1.0.2 • Published 2 years ago

pwned-sqlite3 v1.0.2

Weekly downloads
-
License
MIT
Repository
-
Last release
2 years ago

pwned-sqlite3

Use a local sqlite3 db for checking if a password is pwned.

You must be using Node.js v10.20.1 or above for better-sqlite3. Prebuilt binaries for better-sqlite3 are available for LTS versions.

Build your database

Download the SHA-1 password list (tested with "Version 7 (ordered by hash)" from Have I Been Pwned.

Use build_database.py (see github-repo) to build the database. Modify if necessary the variables path and dbName. Python is about 30x faster than an equivalent solution in node.

Code Snippet

import { join } from "path";
import { pwned, connect } from "pwned-sqlite3";

connect(join(__dirname, "pwned.sqlite3"));

function isPwned(value: string) {
    return (pwned(value));
}

Avoiding Supply Chain Attacks

I activated 2FA for npmjs. But you could also just copy the code directly into your project and never worry about a possible tainted package, as the package is actually pretty simple.

pwnedsqlite3haveibeenpwnedhibppwnedsecurityhackdumpbreachpassword
better-sqlite3
@infinitebrahmanuniverse/nolb-pw@everything-registry/sub-chunk-2497
1.0.2

2 years ago

1.0.1

2 years ago

1.0.0

2 years ago