Please refer to the releases page for the 8.x-11.x versions and CHANGELOG.md for the newer versions.
- Fixed an issue preventing the use of
hibp
in React Native development mode (8e5b4de7)
-
Added a
userAgent
option to all functions to facilitate specifying your ownUser-Agent
header value for requests made to the haveibeenpwned.com and pwnedpasswords.com APIs (#63) -
Added a
baseUrl
option to all functions to facilitate specifying your own URL for requests that would normally be made tohttps://haveibeenpwned.com/api
andhttps://api.pwnedpasswords.com
to facilitate proxying the requests through your own server (which may be necessary if you wish to use thebreachedAccount
andsearch
functions after January, 2019 ashaveibeenpwned.com
no longer acceptsbreachedaccount
endpoint requests originating from a browser)See issue #60 for more details and discussion.
- Added an
includeUnverified
option to thebreachedAccount
function to include "unverified" breaches in the results (be01ad12) - Generalized the 403 Forbidden response message to simply "access denied" as
this type of response from
haveibeenpwned.com
is no longer limited to a missingUser-Agent
header field (15e02f97) - Added a new error specific to 403 Forbidden responses that includes the Ray ID
from Cloudflare so users can contact
haveibeenpwned.com
when they are being blocked (cd74e40d) - Removed (and prevented future creation of) empty
remote-api
bundle in the ESM build - Defined and exported the
hibp
namespace for typing the UMD build
- Converted to TypeScript (#56)
- Fixed build on Windows (48d25282)
- Moved CI from Travis to Circle (#52)
- Moved coverage reports from Coveralls to Codecov (#53)
- Updated a development-only dependency (
start-server-and-test
) to remove a compromised transitive dependency ([email protected]
). See dominictarr/event-stream#116 for further details. - Removed redundant pre-publish build step
- Fixed the CommonJS build (3f33becf)
- Added an ESM for browsers build (#49)
- Fixed custom
User-Agent
request header implementation (#40)
- Fixed
Forbidden
errors by adding a customUser-Agent
request header when running outside the browser (#39)
- Fixed build scripts to prevent including test-only mocks in published output
- Added npm
prepare
script to facilitate installing from hosted git - Replaced js-sha1 with jsSHA
- Fixed a misleading comment in the
hibp
export documentation - Integrated Renovate for automated dependency updates
- Changed mocking strategy and refactored tests
Breaking Changes (see MIGRATION.md for details):
- Modified
pwnedPassword
to use the more secure hash range API (@danieladams456 in #23) - Modified
pwnedPasswordRange
to resolve with array of objects (@danieladams456 in #24)
- Restored
puppeteer
to a development dependency - Cleaned up some tests
Breaking Changes (see MIGRATION.md for details):
- Dropped support for Node < 6
- Added
"sideEffects": false
to support Webpack 4 tree-shaking - Added support for searching pwned passwords by range (#21)
- Switched API endpoint for
pwnedPassword
module to newpwnedpasswords.com
domain
- Removed
puppeteer
optional dependency as it was causing downstream consumers to download Chromium (particularly, when running things withnpx
). Thetest:umd
script now requires you manually installpuppeteer
before running it, which will be done automatically in CI.
- Reverted
puppeteer
to0.12.0
as0.13.0
was causing downstream consumers to download Chromium.
- Reformated some documentation files
- Updated dependencies
- Internal maintenance
- Internal maintenance
- Added
pwnedPassword
method to check a password to see if it has been previously exposed in a data breach (#16)
- Replaced webpack with rollup for UMD bundling (#15)
- Updated dependencies
- Targeted browsers in CommonJS/ES Module builds (#11)
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- Removed
index.js
, thesource-map-support
entry point (#7) - Replaced
browser
field in package.json withunpkg
(#12) - Removed the top-level
default
export (#14)
- Separated functions into individual modules (fixed tree-shaking)
- Provided safer UMD script tag instructions
- Explicitly targeted browsers in UMD build (resulting in reduced file size)
- Updated dependencies
- Added
search
method for querying breaches and pastes simultaneously (like the search form on the website) - Set the AMD module name in the UMD build to
hibp
rather than anonymous - Updated dependencies
- Fixed UMD build that broke in 4.2.0
- Fixed return type in
breachedAccount
documentation - Added support for tree-shaking bundlers
- Optimized tests
- Updated dependencies
- Published
example
directory for RunKit support - Removed
old
directory from package that slipped in by mistake
- Encoded user input used in API query string parameters
- Added RunKit information for live trial usage
- First release of 2017! 🎉
- Reduced size of UMD build by 75%
- Updated dependencies
- Tweaked toolchain configs
- Restructured test data
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- Dropped support for Node < 4
- Added
yarn.lock
for experimental yarn support - Removed expect.js dependency from the test environment
- Expanded usage documentation
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- The browser (UMD) version has moved from the
lib
directory to thedist
directory.
- Added fallback for unexpected HTTP responses (thanks @jellekralt)
- Added handling for new HTTP 429 (Too Many Requests) rate-limiting responses
- Improved tests
- Switched code style from SemiStandard to Airbnb
- Updated dependencies
- Replaced npmcdn.com with unpkg.com in the documentation as the service is being renamed
- Inherited support for
http_proxy
andhttps_proxy
environment variables from Axios 0.14.0 - Simplified build scripts
- Refactored test environment
- Updated dependencies
- Added browser support
Breaking Changes (see MIGRATION.md for details):
- Changed API methods to resolve to null instead of undefined when no data was found
- Changed API methods to take a configuration object rather than optional, positional parameters
- Updated description and example usage
- Switched test coverage from istanbul to nyc
- Improved cross-platform compatibility for development
- Updated dependencies
- Minor performance increase
- Fixed API documentation for 'breaches' query
- Updated dependencies
- Increased visibility in npm search
- Minor improvements to development environment
- Removed temporary 'breach' hack as the API endpoint has been fixed
- Updated dependencies
-
Changed temporary 'breach' hack to match author's intentions
The API author (Troy Hunt) indicated there is no hard format restrictions on a breach name, so the concept of an invalid breach name is not in play here. The API will respond with HTTP status 404 (not found) once the fix has been applied. This change mimics that behavior as opposed to responding with HTTP status 400 (bad request), which was my initial interpretation.
- Updated documentation
-
Shield clients from broken 'breach' endpoint when querying for an invalid breach name
Currently, the endpoint responds with HTTP status 200 and "page not found" HTML in the body if an invalid breach name is queried (e.g. 'adobe.com', instead of the proper breach name, 'adobe'). Based on the response codes described in the API documentation, I believe it should respond with HTTP status 400 (bad request). Prior to this patch, it lead to a confusing one-off scenario for clients consuming this module. This change should provide a consistent experience by intercepting this specific case and throwing a "bad request" error instead of a
SyntaxError
from trying to parse HTML. I brought this API behavioral discrepancy to the API author's attention and he agreed it was broken and noted that a fix is incoming. -
Updated tests
- Removed
preferGlobal
option from package.json
- Initial release