password-leakdeprecated

A library to check for compromised passwords

Usage no npm install needed!

<script type="module">
  import passwordLeak from 'https://cdn.skypack.dev/password-leak';
</script>

README

password-leak

Version Standardjs PRs Welcome GitHub license Build Status Dependency Status Known Vulnerabilities

Also check out the password-leak-monitor browser extension!

Introduction

password-leak is a JavaScript module that can be used to determine if a password is compromised by checking with the Have I Been Pwned API.

How is this safe?

Your passwords are NEVER transmitted to any other system. This library makes use of the Have I Been Pwned API, which implements a k-Anonymity Model so your password can be checked without ever having to give it to any other party.

Installation

npm install password-leak

Usage in Browser

<script src="https://cdn.jsdelivr.net/npm/password-leak@latest"></script>

<script>
  isPasswordCompromised('myPassword').then(isCompromised => {
    console.log('Is compromised?', isCompromised)
  })
</script>

Usage in Node.js

With import/await

import isPasswordCompromised from 'password-leak'

const isCompromised = await isPasswordCompromised('myPassword')
console.log('Is compromised?', isCompromised)

With require/promises

const isPasswordCompromised = require('password-leak').default

isPasswordCompromised('myPassword').then(isCompromised => {
  console.log('Is compromised?', isCompromised)
})

Usage in Command Line

Install globally, or use npx password-leak

npm install -g password-leak

You can then run password-leak to interactively enter the masked password, or provide the password as an argument, eg. password-leak myPassword

The exit status will be 0 (not compromised) or 1 (compromised).