Pwned Passwords API in Go

This library implements the HaveIBeenPwned.org's Pwned Passwords v3 API in Go.

Features:

No external dependencies to reduce the likelihood of supply-chain attacks.
Cache support, as API responses can sometimes be huge.
Concurrent request optimization. Sharing a single request for password hash prefix.
Efficient memory use, no large allocations.

Example:

import (
	"github.com/supabase/hibp"
)

func main() {
	pwnedClient := hibp.PwnedClient{
		// please always set a User-Agent identifying your project
		UserAgent: "my-super-cool-project",
	}

	isPwned, err := pwnedClient.Check(context.Background(), "password1")
	if err != nil {
		if ur, ok := err.(*hibp.ErrorUnknownResponse); ok {
			// any non-200 response available in ur.Response
		}

		panic(err)
	}

	fmt.Print("Your password is ")
	if isPwned {
		fmt.Print("pwned!\n")
	} else {
		fmt.Print("safe for now!\n")
	}
}

License

Maintained by the Auth team at Supabase. Licensed under the MIT License.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
errors.go		errors.go
go.mod		go.mod
pools.go		pools.go
pwned.go		pwned.go
pwned_test.go		pwned_test.go
utils.go		utils.go
utils_test.go		utils_test.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Pwned Passwords API in Go

License

About

Releases 1

Sponsor this project

Packages

Languages

License

supabase/hibp

Folders and files

Latest commit

History

Repository files navigation

Pwned Passwords API in Go

License

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases 1

Sponsor this project

Packages 0

Languages

Packages