Please refer to the releases page for the 8.x-11.x versions and CHANGELOG.md for the newer versions.
- Fixed an issue preventing the use of
hibpin React Native development mode (8e5b4de7)
-
Added a
userAgentoption to all functions to facilitate specifying your ownUser-Agentheader value for requests made to the haveibeenpwned.com and pwnedpasswords.com APIs (#63) -
Added a
baseUrloption to all functions to facilitate specifying your own URL for requests that would normally be made tohttps://haveibeenpwned.com/apiandhttps://api.pwnedpasswords.comto facilitate proxying the requests through your own server (which may be necessary if you wish to use thebreachedAccountandsearchfunctions after January, 2019 ashaveibeenpwned.comno longer acceptsbreachedaccountendpoint requests originating from a browser)See issue #60 for more details and discussion.
- Added an
includeUnverifiedoption to thebreachedAccountfunction to include "unverified" breaches in the results (be01ad12) - Generalized the 403 Forbidden response message to simply "access denied" as this type of response
from
haveibeenpwned.comis no longer limited to a missingUser-Agentheader field (15e02f97) - Added a new error specific to 403 Forbidden responses that includes the Ray ID from Cloudflare so
users can contact
haveibeenpwned.comwhen they are being blocked (cd74e40d) - Removed (and prevented future creation of) empty
remote-apibundle in the ESM build - Defined and exported the
hibpnamespace for typing the UMD build
- Converted to TypeScript (#56)
- Fixed build on Windows (48d25282)
- Moved CI from Travis to Circle (#52)
- Moved coverage reports from Coveralls to Codecov (#53)
- Updated a development-only dependency (
start-server-and-test) to remove a compromised transitive dependency ([email protected]). See dominictarr/event-stream#116 for further details. - Removed redundant pre-publish build step
- Fixed the CommonJS build (3f33becf)
- Added an ESM for browsers build (#49)
- Fixed custom
User-Agentrequest header implementation (#40)
- Fixed
Forbiddenerrors by adding a customUser-Agentrequest header when running outside the browser (#39)
- Fixed build scripts to prevent including test-only mocks in published output
- Added npm
preparescript to facilitate installing from hosted git - Replaced js-sha1 with jsSHA
- Fixed a misleading comment in the
hibpexport documentation - Integrated Renovate for automated dependency updates
- Changed mocking strategy and refactored tests
Breaking Changes (see MIGRATION.md for details):
- Modified
pwnedPasswordto use the more secure hash range API (@danieladams456 in #23) - Modified
pwnedPasswordRangeto resolve with array of objects (@danieladams456 in #24)
- Restored
puppeteerto a development dependency - Cleaned up some tests
Breaking Changes (see MIGRATION.md for details):
- Dropped support for Node < 6
- Added
"sideEffects": falseto support Webpack 4 tree-shaking - Added support for searching pwned passwords by range (#21)
- Switched API endpoint for
pwnedPasswordmodule to newpwnedpasswords.comdomain
- Removed
puppeteeroptional dependency as it was causing downstream consumers to download Chromium (particularly, when running things withnpx). Thetest:umdscript now requires you manually installpuppeteerbefore running it, which will be done automatically in CI.
- Reverted
puppeteerto0.12.0as0.13.0was causing downstream consumers to download Chromium.
- Reformated some documentation files
- Updated dependencies
- Internal maintenance
- Internal maintenance
- Added
pwnedPasswordmethod to check a password to see if it has been previously exposed in a data breach (#16)
- Replaced webpack with rollup for UMD bundling (#15)
- Updated dependencies
- Targeted browsers in CommonJS/ES Module builds (#11)
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- Removed
index.js, thesource-map-supportentry point (#7) - Replaced
browserfield in package.json withunpkg(#12) - Removed the top-level
defaultexport (#14)
- Separated functions into individual modules (fixed tree-shaking)
- Provided safer UMD script tag instructions
- Explicitly targeted browsers in UMD build (resulting in reduced file size)
- Updated dependencies
- Added
searchmethod for querying breaches and pastes simultaneously (like the search form on the website) - Set the AMD module name in the UMD build to
hibprather than anonymous - Updated dependencies
- Fixed UMD build that broke in 4.2.0
- Fixed return type in
breachedAccountdocumentation - Added support for tree-shaking bundlers
- Optimized tests
- Updated dependencies
- Published
exampledirectory for RunKit support - Removed
olddirectory from package that slipped in by mistake
- Encoded user input used in API query string parameters
- Added RunKit information for live trial usage
- First release of 2017! 🎉
- Reduced size of UMD build by 75%
- Updated dependencies
- Tweaked toolchain configs
- Restructured test data
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- Dropped support for Node < 4
- Added
yarn.lockfor experimental yarn support - Removed expect.js dependency from the test environment
- Expanded usage documentation
- Updated dependencies
Breaking Changes (see MIGRATION.md for details):
- The browser (UMD) version has moved from the
libdirectory to thedistdirectory.
- Added fallback for unexpected HTTP responses (thanks @jellekralt)
- Added handling for new HTTP 429 (Too Many Requests) rate-limiting responses
- Improved tests
- Switched code style from SemiStandard to Airbnb
- Updated dependencies
- Replaced npmcdn.com with unpkg.com in the documentation as the service is being renamed
- Inherited support for
http_proxyandhttps_proxyenvironment variables from Axios 0.14.0 - Simplified build scripts
- Refactored test environment
- Updated dependencies
- Added browser support
Breaking Changes (see MIGRATION.md for details):
- Changed API methods to resolve to null instead of undefined when no data was found
- Changed API methods to take a configuration object rather than optional, positional parameters
- Updated description and example usage
- Switched test coverage from istanbul to nyc
- Improved cross-platform compatibility for development
- Updated dependencies
- Minor performance increase
- Fixed API documentation for 'breaches' query
- Updated dependencies
- Increased visibility in npm search
- Minor improvements to development environment
- Removed temporary 'breach' hack as the API endpoint has been fixed
- Updated dependencies
-
Changed temporary 'breach' hack to match author's intentions
The API author (Troy Hunt) indicated there is no hard format restrictions on a breach name, so the concept of an invalid breach name is not in play here. The API will respond with HTTP status 404 (not found) once the fix has been applied. This change mimics that behavior as opposed to responding with HTTP status 400 (bad request), which was my initial interpretation.
- Updated documentation
-
Shield clients from broken 'breach' endpoint when querying for an invalid breach name
Currently, the endpoint responds with HTTP status 200 and "page not found" HTML in the body if an invalid breach name is queried (e.g. 'adobe.com', instead of the proper breach name, 'adobe'). Based on the response codes described in the API documentation, I believe it should respond with HTTP status 400 (bad request). Prior to this patch, it lead to a confusing one-off scenario for clients consuming this module. This change should provide a consistent experience by intercepting this specific case and throwing a "bad request" error instead of a
SyntaxErrorfrom trying to parse HTML. I brought this API behavioral discrepancy to the API author's attention and he agreed it was broken and noted that a fix is incoming. -
Updated tests
- Removed
preferGlobaloption from package.json
- Initial release