Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mathiscode/password-leak

A library to check for compromised passwords
https://github.com/mathiscode/password-leak

haveibeenpwned javascript-library password-safety security-tools

Last synced: 2 days ago
JSON representation

A library to check for compromised passwords

Host: GitHub
URL: https://github.com/mathiscode/password-leak
Owner: mathiscode
License: mit
Created: 2019-06-23T15:44:07.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-03-15T20:55:10.000Z (8 months ago)
Last Synced: 2024-10-27T22:16:29.267Z (15 days ago)
Topics: haveibeenpwned, javascript-library, password-safety, security-tools
Language: JavaScript
Homepage:
Size: 1.11 MB
Stars: 97
Watchers: 0
Forks: 7
Open Issues: 29
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        

# password-leak 

[![Version](https://img.shields.io/npm/v/@mathiscode/password-leak.svg?color=blue)](https://www.npmjs.com/package/@mathiscode/password-leak)

[![Downloads](https://img.shields.io/npm/dm/@mathiscode/password-leak.svg?color=blue)](https://www.npmjs.com/package/@mathiscode/password-leak)

[![Standardjs](https://img.shields.io/badge/code_style-standard-blue.svg)](https://standardjs.com)

[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-blue.svg)](https://github.com/mathiscode/password-leak/compare)

[![GitHub license](https://img.shields.io/github/license/mathiscode/password-leak.svg?color=blue)](https://github.com/mathiscode/password-leak/blob/master/LICENSE)

[![Build Status](https://travis-ci.org/mathiscode/password-leak.svg?branch=master)](https://travis-ci.org/mathiscode/password-leak)

[![Known Vulnerabilities](https://snyk.io/test/github/mathiscode/password-leak/badge.svg?targetFile=package.json)](https://snyk.io/test/github/mathiscode/password-leak?targetFile=package.json)

Also check out the [password-leak-monitor](https://github.com/mathiscode/password-leak-monitor) browser extension!

---

- [Introduction](#Introduction)

- [How is this safe?](#How-is-this-safe)

- [Installation](#Installation)

- [Usage in Browser](#Usage-in-Browser)

- [Usage in Node.js](#Usage-in-Nodejs)

  - [With import/await](#With-importawait)

  - [With require/promises](#With-requirepromises)

- [Usage in Command Line](#Usage-in-Command-Line)

---

## Introduction

`password-leak` is a JavaScript module that can be used to determine if a password is compromised by checking with the [Have I Been Pwned API](https://haveibeenpwned.com/API/).

## How is this safe?

Your passwords are **NEVER** transmitted to any other system. This library makes use of the [Have I Been Pwned API](https://haveibeenpwned.com/API/), which implements a [k-Anonymity Model](https://en.wikipedia.org/wiki/K-anonymity) so your password can be checked without ever having to give it to any other party.

## Installation

`npm install @mathiscode/password-leak`

## Usage in Browser

```html

  isPasswordCompromised('myPassword').then(isCompromised => {

    console.log('Is compromised?', isCompromised)

  })

```

## Usage in Node.js

### With import/await

```js

import isPasswordCompromised from '@mathiscode/password-leak'

const isCompromised = await isPasswordCompromised('myPassword')

console.log('Is compromised?', isCompromised)

```

### With require/promises

```js

const isPasswordCompromised = require('@mathiscode/password-leak').default

isPasswordCompromised('myPassword').then(isCompromised => {

  console.log('Is compromised?', isCompromised)

})

```

## Usage in Command Line

Install globally, or use `npx @mathiscode/password-leak`

```sh

npm install -g @mathiscode/password-leak

```

You can then run `password-leak` to interactively enter the masked password, or provide the password as an argument, eg. `password-leak myPassword`

The exit status will be 0 (not compromised) or 1 (compromised).