react-hook-hibp v1.1.0

react-hook-hibp

React Hook for password input validation based on Justin Hall's hibp based on Troy Hunt's Have I been pwned?

Demo

Description

This module implements NIST password guidelines to be applied to input elements within the body of a functional React Component.

Memorized secrets SHALL be at least 8 characters in length …

There should no longer be a requirement to have a certain mix of special characters, upper case letters and numbers for a password. …

Mandatory validation of newly created passwords against a list of commonly-used, expected, or compromised passwords. …

Source: NIST Digital Identity Guidelines

Installation

yarn add react-hook-hibp

Usage

Example

import React, { useState, useEffect } from 'react'
import { usePasswordCheck } from 'react-hook-hibp'

export default () => {
  const [value, setValue] = useState('')
  const onChange = e => setValue(e.target.value)

  const [statusCode, checkPassword] = usePasswordCheck()
  useEffect(() => checkPassword(value), [value])

  return (
    <>
      <input type="password" value={value} onChange={onChange} />
      <p>{value !== '' && statusCode}</p>
    </>
  )
}

usePasswordCheck()

const [statusCode, checkPassword] = usePasswordCheck(options)

Call checkPassword() on input change, handle form validation according to statusCode.

statusCodes

options

export const defaultOptions = {
  minLength: 8,
  maxLength: 128
}

setRateLimit()

API Rate limiting is being respected and reflected in statusCodes.WAITING. Increase rate limit if you expect concurrent usage by different processes sharing the same IP. Example:

import { setRateLimit } from 'react-hook-hibp'

setRateLimit(3000)

Notes

• k-anonymity: Only the first five characters of the hashed input are submitted to the haveibeenpwned.com range API.

• API results are being cached non-persistently

License

This module is distributed under the MIT License.