Also check out the password-leak-monitor browser extension!

• Introduction
• How is this safe?
• Installation
• Usage in Browser
• Usage in Node.js
  • With import/await
  • With require/promises
• Usage in Command Line

password-leak is a JavaScript module that can be used to determine if a password is compromised by checking with the Have I Been Pwned API.

Your passwords are NEVER transmitted to any other system. This library makes use of the Have I Been Pwned API, which implements a k-Anonymity Model so your password can be checked without ever having to give it to any other party.

npm install @mathiscode/password-leak

<script src="https://cdn.jsdelivr.net/npm/@mathiscode/password-leak@latest"></script>

<script>
  isPasswordCompromised('myPassword').then(isCompromised => {
    console.log('Is compromised?', isCompromised)
  })
</script>

import isPasswordCompromised from '@mathiscode/password-leak'

const isCompromised = await isPasswordCompromised('myPassword')
console.log('Is compromised?', isCompromised)

const isPasswordCompromised = require('@mathiscode/password-leak').default

isPasswordCompromised('myPassword').then(isCompromised => {
  console.log('Is compromised?', isCompromised)
})

Install globally, or use npx @mathiscode/password-leak

npm install -g @mathiscode/password-leak

You can then run password-leak to interactively enter the masked password, or provide the password as an argument, eg. password-leak myPassword

The exit status will be 0 (not compromised) or 1 (compromised).