A simple CLI tool that takes a list of passwords as shown below, queries the haveibeenpwned API and lets you know if they have been compromised in a data breach.
Use a password that has yet to be leaked in a breach.
You provide one or more passwords which are hashed using SHA-1 (it's ok as the password isn't stored anywhere).
Then using a system called k-anonymity, only the first five characters of your hashed password are used to query the
pwned API which subsequently returns a set of hashed passwords that might match a given password.
The actually checking to see if a given password has been breached happens locally so your actual passwords are never sent anywhere (read more).
npm install pwndYou can also use npx if you're using npm version [email protected] and above
npx pwnd password1 reallylongpasswordoverhere other etc.pwnd password1 reallylongpasswordoverhere other etc.or
Create a pwnd-config.json file with a property called passwords that's mapped to an array of passwords like so:
{
"passwords": ["password1", "reallylongpasswordoverhere", "other", "etc."]
}Once you have created the pwnd-config.json file, simply run pwnd (with no arguments) in the same directory as the pwnd-config.json file like so:
pwndMIT © Evans Owino