"></script>

You can find the library on window.notPwned.

Usage

import notPwned from 'not-pwned'

notPwned('somepassword').then(answer => {
  if (answer === true) {
    console.log('Good news — no pwnage found! This password wasn\'t found in any of the Pwned Passwords loaded into Have I been pwned.')
  } else {
    console.log('Ohh, sorry! This password has previously appeared in a data breach and should never be used.')
  }
})

API

Table of Contents

notPwned

Check if a password was pwned.

Parameters

  • password string The password to check.

Returns Promise<boolean> returns true if the password was not pwned.

Contributing

See the contributing file.

License

Apache License, Version 2.0 © Thiago Santos