https://github.com/mathiscode/password-leak
A library to check for compromised passwords
https://github.com/mathiscode/password-leak
haveibeenpwned javascript-library password-safety security-tools
Last synced: 3 months ago
JSON representation
A library to check for compromised passwords
- Host: GitHub
- URL: https://github.com/mathiscode/password-leak
- Owner: mathiscode
- License: mit
- Created: 2019-06-23T15:44:07.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2025-02-19T17:42:27.000Z (5 months ago)
- Last Synced: 2025-03-28T22:14:43.872Z (4 months ago)
- Topics: haveibeenpwned, javascript-library, password-safety, security-tools
- Language: CSS
- Homepage: https://password-leak.vercel.app
- Size: 1.22 MB
- Stars: 97
- Watchers: 0
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
README
# @mathiscode/password-leak
[](https://password-leak.vercel.app)
[](https://www.npmjs.com/package/@mathiscode/password-leak)
[](https://www.npmjs.com/package/@mathiscode/password-leak)
[](https://github.com/mathiscode/password-leak/compare)
[](https://github.com/mathiscode/password-leak/blob/master/LICENSE.md)
[](https://snyk.io/test/github/mathiscode/password-leak?targetFile=package.json)
---
- [Introduction](#introduction)
- [How is this safe?](#how-is-this-safe)
- [Installation](#installation)
- [Usage in Browser](#usage-in-browser)
- [Usage in Node.js](#usage-in-nodejs)
- [With import/await](#with-importawait)
- [With require/sync](#with-requiresync)
- [Usage in Command Line](#usage-in-command-line)
- [Development](#development)
---
## Introduction
`password-leak` is a JavaScript module that can be used to determine if a password is compromised by checking with the [Have I Been Pwned API](https://haveibeenpwned.com/API/).
## How is this safe?
Your passwords are **NEVER** transmitted to any other system. This library makes use of the [Have I Been Pwned API](https://haveibeenpwned.com/API/), which implements a [k-Anonymity Model](https://en.wikipedia.org/wiki/K-anonymity) so your password can be checked without ever having to give it to any other party.
## Installation
`npm install @mathiscode/password-leak@latest`
## Usage in Browser
```html
const isLeaked = await isPasswordLeaked('myPassword')
const strength = await checkPasswordStrength('myPassword')
console.log('Is leaked?', isLeaked)
console.log('Strength', strength)
```
## Usage in Node.js
### With import/await
```js
import isPasswordLeaked from '@mathiscode/password-leak'
const isLeaked = await isPasswordLeaked('myPassword')
const strength = await checkPasswordStrength('myPassword')
console.log('Is leaked?', isLeaked)
console.log('Strength', strength)
```
### With require/sync
```js
const { checkPasswordStrength, isPasswordLeakedSync } = require('@mathiscode/password-leak')
isPasswordLeakedSync('myPassword', (error, isLeaked) => {
if (error) throw new Error(error)
console.log('Is leaked?', isLeaked)
})
const strength = checkPasswordStrength('myPassword')
console.log('Strength', strength)
```
## Usage in Command Line
Install globally:
```sh
npm install -g @mathiscode/password-leak
```
You can also use it without installing via npx:
```sh
npx @mathiscode/password-leak myPassword
```
You can then use it in two ways:
1. Interactive mode:
```sh
password-leak
```
2. Direct mode:
```sh
password-leak myPassword
```
The command will:
- Print whether the password has been compromised and its strength
- Exit with status code 0 if the password is safe
- Exit with status code 1 if the password is compromised or an error occurs
## Development
```sh
# Clone the repository
git clone https://github.com/mathiscode/password-leak.git
cd password-leak
# Use pnpm to install dependencies
pnpm install
# Build the project
pnpm run build
# Run the tests
pnpm run test
# Start the UI
pnpm run ui # demo at https://password-leak.vercel.app
```