hibp 0.0.0-dev.0e634825

package/dist/cjs/pwnedPasswordRange.js

@@ -0,0 +1,63 @@
+'use strict';
+
+var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetchFromApi.js');
+
+/**
+ * An object mapping an exposed password hash suffix (corresponding to a given
+ * hash prefix) to how many times it occurred in the Pwned Passwords repository.
+ *
+ * @typedef {Object.<string, number>} PwnedPasswordSuffixes
+ */
+/**
+ * Fetches the SHA-1 hash suffixes for the given 5-character SHA-1 hash prefix.
+ *
+ * When a password hash with the same first 5 characters is found in the Pwned
+ * Passwords repository, the API will respond with an HTTP 200 and include the
+ * suffix of every hash beginning with the specified prefix, followed by a count
+ * of how many times it appears in the data set. This function parses the
+ * response and returns a more structured format.
+ *
+ * @param {string} prefix the first 5 characters of a SHA-1 password hash (case
+ * insensitive)
+ * @param {object} [options] a configuration object
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {Promise<PwnedPasswordSuffixes>} a Promise which resolves to an
+ * object mapping the `suffix` that when matched with the prefix composes the
+ * complete hash, to the `count` of how many times it appears in the breached
+ * password data set, or rejects with an Error
+ *
+ * @example
+ * pwnedPasswordRange('5BAA6')
+ *   .then(results => {
+ *     // results will have the following shape:
+ *     // {
+ *     //   "003D68EB55068C33ACE09247EE4C639306B": 3,
+ *     //   "012C192B2F16F82EA0EB9EF18D9D539B0DD": 1,
+ *     //   ...
+ *     // }
+ *   })
+ * @example
+ * const suffix = '1E4C9B93F3F0682250B6CF8331B7EE68FD8';
+ * pwnedPasswordRange('5BAA6')
+ *   .then(results => (results[suffix] || 0))
+ *   .catch(err => {
+ *     // ...
+ *   });
+ * @see https://haveibeenpwned.com/api/v3#SearchingPwnedPasswordsByRange
+ */
+function pwnedPasswordRange(prefix, options = {}) {
+  return fetchFromApi.fetchFromApi(`/range/${encodeURIComponent(prefix)}`, options)
+  // create array from lines of text in response body
+  .then(data => data.split('\n').filter(Boolean))
+  // convert into an object mapping suffix to count for each line
+  .then(results => results.reduce((acc, row) => {
+    const [suffix, countString] = row.split(':');
+    acc[suffix] = parseInt(countString, 10);
+    return acc;
+  }, {}));
+}
+exports.pwnedPasswordRange = pwnedPasswordRange;
+//# sourceMappingURL=pwnedPasswordRange.js.map

package/dist/cjs/pwnedPasswordRange.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pwnedPasswordRange.js","sources":["../../src/pwnedPasswordRange.ts"],"sourcesContent":["import { fetchFromApi } from './api/pwnedpasswords';\n\nexport interface PwnedPasswordSuffixes {\n  [suffix: string]: number;\n}\n\n/**\n * An object mapping an exposed password hash suffix (corresponding to a given\n * hash prefix) to how many times it occurred in the Pwned Passwords repository.\n *\n * @typedef {Object.<string, number>} PwnedPasswordSuffixes\n */\n\n/**\n * Fetches the SHA-1 hash suffixes for the given 5-character SHA-1 hash prefix.\n *\n * When a password hash with the same first 5 characters is found in the Pwned\n * Passwords repository, the API will respond with an HTTP 200 and include the\n * suffix of every hash beginning with the specified prefix, followed by a count\n * of how many times it appears in the data set. This function parses the\n * response and returns a more structured format.\n *\n * @param {string} prefix the first 5 characters of a SHA-1 password hash (case\n * insensitive)\n * @param {object} [options] a configuration object\n * @param {string} [options.baseUrl] a custom base URL for the\n * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<PwnedPasswordSuffixes>} a Promise which resolves to an\n * object mapping the `suffix` that when matched with the prefix composes the\n * complete hash, to the `count` of how many times it appears in the breached\n * password data set, or rejects with an Error\n *\n * @example\n * pwnedPasswordRange('5BAA6')\n *   .then(results => {\n *     // results will have the following shape:\n *     // {\n *     //   \"003D68EB55068C33ACE09247EE4C639306B\": 3,\n *     //   \"012C192B2F16F82EA0EB9EF18D9D539B0DD\": 1,\n *     //   ...\n *     // }\n *   })\n * @example\n * const suffix = '1E4C9B93F3F0682250B6CF8331B7EE68FD8';\n * pwnedPasswordRange('5BAA6')\n *   .then(results => (results[suffix] || 0))\n *   .catch(err => {\n *     // ...\n *   });\n * @see https://haveibeenpwned.com/api/v3#SearchingPwnedPasswordsByRange\n */\nexport function pwnedPasswordRange(\n  prefix: string,\n  options: { baseUrl?: string; userAgent?: string } = {},\n): Promise<PwnedPasswordSuffixes> {\n  return (\n    fetchFromApi(`/range/${encodeURIComponent(prefix)}`, options)\n      // create array from lines of text in response body\n      .then((data) => data.split('\\n').filter(Boolean))\n      // convert into an object mapping suffix to count for each line\n      .then((results) =>\n        results.reduce<PwnedPasswordSuffixes>((acc, row) => {\n          const [suffix, countString] = row.split(':');\n          acc[suffix] = parseInt(countString, 10);\n          return acc;\n        }, {}),\n      )\n  );\n}\n"],"names":["pwnedPasswordRange","prefix","options","fetchFromApi","encodeURIComponent","then","data","split","filter","Boolean","results","reduce","acc","row","suffix","countString","parseInt"],"mappings":";;;;AAMA;;;;;AAKG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuCG;SACaA,kBAAkBA,CAChCC,MAAc,EACdC,UAAoD,EAAE,EAAA;EAEtD,OACEC,YAAAA,CAAAA,YAAY,CAAW,UAAAC,kBAAkB,CAACH,MAAM,CAAC,EAAE,EAAEC,OAAO;;GAEzDG,IAAI,CAAEC,IAAI,IAAKA,IAAI,CAACC,KAAK,CAAC,IAAI,CAAC,CAACC,MAAM,CAACC,OAAO,CAAC;;GAE/CJ,IAAI,CAAEK,OAAO,IACZA,OAAO,CAACC,MAAM,CAAwB,CAACC,GAAG,EAAEC,GAAG,KAAI;IACjD,MAAM,CAACC,MAAM,EAAEC,WAAW,CAAC,GAAGF,GAAG,CAACN,KAAK,CAAC,GAAG,CAAC;IAC5CK,GAAG,CAACE,MAAM,CAAC,GAAGE,QAAQ,CAACD,WAAW,EAAE,EAAE,CAAC;IACvC,OAAOH,GAAG;EACZ,CAAC,EAAE,CAAA,CAAE,CAAC,CACP;AAEP;"}

package/dist/cjs/search.js

@@ -0,0 +1,97 @@
+'use strict';
+
+var breachedAccount = /*#__PURE__*/require('./breachedAccount.js');
+var pasteAccount = /*#__PURE__*/require('./pasteAccount.js');
+
+/**
+ * An object representing search results.
+ *
+ * @typedef {object} SearchResults
+ * @property {(Breach[] | null)} breaches
+ * @property {(Paste[] | null)} pastes
+ */
+/**
+ * Fetches all breaches and all pastes associated with the provided account
+ * (email address or username). Note that the remote API does not support
+ * querying pastes by username (only email addresses), so in the event the
+ * provided account is not a valid email address, only breach data is queried
+ * and the "pastes" field of the resulting object will always be null. This is
+ * exactly how searching via the current web interface behaves, which this
+ * convenience method is designed to mimic.
+ *
+ * ***Warning (July 18, 2019):***
+ *
+ * `haveibeenpwned.com` now requires an API key from
+ * https://haveibeenpwned.com/API/Key for the `breachedaccount` and
+ * `pasteaccount` endpoints. The  `apiKey` option here is not explicitly
+ * required, but direct requests made without it (that is, without specifying a
+ * `baseUrl` to a proxy that inserts a valid API key on your behalf) will fail.
+ *
+ * @param {string} account an email address or username
+ * @param {object} [breachOptions] a configuration object pertaining to breach
+ * queries
+ * @param {string} [breachOptions.apiKey] an API key from
+ * https://haveibeenpwned.com/API/Key
+ * @param {string} [breachOptions.domain] a domain by which to filter the
+ * results (default: all domains)
+ * @param {boolean} [breachOptions.truncate] truncate the results to only
+ * include the name of each breach (default: true)
+ * @param {string} [breachOptions.baseUrl] a custom base URL for the
+ * haveibeenpwned.com API endpoints (default:
+ * `https://haveibeenpwned.com/api/v3`)
+ * @param {string} [breachOptions.userAgent] a custom string to send as the
+ * User-Agent field in the request headers (default: `hibp <version>`)
+ * @returns {Promise<SearchResults>} a Promise which resolves to an object
+ * containing a "breaches" key (which can be null or an array of breach objects)
+ * and a "pastes" key (which can be null or an array of paste objects), or
+ * rejects with an Error
+ * @example
+ * search('foo', { apiKey: 'my-api-key' })
+ *   .then(data => {
+ *     if (data.breaches || data.pastes) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ * @example
+ * search('nobody@nowhere.com', { apiKey: 'my-api-key', truncate: false })
+ *   .then(data => {
+ *     if (data.breaches || data.pastes) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ *
+ * @see https://haveibeenpwned.com/
+ */
+function search(account, breachOptions = {
+  truncate: true
+}) {
+  const {
+    apiKey,
+    baseUrl,
+    userAgent
+  } = breachOptions;
+  return Promise.all([breachedAccount.breachedAccount(account, breachOptions),
+  // This email regex is garbage but it seems to be what the API uses:
+  /^.+@.+$/.test(account) ? pasteAccount.pasteAccount(account, {
+    apiKey,
+    baseUrl,
+    userAgent
+  }) : null]).then(
+  // Avoid array destructuring here to prevent need for Babel helpers
+  promises => ({
+    breaches: promises[0],
+    pastes: promises[1]
+  }));
+}
+exports.search = search;
+//# sourceMappingURL=search.js.map

package/dist/cjs/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sources":["../../src/search.ts"],"sourcesContent":["import type { Breach, Paste } from './api/haveibeenpwned/types';\nimport { breachedAccount } from './breachedAccount';\nimport { pasteAccount } from './pasteAccount';\n\nexport interface SearchResults {\n  breaches: Breach[] | null;\n  pastes: Paste[] | null;\n}\n\n/**\n * An object representing search results.\n *\n * @typedef {object} SearchResults\n * @property {(Breach[] | null)} breaches\n * @property {(Paste[] | null)} pastes\n */\n\n/**\n * Fetches all breaches and all pastes associated with the provided account\n * (email address or username). Note that the remote API does not support\n * querying pastes by username (only email addresses), so in the event the\n * provided account is not a valid email address, only breach data is queried\n * and the \"pastes\" field of the resulting object will always be null. This is\n * exactly how searching via the current web interface behaves, which this\n * convenience method is designed to mimic.\n *\n * ***Warning (July 18, 2019):***\n *\n * `haveibeenpwned.com` now requires an API key from\n * https://haveibeenpwned.com/API/Key for the `breachedaccount` and\n * `pasteaccount` endpoints. The  `apiKey` option here is not explicitly\n * required, but direct requests made without it (that is, without specifying a\n * `baseUrl` to a proxy that inserts a valid API key on your behalf) will fail.\n *\n * @param {string} account an email address or username\n * @param {object} [breachOptions] a configuration object pertaining to breach\n * queries\n * @param {string} [breachOptions.apiKey] an API key from\n * https://haveibeenpwned.com/API/Key\n * @param {string} [breachOptions.domain] a domain by which to filter the\n * results (default: all domains)\n * @param {boolean} [breachOptions.truncate] truncate the results to only\n * include the name of each breach (default: true)\n * @param {string} [breachOptions.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [breachOptions.userAgent] a custom string to send as the\n * User-Agent field in the request headers (default: `hibp <version>`)\n * @returns {Promise<SearchResults>} a Promise which resolves to an object\n * containing a \"breaches\" key (which can be null or an array of breach objects)\n * and a \"pastes\" key (which can be null or an array of paste objects), or\n * rejects with an Error\n * @example\n * search('foo', { apiKey: 'my-api-key' })\n *   .then(data => {\n *     if (data.breaches || data.pastes) {\n *       // ...\n *     } else {\n *       // ...\n *     }\n *   })\n *   .catch(err => {\n *     // ...\n *   });\n * @example\n * search('nobody@nowhere.com', { apiKey: 'my-api-key', truncate: false })\n *   .then(data => {\n *     if (data.breaches || data.pastes) {\n *       // ...\n *     } else {\n *       // ...\n *     }\n *   })\n *   .catch(err => {\n *     // ...\n *   });\n *\n * @see https://haveibeenpwned.com/\n */\nexport function search(\n  account: string,\n  breachOptions: {\n    apiKey?: string;\n    domain?: string;\n    truncate?: boolean;\n    baseUrl?: string;\n    userAgent?: string;\n  } = {\n    truncate: true,\n  },\n): Promise<SearchResults> {\n  const { apiKey, baseUrl, userAgent } = breachOptions;\n\n  return Promise.all([\n    breachedAccount(account, breachOptions),\n    // This email regex is garbage but it seems to be what the API uses:\n    /^.+@.+$/.test(account)\n      ? pasteAccount(account, { apiKey, baseUrl, userAgent })\n      : null,\n  ]).then(\n    // Avoid array destructuring here to prevent need for Babel helpers\n    (promises) => ({\n      breaches: promises[0],\n      pastes: promises[1],\n    }),\n  );\n}\n"],"names":["search","account","breachOptions","truncate","apiKey","baseUrl","userAgent","Promise","all","breachedAccount","test","pasteAccount","then","promises","breaches","pastes"],"mappings":";;;;;AASA;;;;;;AAMG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6DG;AACa,SAAAA,MAAMA,CACpBC,OAAe,EACfC,aAMI,GAAA;EACFC,QAAQ,EAAE;AACX,CAAA,EAAA;EAED,MAAM;IAAEC,MAAM;IAAEC,OAAO;IAAEC;EAAS,CAAE,GAAGJ,aAAa;EAEpD,OAAOK,OAAO,CAACC,GAAG,CAAC,CACjBC,eAAe,CAAAA,eAAA,CAACR,OAAO,EAAEC,aAAa,CAAC;;EAEvC,SAAS,CAACQ,IAAI,CAACT,OAAO,CAAC,GACnBU,YAAAA,CAAAA,YAAY,CAACV,OAAO,EAAE;IAAEG,MAAM;IAAEC,OAAO;IAAEC;EAAS,CAAE,CAAC,GACrD,IAAI,CACT,CAAC,CAACM,IAAI;;EAEJC,QAAQ,KAAM;IACbC,QAAQ,EAAED,QAAQ,CAAC,CAAC,CAAC;IACrBE,MAAM,EAAEF,QAAQ,CAAC,CAAC;EACnB,CAAA,CAAC,CACH;AACH;"}

package/dist/esm/api/haveibeenpwned/fetchFromApi.mjs

@@ -0,0 +1,104 @@
+import fetch from '../web-fetch.mjs';
+import { name, version } from '../../package.json.mjs';
+import { TOO_MANY_REQUESTS, NOT_FOUND, FORBIDDEN, UNAUTHORIZED, BAD_REQUEST } from './responses.mjs';
+
+/**
+ * Custom error thrown when the haveibeenpwned.com API responds with 429 Too
+ * Many Requests. See the `retryAfterSeconds` property for the number of seconds
+ * to wait before attempting the request again.
+ *
+ * @see https://haveibeenpwned.com/API/v3#RateLimiting
+ */
+class RateLimitError extends Error {
+  /**
+   * The number of seconds to wait before attempting the request again. May be
+   * `undefined` if the API does not provide a `retry-after` header, but this
+   * should never happen.
+   */
+  retryAfterSeconds;
+  constructor(retryAfter, message, options) {
+    super(message, options);
+    this.name = this.constructor.name;
+    this.retryAfterSeconds = typeof retryAfter === 'string' ? Number.parseInt(retryAfter, 10) /* c8 ignore start */ : undefined;
+  }
+}
+/* c8 ignore stop */
+function blockedWithRayId(rayId) {
+  return `Request blocked, contact haveibeenpwned.com if this continues (Ray ID: ${rayId})`;
+}
+/**
+ * Fetches data from the supplied API endpoint.
+ *
+ * HTTP status code 200 returns an Object (data found).
+ * HTTP status code 404 returns null (no data found).
+ * HTTP status code 400 throws an Error (bad request).
+ * HTTP status code 401 throws an Error (unauthorized).
+ * HTTP status code 403 throws an Error (forbidden).
+ * HTTP status code 429 throws an Error (too many requests).
+ *
+ * @internal
+ * @private
+ * @param {string} endpoint the API endpoint to query
+ * @param {object} [options] a configuration object
+ * @param {string} [options.apiKey] an API key from
+ * https://haveibeenpwned.com/API/Key
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * haveibeenpwned.com API endpoints (default:
+ * `https://haveibeenpwned.com/api/v3`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {Promise<ApiData>} a Promise which resolves to the data resulting
+ * from the query (or null for 404 Not Found responses), or rejects with an
+ * Error
+ */
+function fetchFromApi(endpoint, {
+  apiKey,
+  baseUrl = 'https://haveibeenpwned.com/api/v3',
+  userAgent
+} = {}) {
+  const headers = {};
+  if (apiKey) {
+    headers['HIBP-API-Key'] = apiKey;
+  }
+  if (userAgent) {
+    headers['User-Agent'] = userAgent;
+  }
+  // Provide a default User-Agent when running outside the browser
+  if (!userAgent && typeof navigator === 'undefined') {
+    headers['User-Agent'] = `${name} ${version}`;
+  }
+  const config = {
+    headers
+  };
+  const url = `${baseUrl.replace(/\/$/g, '')}${endpoint}`;
+  return fetch(url, config).then(res => {
+    if (res.ok) return res.json();
+    switch (res.status) {
+      case BAD_REQUEST.status:
+        throw new Error(BAD_REQUEST.statusText);
+      case UNAUTHORIZED.status:
+        return res.json().then(body => {
+          throw new Error(body.message);
+        });
+      case FORBIDDEN.status:
+        {
+          const rayId = res.headers.get('cf-ray');
+          if (rayId) {
+            throw new Error(blockedWithRayId(rayId));
+          }
+          throw new Error(FORBIDDEN.statusText);
+        }
+      case NOT_FOUND.status:
+        return null;
+      case TOO_MANY_REQUESTS.status:
+        return res.json().then(body => {
+          const retryAfter = res.headers.get('retry-after');
+          throw new RateLimitError(retryAfter, body.message);
+        });
+      default:
+        throw new Error(res.statusText);
+    }
+  });
+}
+export { RateLimitError, fetchFromApi };
+//# sourceMappingURL=fetchFromApi.mjs.map

package/dist/esm/api/haveibeenpwned/fetchFromApi.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetchFromApi.mjs","sources":["../../../../src/api/haveibeenpwned/fetchFromApi.ts"],"sourcesContent":["import fetch from '../web-fetch';\nimport { name, version } from '../../../package.json';\nimport {\n  BAD_REQUEST,\n  UNAUTHORIZED,\n  FORBIDDEN,\n  NOT_FOUND,\n  TOO_MANY_REQUESTS,\n} from './responses';\nimport type { ApiData, ErrorData } from './types';\n\n/**\n * Custom error thrown when the haveibeenpwned.com API responds with 429 Too\n * Many Requests. See the `retryAfterSeconds` property for the number of seconds\n * to wait before attempting the request again.\n *\n * @see https://haveibeenpwned.com/API/v3#RateLimiting\n */\nexport class RateLimitError extends Error {\n  /**\n   * The number of seconds to wait before attempting the request again. May be\n   * `undefined` if the API does not provide a `retry-after` header, but this\n   * should never happen.\n   */\n  public retryAfterSeconds: number | undefined;\n\n  constructor(\n    retryAfter: ReturnType<Headers['get']>,\n    message: string | undefined,\n    options?: ErrorOptions,\n  ) {\n    super(message, options);\n    this.name = this.constructor.name;\n    this.retryAfterSeconds =\n      typeof retryAfter === 'string'\n        ? Number.parseInt(retryAfter, 10) /* c8 ignore start */\n        : undefined;\n  }\n}\n/* c8 ignore stop */\n\nfunction blockedWithRayId(rayId: string) {\n  return `Request blocked, contact haveibeenpwned.com if this continues (Ray ID: ${rayId})`;\n}\n\n/**\n * Fetches data from the supplied API endpoint.\n *\n * HTTP status code 200 returns an Object (data found).\n * HTTP status code 404 returns null (no data found).\n * HTTP status code 400 throws an Error (bad request).\n * HTTP status code 401 throws an Error (unauthorized).\n * HTTP status code 403 throws an Error (forbidden).\n * HTTP status code 429 throws an Error (too many requests).\n *\n * @internal\n * @private\n * @param {string} endpoint the API endpoint to query\n * @param {object} [options] a configuration object\n * @param {string} [options.apiKey] an API key from\n * https://haveibeenpwned.com/API/Key\n * @param {string} [options.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<ApiData>} a Promise which resolves to the data resulting\n * from the query (or null for 404 Not Found responses), or rejects with an\n * Error\n */\nexport function fetchFromApi(\n  endpoint: string,\n  {\n    apiKey,\n    baseUrl = 'https://haveibeenpwned.com/api/v3',\n    userAgent,\n  }: { apiKey?: string; baseUrl?: string; userAgent?: string } = {},\n): Promise<ApiData> {\n  const headers: Record<string, string> = {};\n\n  if (apiKey) {\n    headers['HIBP-API-Key'] = apiKey;\n  }\n\n  if (userAgent) {\n    headers['User-Agent'] = userAgent;\n  }\n\n  // Provide a default User-Agent when running outside the browser\n  if (!userAgent && typeof navigator === 'undefined') {\n    headers['User-Agent'] = `${name} ${version}`;\n  }\n\n  const config = { headers };\n  const url = `${baseUrl.replace(/\\/$/g, '')}${endpoint}`;\n\n  return fetch(url, config).then((res) => {\n    if (res.ok) return res.json() as Promise<ApiData>;\n\n    switch (res.status) {\n      case BAD_REQUEST.status:\n        throw new Error(BAD_REQUEST.statusText);\n      case UNAUTHORIZED.status:\n        return res.json().then((body: ErrorData) => {\n          throw new Error(body.message);\n        });\n      case FORBIDDEN.status: {\n        const rayId = res.headers.get('cf-ray');\n        if (rayId) {\n          throw new Error(blockedWithRayId(rayId));\n        }\n        throw new Error(FORBIDDEN.statusText);\n      }\n      case NOT_FOUND.status:\n        return null;\n      case TOO_MANY_REQUESTS.status:\n        return res.json().then((body: ErrorData) => {\n          const retryAfter = res.headers.get('retry-after');\n          throw new RateLimitError(retryAfter, body.message);\n        });\n      default:\n        throw new Error(res.statusText);\n    }\n  });\n}\n"],"names":["RateLimitError","Error","retryAfterSeconds","constructor","retryAfter","message","options","name","Number","parseInt","undefined","blockedWithRayId","rayId","fetchFromApi","endpoint","apiKey","baseUrl","userAgent","headers","navigator","version","config","url","replace","fetch","then","res","ok","json","status","BAD_REQUEST","statusText","UNAUTHORIZED","body","FORBIDDEN","get","NOT_FOUND","TOO_MANY_REQUESTS"],"mappings":";;;;AAWA;;;;;;AAMG;AACG,MAAOA,cAAe,SAAQC,KAAK,CAAA;EACvC;;;;AAIG;EACIC,iBAAiB;EAExBC,WAAAA,CACEC,UAAsC,EACtCC,OAA2B,EAC3BC,OAAsB,EAAA;IAEtB,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;IACvB,IAAI,CAACC,IAAI,GAAG,IAAI,CAACJ,WAAW,CAACI,IAAI;IACjC,IAAI,CAACL,iBAAiB,GACpB,OAAOE,UAAU,KAAK,QAAQ,GAC1BI,MAAM,CAACC,QAAQ,CAACL,UAAU,EAAE,EAAE,CAAC,CAAA,wBAC/BM,SAAS;EAChB;AACF;AACD;AAEA,SAASC,gBAAgBA,CAACC,KAAa,EAAA;EACrC,OAAO,0EAA0EA,KAAK,GAAG;AAC3F;AAEA;;;;;;;;;;;;;;;;;;;;;;;;AAwBG;AACa,SAAAC,YAAYA,CAC1BC,QAAgB,EAChB;EACEC,MAAM;EACNC,OAAO,GAAG,mCAAmC;EAC7CC;IAC6D,EAAE,EAAA;EAEjE,MAAMC,OAAO,GAA2B,CAAA,CAAE;EAE1C,IAAIH,MAAM,EAAE;IACVG,OAAO,CAAC,cAAc,CAAC,GAAGH,MAAM;EACjC;EAED,IAAIE,SAAS,EAAE;IACbC,OAAO,CAAC,YAAY,CAAC,GAAGD,SAAS;EAClC;;EAGD,IAAI,CAACA,SAAS,IAAI,OAAOE,SAAS,KAAK,WAAW,EAAE;IAClDD,OAAO,CAAC,YAAY,CAAC,MAAMX,IAAI,IAAIa,OAAO,EAAE;EAC7C;EAED,MAAMC,MAAM,GAAG;IAAEH;GAAS;EAC1B,MAAMI,GAAG,GAAM,GAAAN,OAAO,CAACO,OAAO,CAAC,MAAM,EAAE,EAAE,CAAI,GAAAT,UAAU;EAEvD,OAAOU,KAAK,CAACF,GAAG,EAAED,MAAM,CAAC,CAACI,IAAI,CAAEC,GAAG,IAAI;IACrC,IAAIA,GAAG,CAACC,EAAE,EAAE,OAAOD,GAAG,CAACE,IAAI,EAAsB;IAEjD,QAAQF,GAAG,CAACG,MAAM;MAChB,KAAKC,WAAW,CAACD,MAAM;QACrB,MAAM,IAAI5B,KAAK,CAAC6B,WAAW,CAACC,UAAU,CAAC;MACzC,KAAKC,YAAY,CAACH,MAAM;QACtB,OAAOH,GAAG,CAACE,IAAI,EAAE,CAACH,IAAI,CAAEQ,IAAe,IAAI;UACzC,MAAM,IAAIhC,KAAK,CAACgC,IAAI,CAAC5B,OAAO,CAAC;QAC/B,CAAC,CAAC;MACJ,KAAK6B,SAAS,CAACL,MAAM;QAAE;UACrB,MAAMjB,KAAK,GAAGc,GAAG,CAACR,OAAO,CAACiB,GAAG,CAAC,QAAQ,CAAC;UACvC,IAAIvB,KAAK,EAAE;YACT,MAAM,IAAIX,KAAK,CAACU,gBAAgB,CAACC,KAAK,CAAC,CAAC;UACzC;UACD,MAAM,IAAIX,KAAK,CAACiC,SAAS,CAACH,UAAU,CAAC;QACtC;MACD,KAAKK,SAAS,CAACP,MAAM;QACnB,OAAO,IAAI;MACb,KAAKQ,iBAAiB,CAACR,MAAM;QAC3B,OAAOH,GAAG,CAACE,IAAI,EAAE,CAACH,IAAI,CAAEQ,IAAe,IAAI;UACzC,MAAM7B,UAAU,GAAGsB,GAAG,CAACR,OAAO,CAACiB,GAAG,CAAC,aAAa,CAAC;UACjD,MAAM,IAAInC,cAAc,CAACI,UAAU,EAAE6B,IAAI,CAAC5B,OAAO,CAAC;QACpD,CAAC,CAAC;MACJ;QACE,MAAM,IAAIJ,KAAK,CAACyB,GAAG,CAACK,UAAU,CAAC;IAAC;EAEtC,CAAC,CAAC;AACJ;"}

package/dist/esm/api/haveibeenpwned/index.mjs

@@ -0,0 +1,2 @@
+export { RateLimitError, fetchFromApi } from './fetchFromApi.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/esm/api/haveibeenpwned/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/api/haveibeenpwned/responses.mjs

@@ -0,0 +1,71 @@
+/**
+ * Known potential responses from the remote API.
+ *
+ * Unfortunately, the API does not send a decent human-readable message back
+ * with each response, but they are documented on the website:
+ * https://haveibeenpwned.com/api/v3#ResponseCodes
+ *
+ * These objects simply provide a mapping between the HTTP response status code
+ * and the corresponding human-readable message so we can throw a more
+ * descriptive error for the consumer. (They are also leveraged in our tests.)
+ */
+const emptyHeaders = /*#__PURE__*/new Map();
+/** @internal */
+const OK = {
+  headers: emptyHeaders,
+  status: 200
+};
+/** @internal */
+const BAD_REQUEST = {
+  headers: emptyHeaders,
+  status: 400,
+  statusText: 'Bad request — the account does not comply with an acceptable format.'
+};
+/**
+ * This response has unique behavior. For some reason, the API includes an
+ * object in the response body for this one, containing a human-readable
+ * message. Manually populating the message here purely for use in tests.
+ *
+ * @internal
+ */
+const UNAUTHORIZED = {
+  headers: emptyHeaders,
+  status: 401,
+  body: {
+    statusCode: 401,
+    message: 'Access denied due to missing hibp-api-key.'
+  }
+};
+/** @internal */
+const FORBIDDEN = {
+  headers: emptyHeaders,
+  status: 403,
+  statusText: 'Forbidden - access denied.'
+};
+/** @internal */
+const BLOCKED = {
+  headers: /*#__PURE__*/new Map([['cf-ray', 'someRayId']]),
+  status: 403
+};
+/** @internal */
+const NOT_FOUND = {
+  headers: emptyHeaders,
+  status: 404
+};
+/**
+ * This response has unique behavior. For some reason, the API includes an
+ * object in the response body for this one, containing a human-readable
+ * message. Manually populating the message here purely for use in tests.
+ *
+ * @internal
+ */
+const TOO_MANY_REQUESTS = {
+  headers: /*#__PURE__*/new Map([['retry-after', '2']]),
+  status: 429,
+  body: {
+    statusCode: 429,
+    message: 'Rate limit is exceeded. Try again in 2 seconds.'
+  }
+};
+export { BAD_REQUEST, BLOCKED, FORBIDDEN, NOT_FOUND, OK, TOO_MANY_REQUESTS, UNAUTHORIZED };
+//# sourceMappingURL=responses.mjs.map

package/dist/esm/api/haveibeenpwned/responses.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"responses.mjs","sources":["../../../../src/api/haveibeenpwned/responses.ts"],"sourcesContent":["/**\n * Known potential responses from the remote API.\n *\n * Unfortunately, the API does not send a decent human-readable message back\n * with each response, but they are documented on the website:\n * https://haveibeenpwned.com/api/v3#ResponseCodes\n *\n * These objects simply provide a mapping between the HTTP response status code\n * and the corresponding human-readable message so we can throw a more\n * descriptive error for the consumer. (They are also leveraged in our tests.)\n */\n\nimport type { ResponseBody } from './types';\n\n/** @internal */\nexport interface HaveIBeenPwnedApiResponse {\n  headers: Map<string, string>;\n  status: number;\n  statusText?: string;\n  body?: ResponseBody;\n}\n\nconst emptyHeaders = new Map<string, string>();\n\n/** @internal */\nexport const OK: HaveIBeenPwnedApiResponse = {\n  headers: emptyHeaders,\n  status: 200,\n};\n\n/** @internal */\nexport const BAD_REQUEST: HaveIBeenPwnedApiResponse = {\n  headers: emptyHeaders,\n  status: 400,\n  statusText:\n    'Bad request — the account does not comply with an acceptable format.',\n};\n\n/**\n * This response has unique behavior. For some reason, the API includes an\n * object in the response body for this one, containing a human-readable\n * message. Manually populating the message here purely for use in tests.\n *\n * @internal\n */\nexport const UNAUTHORIZED: HaveIBeenPwnedApiResponse = {\n  headers: emptyHeaders,\n  status: 401,\n  body: {\n    statusCode: 401,\n    message: 'Access denied due to missing hibp-api-key.',\n  },\n};\n\n/** @internal */\nexport const FORBIDDEN: HaveIBeenPwnedApiResponse = {\n  headers: emptyHeaders,\n  status: 403,\n  statusText: 'Forbidden - access denied.',\n};\n\n/** @internal */\nexport const BLOCKED: HaveIBeenPwnedApiResponse = {\n  headers: new Map([['cf-ray', 'someRayId']]),\n  status: 403,\n};\n\n/** @internal */\nexport const NOT_FOUND: HaveIBeenPwnedApiResponse = {\n  headers: emptyHeaders,\n  status: 404,\n};\n\n/**\n * This response has unique behavior. For some reason, the API includes an\n * object in the response body for this one, containing a human-readable\n * message. Manually populating the message here purely for use in tests.\n *\n * @internal\n */\nexport const TOO_MANY_REQUESTS: HaveIBeenPwnedApiResponse = {\n  headers: new Map([['retry-after', '2']]),\n  status: 429,\n  body: {\n    statusCode: 429,\n    message: 'Rate limit is exceeded. Try again in 2 seconds.',\n  },\n};\n"],"names":["emptyHeaders","Map","OK","headers","status","BAD_REQUEST","statusText","UNAUTHORIZED","body","statusCode","message","FORBIDDEN","BLOCKED","NOT_FOUND","TOO_MANY_REQUESTS"],"mappings":"AAAA;;;;;;;;;;AAUG;AAYH,MAAMA,YAAY,gBAAG,IAAIC,GAAG,EAAkB;AAE9C;AACa,MAAAC,EAAE,GAA8B;EAC3CC,OAAO,EAAEH,YAAY;EACrBI,MAAM,EAAE;CACR;AAEF;AACa,MAAAC,WAAW,GAA8B;EACpDF,OAAO,EAAEH,YAAY;EACrBI,MAAM,EAAE,GAAG;EACXE,UAAU,EACR;CACF;AAEF;;;;;;AAMG;AACU,MAAAC,YAAY,GAA8B;EACrDJ,OAAO,EAAEH,YAAY;EACrBI,MAAM,EAAE,GAAG;EACXI,IAAI,EAAE;IACJC,UAAU,EAAE,GAAG;IACfC,OAAO,EAAE;EACV;CACD;AAEF;AACa,MAAAC,SAAS,GAA8B;EAClDR,OAAO,EAAEH,YAAY;EACrBI,MAAM,EAAE,GAAG;EACXE,UAAU,EAAE;CACZ;AAEF;AACa,MAAAM,OAAO,GAA8B;EAChDT,OAAO,eAAE,IAAIF,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;EAC3CG,MAAM,EAAE;CACR;AAEF;AACa,MAAAS,SAAS,GAA8B;EAClDV,OAAO,EAAEH,YAAY;EACrBI,MAAM,EAAE;CACR;AAEF;;;;;;AAMG;AACU,MAAAU,iBAAiB,GAA8B;EAC1DX,OAAO,eAAE,IAAIF,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC;EACxCG,MAAM,EAAE,GAAG;EACXI,IAAI,EAAE;IACJC,UAAU,EAAE,GAAG;IACfC,OAAO,EAAE;EACV;;"}

package/dist/esm/api/pwnedpasswords/fetchFromApi.mjs

@@ -0,0 +1,42 @@
+import fetch from '../web-fetch.mjs';
+import { BAD_REQUEST } from './responses.mjs';
+
+/**
+ * Fetches data from the supplied API endpoint.
+ *
+ * HTTP status code 200 returns plain text (data found).
+ * HTTP status code 400 throws an Error (bad request).
+ *
+ * @internal
+ * @private
+ * @param {string} endpoint the API endpoint to query
+ * @param {object} [options] a configuration object
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {Promise<string>} a Promise which resolves to the data resulting
+ * from the query, or rejects with an Error
+ */
+function fetchFromApi(endpoint, {
+  baseUrl = 'https://api.pwnedpasswords.com',
+  userAgent
+} = {}) {
+  const config = Object.assign({}, userAgent ? {
+    headers: {
+      'User-Agent': userAgent
+    }
+  } : {});
+  const url = `${baseUrl.replace(/\/$/g, '')}${endpoint}`;
+  return fetch(url, config).then(res => {
+    if (res.ok) return res.text();
+    if (res.status === BAD_REQUEST.status) {
+      return res.text().then(text => {
+        throw new Error(text);
+      });
+    }
+    throw new Error(res.statusText);
+  });
+}
+export { fetchFromApi };
+//# sourceMappingURL=fetchFromApi.mjs.map

package/dist/esm/api/pwnedpasswords/fetchFromApi.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetchFromApi.mjs","sources":["../../../../src/api/pwnedpasswords/fetchFromApi.ts"],"sourcesContent":["import fetch from '../web-fetch';\nimport { BAD_REQUEST } from './responses';\n\n/**\n * Fetches data from the supplied API endpoint.\n *\n * HTTP status code 200 returns plain text (data found).\n * HTTP status code 400 throws an Error (bad request).\n *\n * @internal\n * @private\n * @param {string} endpoint the API endpoint to query\n * @param {object} [options] a configuration object\n * @param {string} [options.baseUrl] a custom base URL for the\n * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<string>} a Promise which resolves to the data resulting\n * from the query, or rejects with an Error\n */\nexport function fetchFromApi(\n  endpoint: string,\n  {\n    baseUrl = 'https://api.pwnedpasswords.com',\n    userAgent,\n  }: { baseUrl?: string; userAgent?: string } = {},\n): Promise<string> {\n  const config = Object.assign(\n    {},\n    userAgent\n      ? {\n          headers: {\n            'User-Agent': userAgent,\n          },\n        }\n      : {},\n  );\n\n  const url = `${baseUrl.replace(/\\/$/g, '')}${endpoint}`;\n\n  return fetch(url, config).then((res) => {\n    if (res.ok) return res.text();\n\n    if (res.status === BAD_REQUEST.status) {\n      return res.text().then((text) => {\n        throw new Error(text);\n      });\n    }\n\n    throw new Error(res.statusText);\n  });\n}\n"],"names":["fetchFromApi","endpoint","baseUrl","userAgent","config","Object","assign","headers","url","replace","fetch","then","res","ok","text","status","BAD_REQUEST","Error","statusText"],"mappings":";;;AAGA;;;;;;;;;;;;;;;;AAgBG;AACa,SAAAA,YAAYA,CAC1BC,QAAgB,EAChB;EACEC,OAAO,GAAG,gCAAgC;EAC1CC;AAAS,CAAA,GACmC,EAAE,EAAA;EAEhD,MAAMC,MAAM,GAAGC,MAAM,CAACC,MAAM,CAC1B,CAAE,CAAA,EACFH,SAAS,GACL;IACEI,OAAO,EAAE;MACP,YAAY,EAAEJ;IACf;EACF,CAAA,GACD,CAAA,CAAE,CACP;EAED,MAAMK,GAAG,GAAM,GAAAN,OAAO,CAACO,OAAO,CAAC,MAAM,EAAE,EAAE,CAAI,GAAAR,UAAU;EAEvD,OAAOS,KAAK,CAACF,GAAG,EAAEJ,MAAM,CAAC,CAACO,IAAI,CAAEC,GAAG,IAAI;IACrC,IAAIA,GAAG,CAACC,EAAE,EAAE,OAAOD,GAAG,CAACE,IAAI,EAAE;IAE7B,IAAIF,GAAG,CAACG,MAAM,KAAKC,WAAW,CAACD,MAAM,EAAE;MACrC,OAAOH,GAAG,CAACE,IAAI,EAAE,CAACH,IAAI,CAAEG,IAAI,IAAI;QAC9B,MAAM,IAAIG,KAAK,CAACH,IAAI,CAAC;MACvB,CAAC,CAAC;IACH;IAED,MAAM,IAAIG,KAAK,CAACL,GAAG,CAACM,UAAU,CAAC;EACjC,CAAC,CAAC;AACJ;"}

package/dist/esm/api/pwnedpasswords/index.mjs

@@ -0,0 +1,2 @@
+export { fetchFromApi } from './fetchFromApi.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/esm/api/pwnedpasswords/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/esm/api/pwnedpasswords/responses.mjs

@@ -0,0 +1,17 @@
+/**
+ * Known potential responses from the remote API.
+ *
+ * https://haveibeenpwned.com/api/v3#PwnedPasswords
+ *
+ */
+/** @internal */
+const OK = {
+  status: 200
+};
+/** @internal */
+const BAD_REQUEST = {
+  status: 400,
+  body: 'The hash prefix was not in a valid format'
+};
+export { BAD_REQUEST, OK };
+//# sourceMappingURL=responses.mjs.map

package/dist/esm/api/pwnedpasswords/responses.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"responses.mjs","sources":["../../../../src/api/pwnedpasswords/responses.ts"],"sourcesContent":["/**\n * Known potential responses from the remote API.\n *\n * https://haveibeenpwned.com/api/v3#PwnedPasswords\n *\n */\n\n/** @internal */\nexport interface PwnedPasswordsApiResponse {\n  status: number;\n  body?: string;\n}\n\n/** @internal */\nexport const OK: PwnedPasswordsApiResponse = {\n  status: 200,\n};\n\n/** @internal */\nexport const BAD_REQUEST: PwnedPasswordsApiResponse = {\n  status: 400,\n  body: 'The hash prefix was not in a valid format',\n};\n"],"names":["OK","status","BAD_REQUEST","body"],"mappings":"AAAA;;;;;AAKG;AAQH;AACa,MAAAA,EAAE,GAA8B;EAC3CC,MAAM,EAAE;CACR;AAEF;AACa,MAAAC,WAAW,GAA8B;EACpDD,MAAM,EAAE,GAAG;EACXE,IAAI,EAAE;;"}

package/dist/esm/api/web-fetch.mjs

@@ -0,0 +1,10 @@
+/* c8 ignore next */
+var fetch = typeof window !== 'undefined' ? window.fetch : fetchWrapper;
+async function fetchWrapper(input, init) {
+  const {
+    default: webFetch
+  } = await import('@remix-run/web-fetch');
+  return webFetch(input, init);
+}
+export { fetch as default };
+//# sourceMappingURL=web-fetch.mjs.map

package/dist/esm/api/web-fetch.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-fetch.mjs","sources":["../../../src/api/web-fetch.ts"],"sourcesContent":["/* c8 ignore next */\nexport default typeof window !== 'undefined' ? window.fetch : fetchWrapper;\n\nasync function fetchWrapper(\n  input: string | URL,\n  init?: RequestInit | undefined,\n): Promise<Response> {\n  const { default: webFetch } = await import('@remix-run/web-fetch');\n  return webFetch(input, init);\n}\n"],"names":["fetch","window","fetchWrapper","input","init","default","webFetch"],"mappings":"AAAA;AACA,IAAeA,KAAA,GAAA,OAAOC,MAAM,KAAK,WAAW,GAAGA,MAAM,CAACD,KAAK,GAAGE,YAAY;AAE1E,eAAeA,YAAYA,CACzBC,KAAmB,EACnBC,IAA8B,EAAA;EAE9B,MAAM;IAAEC,OAAO,EAAEC;EAAU,CAAA,GAAG,MAAM,MAAA,CAAO,sBAAsB,CAAC;EAClE,OAAOA,QAAQ,CAACH,KAAK,EAAEC,IAAI,CAAC;AAC9B;"}

package/dist/esm/breach.mjs

@@ -0,0 +1,53 @@
+import { fetchFromApi } from './api/haveibeenpwned/fetchFromApi.mjs';
+
+/**
+ * An object representing a breach.
+ *
+ * @typedef {object} Breach
+ * @property {string} Name
+ * @property {string} Title
+ * @property {string} Domain
+ * @property {string} BreachDate
+ * @property {string} AddedDate
+ * @property {string} ModifiedDate
+ * @property {number} PwnCount
+ * @property {string} Description
+ * @property {string} LogoPath
+ * @property {string[]} DataClasses
+ * @property {boolean} IsVerified
+ * @property {boolean} IsFabricated
+ * @property {boolean} IsSensitive
+ * @property {boolean} IsRetired
+ * @property {boolean} IsSpamList
+ */
+/**
+ * Fetches data for a specific breach event.
+ *
+ * @param {string} breachName the name of a breach in the system
+ * @param {object} [options] a configuration object
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * haveibeenpwned.com API endpoints (default:
+ * `https://haveibeenpwned.com/api/v3`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {(Promise<Breach>|Promise<null>)} a Promise which resolves to an
+ * object representing a breach (or null if no breach was found), or rejects
+ * with an Error
+ * @example
+ * breach('Adobe')
+ *   .then(data => {
+ *     if (data) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ */
+function breach(breachName, options = {}) {
+  return fetchFromApi(`/breach/${encodeURIComponent(breachName)}`, options);
+}
+export { breach };
+//# sourceMappingURL=breach.mjs.map

package/dist/esm/breach.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"breach.mjs","sources":["../../src/breach.ts"],"sourcesContent":["import type { Breach } from './api/haveibeenpwned/types';\nimport { fetchFromApi } from './api/haveibeenpwned';\n\n/**\n * An object representing a breach.\n *\n * @typedef {object} Breach\n * @property {string} Name\n * @property {string} Title\n * @property {string} Domain\n * @property {string} BreachDate\n * @property {string} AddedDate\n * @property {string} ModifiedDate\n * @property {number} PwnCount\n * @property {string} Description\n * @property {string} LogoPath\n * @property {string[]} DataClasses\n * @property {boolean} IsVerified\n * @property {boolean} IsFabricated\n * @property {boolean} IsSensitive\n * @property {boolean} IsRetired\n * @property {boolean} IsSpamList\n */\n\n/**\n * Fetches data for a specific breach event.\n *\n * @param {string} breachName the name of a breach in the system\n * @param {object} [options] a configuration object\n * @param {string} [options.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {(Promise<Breach>|Promise<null>)} a Promise which resolves to an\n * object representing a breach (or null if no breach was found), or rejects\n * with an Error\n * @example\n * breach('Adobe')\n *   .then(data => {\n *     if (data) {\n *       // ...\n *     } else {\n *       // ...\n *     }\n *   })\n *   .catch(err => {\n *     // ...\n *   });\n */\nexport function breach(\n  breachName: string,\n  options: { baseUrl?: string; userAgent?: string } = {},\n): Promise<Breach | null> {\n  return fetchFromApi(\n    `/breach/${encodeURIComponent(breachName)}`,\n    options,\n  ) as Promise<Breach | null>;\n}\n"],"names":["breach","breachName","options","fetchFromApi","encodeURIComponent"],"mappings":";;AAGA;;;;;;;;;;;;;;;;;;;AAmBG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;AAyBG;SACaA,MAAMA,CACpBC,UAAkB,EAClBC,UAAoD,EAAE,EAAA;EAEtD,OAAOC,YAAY,CACjB,WAAWC,kBAAkB,CAACH,UAAU,CAAG,EAAA,EAC3CC,OAAO,CACkB;AAC7B;"}

package/dist/esm/breachedAccount.mjs

@@ -0,0 +1,99 @@
+import { fetchFromApi } from './api/haveibeenpwned/fetchFromApi.mjs';
+
+/**
+ * Fetches breach data for a specific account.
+ *
+ * ***Warning (July 18, 2019):***
+ *
+ * `haveibeenpwned.com` now requires an API key from
+ * https://haveibeenpwned.com/API/Key for the `breachedaccount` endpoint. The
+ * `apiKey` option here is not explicitly required, but direct requests made
+ * without it (that is, without specifying a `baseUrl` to a proxy that inserts a
+ * valid API key on your behalf) will fail.
+ *
+ * @param {string} account a username or email address
+ * @param {object} [options] a configuration object
+ * @param {string} [options.apiKey] an API key from
+ * https://haveibeenpwned.com/API/Key (default: undefined)
+ * @param {string} [options.domain] a domain by which to filter the results
+ * (default: all domains)
+ * @param {boolean} [options.includeUnverified] include "unverified" breaches in
+ * the results (default: true)
+ * @param {boolean} [options.truncate] truncate the results to only include
+ * the name of each breach (default: true)
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * haveibeenpwned.com API endpoints (default:
+ * `https://haveibeenpwned.com/api/v3`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {(Promise<Breach[]> | Promise<null>)} a Promise which resolves to an
+ * array of breach objects (or null if no breaches were found), or rejects with
+ * an Error
+ * @example
+ * breachedAccount('foo', { apiKey: 'my-api-key' })
+ *   .then(data => {
+ *     if (data) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ * @example
+ * breachedAccount('bar', {
+ *   includeUnverified: false,
+ *   baseUrl: 'https://my-hibp-proxy:8080',
+ * })
+ *   .then(data => {
+ *     if (data) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ * @example
+ * breachedAccount('baz', {
+ *   apiKey: 'my-api-key',
+ *   domain: 'adobe.com',
+ *   truncate: false,
+ *   userAgent: 'my-app 1.0'
+ * })
+ *   .then(data => {
+ *     if (data) {
+ *       // ...
+ *     } else {
+ *       // ...
+ *     }
+ *   })
+ *   .catch(err => {
+ *     // ...
+ *   });
+ */
+function breachedAccount(account, options = {
+  includeUnverified: true,
+  truncate: true
+}) {
+  const endpoint = `/breachedaccount/${encodeURIComponent(account)}?`;
+  const params = [];
+  if (options.domain) {
+    params.push(`domain=${encodeURIComponent(options.domain)}`);
+  }
+  if (options.includeUnverified === false) {
+    params.push('includeUnverified=false');
+  }
+  if (options.truncate === false) {
+    params.push('truncateResponse=false');
+  }
+  return fetchFromApi(`${endpoint}${params.join('&')}`, {
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl,
+    userAgent: options.userAgent
+  });
+}
+export { breachedAccount };
+//# sourceMappingURL=breachedAccount.mjs.map