https://github.com/nikkow/passpwnd
A no-deps NodeJS password checker
https://github.com/nikkow/passpwnd
leaks nodejs password security utility
Last synced: 7 months ago
JSON representation
A no-deps NodeJS password checker
- Host: GitHub
- URL: https://github.com/nikkow/passpwnd
- Owner: nikkow
- License: mit
- Created: 2021-11-12T16:34:27.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2022-03-23T16:10:35.000Z (over 3 years ago)
- Last Synced: 2024-04-26T15:46:50.267Z (over 1 year ago)
- Topics: leaks, nodejs, password, security, utility
- Language: JavaScript
- Homepage:
- Size: 12.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
a no-dependencies NodeJS compromised password checker
This tool checks whether a given password is part of a known data leak, thus potentially compromised. It is based on Troy Hunt's [Have I Been Pwned](https://haveibeenpwned.com) services.
* **No dependencies**: this tool relies only on core modules of NodeJS and does not import any 3rd-party libraries.
* **No password is sent over the network**: this tool only sends a fragment of a hash generated from the given password to verify whether it is compromised. See the "How does it work?" section.
## How does it work?
When inputting a password, a SHA1 hash is generated and its first 5 characters are sent to the _Have I Been Pwned_ API.
If the service finds hashes, whose 5 first characters match the ones computed from your input password, they are considered as potential matches and returned in the response.
Once all potential matches are collected, the script locally compares the full hashed password to the hashes found in leaks.
## Usage
This package was designed to be imported into your own script or to be used as a stand-alone command-line tool.
### Script
```javascript
const passpwnd = require("passpwnd");
passpwnd("p4ssw0rd").then((isPwned) => {
// isPwned is a boolean.
// set to `true` if password is compromised, `false` otherwise.
console.log(isPwned)
});
```
### Command-Line
```ssh
passpwnd p4ssw0rd
```
The command above will return the status of the password:
* **compromised**: the password was found in a leak. You should not use it anywhere! It is not safe.
* **safe**: the password was not found. It can be considered safe