Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mehdibo/hibp-js

Check a password in haveibeenpwned using pure JavaScript
https://github.com/mehdibo/hibp-js

haveibeenpwned javascript-library password-safety password-strength

Last synced: 21 days ago
JSON representation

Check a password in haveibeenpwned using pure JavaScript

Awesome Lists containing this project

README 

        
# hibp-js

This library allows you to check if a password exists in the [Have I Been Pwned](https://haveibeenpwned.com/Passwords) database



## How does it work?

The library will first hash the password using SHA-1 and then send the first 5 characters to HIBP's server which will return a list of hashes that starts with those characters.



We then check if the hash exists in the returned list and fire an event `hibpCheck` with the result



## Installation

You can either download the JavaScript file or use npm:

```

npm i hibp-js

```



## Usage

You should first load the library

```html



```



Then you can call the `hibpCheck('PASSWORD HERE')` function, it will fire an event `hibpCheck` with the result, check the [example](#example) for details.



Don'ts:

- Don't tell users your password is secure just because it wasn't found in hibp.

- Don't use this over insecure HTTP (if you don't use HTTPS you simply don't care enough about your users' data)



## Example

```javascript

// When the result is ready check if the password was found or not

document.addEventListener('hibpCheck', function (e) {

    if(e.detail){

        alert('Found');

    } else {

        alert('Not Found');

    }

});

hibpCheck('password123'); // Check if the password "password123" is in HIBP's database

```

Full example can be found [here](example/index.html)