Awesome Open Source
Awesome Open Source


This library allows you to check if a password exists in the Have I Been Pwned database

How does it work?

The library will first hash the password using SHA-1 and then send the first 5 characters to HIBP's server which will return a list of hashes that starts with those characters.

We then check if the hash exists in the returned list and fire an event hibpCheck with the result


You can either download the JavaScript file or use npm:

npm i hibp-js


You should first load the library

<script src="lib/hibp.min.js"></script>

Then you can call the hibpCheck('PASSWORD HERE') function, it will fire an event hibpCheck with the result, check the example for details.


  • Don't tell users your password is secure just because it wasn't found in hibp.
  • Don't use this over insecure HTTP (if you don't use HTTPS you simply don't care enough about your users' data)


// When the result is ready check if the password was found or not
document.addEventListener('hibpCheck', function (e) {
    } else {
        alert('Not Found');
hibpCheck('password123'); // Check if the password "password123" is in HIBP's database

Full example can be found here

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Javascript (1,552,287
Javascript Library (1,872
Password Strength (148
Related Projects