@mathiscode/password-leak
Version:
A library to check for compromised passwords
132 lines (90 loc) • 3.81 kB
Markdown
<!-- markdownlint-disable MD026 -->
[](https://password-leak.vercel.app)
[](https://www.npmjs.com/package/@mathiscode/password-leak)
[](https://www.npmjs.com/package/@mathiscode/password-leak)
[](https://github.com/mathiscode/password-leak/compare)
[](https://github.com/mathiscode/password-leak/blob/master/LICENSE.md)
[](https://snyk.io/test/github/mathiscode/password-leak?targetFile=package.json)
---
- [Introduction](
- [How is this safe?](
- [Installation](
- [Usage in Browser](
- [Usage in Node.js](
- [With import/await](
- [With require/sync](
- [Usage in Command Line](
- [Development](
---
`password-leak` is a JavaScript module that can be used to determine if a password is compromised by checking with the [Have I Been Pwned API](https://haveibeenpwned.com/API/).
Your passwords are **NEVER** transmitted to any other system. This library makes use of the [Have I Been Pwned API](https://haveibeenpwned.com/API/), which implements a [k-Anonymity Model](https://en.wikipedia.org/wiki/K-anonymity) so your password can be checked without ever having to give it to any other party.
`npm install @mathiscode/password-leak@latest`
```html
<script type="module" src="https://unpkg.com/@mathiscode/password-leak@latest"></script>
<script type="module">
const isLeaked = await isPasswordLeaked('myPassword');
const strength = await checkPasswordStrength('myPassword');
console.log('Is leaked?', isLeaked);
console.log('Strength', strength);
</script>
```
```js
import { isPasswordLeaked, checkPasswordStrength } from '@mathiscode/password-leak'
const isLeaked = await isPasswordLeaked('myPassword')
const strength = await checkPasswordStrength('myPassword')
console.log('Is leaked?', isLeaked)
console.log('Strength', strength)
```
```js
const { checkPasswordStrength, isPasswordLeakedSync } = require('@mathiscode/password-leak')
isPasswordLeakedSync('myPassword', (error, isLeaked) => {
if (error) throw new Error(error)
console.log('Is leaked?', isLeaked)
})
const strength = checkPasswordStrength('myPassword')
console.log('Strength', strength)
```
Install globally:
```sh
npm install -g @mathiscode/password-leak
```
You can also use it without installing via npx:
```sh
npx @mathiscode/password-leak myPassword
```
You can then use it in two ways:
1. Interactive mode:
```sh
password-leak
```
2. Direct mode:
```sh
password-leak myPassword
```
The command will:
- Print whether the password has been compromised and its strength
- Exit with status code 0 if the password is safe
- Exit with status code 1 if the password is compromised or an error occurs
```sh
git clone https://github.com/mathiscode/password-leak.git
cd password-leak
pnpm install
pnpm run build
pnpm run test
pnpm run ui
```