An easy, promise based, way to test passwords securely against the Pwned Passwords API v2 in Node.js.
Troy Hunt's Pwned Passwords API V2 allows you to check if a password has been found in any of the huge data breaches.
@philnash/pwned is a JavaScript library to use the Pwned Passwords API's k-Anonymity model to test a password against the API without sending the entire password to the service.
The data from this API is provided by Have I been pwned?. Before using the API, please check the acceptable uses and license of the API.
npm install @philnash/pwnedconst pwned = require('@philnash/pwned').default;
pwned('password').then(password => {
if (password.pwned) {
console.log(`Your password has been pwned ${password.pwnedCount} times`);
} else {
console.log('Your password is safe, for now');
}
});import pwned from '@philnash/pwned';
const testPassword = async attempt => {
const password = await pwned(attempt);
if (password.pwned) {
console.log(`Your password has been pwned ${password.pwnedCount} times`);
} else {
console.log('Your password is safe, for now');
}
};
testPassword('password');Bug reports and pull requests are welcome on GitHub at https://github.com/philnash/pwned.js. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
This package is available as open source under the terms of the MIT License.
Everyone interacting in the Pwned project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.