hibp 0.0.0-dev.9896b89a → 0.0.0-dev.d74e2ad2

package/dist/cjs/{pasteAccount.js → paste-account.cjs}

@@ -1,6 +1,6 @@
 'use strict';
 
-var fetchFromApi = /*#__PURE__*/require('./api/haveibeenpwned/fetchFromApi.js');
+var fetchFromApi = /*#__PURE__*/require('./api/haveibeenpwned/fetch-from-api.cjs');
 
 /**
  * An object representing a paste.
@@ -15,18 +15,16 @@ var fetchFromApi = /*#__PURE__*/require('./api/haveibeenpwned/fetchFromApi.js');
 /**
  * Fetches paste data for a specific account (email address).
  *
- * ***Warning (July 18, 2019):***
- *
- * `haveibeenpwned.com` now requires an API key from
+ * 🔑 `haveibeenpwned.com` requires an API key from
  * https://haveibeenpwned.com/API/Key for the `pasteaccount` endpoint. The
  * `apiKey` option here is not explicitly required, but direct requests made
- * without it (that is, without specifying a `baseUrl` to a proxy that inserts a
- * valid API key on your behalf) will fail.
+ * without it will fail (unless you specify a `baseUrl` to a proxy that inserts
+ * a valid API key on your behalf).
  *
  * @param {string} email the email address to query
  * @param {object} [options] a configuration object
  * @param {string} [options.apiKey] an API key from
- * https://haveibeenpwned.com/API/Key
+ * https://haveibeenpwned.com/API/Key (default: undefined)
  * @param {string} [options.baseUrl] a custom base URL for the
  * haveibeenpwned.com API endpoints (default:
  * `https://haveibeenpwned.com/api/v3`)
@@ -36,24 +34,32 @@ var fetchFromApi = /*#__PURE__*/require('./api/haveibeenpwned/fetchFromApi.js');
  * array of paste objects (or null if no pastes were found), or rejects with an
  * Error
  * @example
- * pasteAccount('foo@bar.com', { apiKey: 'my-api-key' })
- *   .then(data => {
- *     if (data) {
- *       // ...
- *     } else {
- *       // ...
- *     }
- *   })
- *   .catch(err => {
+ * try {
+ *   const data = await pasteAccount("foo@bar.com", { apiKey: "my-api-key" });
+ *   if (data) {
+ *     // ...
+ *   } else {
  *     // ...
+ *   }
+ * } catch (err) {
+ *   // ...
+ * }
+ * @example
+ * try {
+ *   const data = await pasteAccount("foo@bar.com", {
+ *     baseUrl: "https://my-hibp-proxy:8080",
  *   });
+ *   if (data) {
+ *     // ...
+ *   } else {
+ *     // ...
+ *   }
+ * } catch (err) {
+ *   // ...
+ * }
  */
 function pasteAccount(email, options = {}) {
-  return fetchFromApi.fetchFromApi(`/pasteaccount/${encodeURIComponent(email)}`, {
-    apiKey: options.apiKey,
-    baseUrl: options.baseUrl,
-    userAgent: options.userAgent
-  });
+  return fetchFromApi.fetchFromApi(`/pasteaccount/${encodeURIComponent(email)}`, options);
 }
 exports.pasteAccount = pasteAccount;
-//# sourceMappingURL=pasteAccount.js.map
+//# sourceMappingURL=paste-account.cjs.map

package/dist/cjs/paste-account.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"paste-account.cjs","sources":["../../src/paste-account.ts"],"sourcesContent":["import type { Paste } from './api/haveibeenpwned/types.js';\nimport { fetchFromApi } from './api/haveibeenpwned/fetch-from-api.js';\n\n/**\n * An object representing a paste.\n *\n * @typedef {object} Paste\n * @property {string} Id\n * @property {string} Source\n * @property {string} Title\n * @property {string} Date\n * @property {number} EmailCount\n */\n\n/**\n * Fetches paste data for a specific account (email address).\n *\n * 🔑 `haveibeenpwned.com` requires an API key from\n * https://haveibeenpwned.com/API/Key for the `pasteaccount` endpoint. The\n * `apiKey` option here is not explicitly required, but direct requests made\n * without it will fail (unless you specify a `baseUrl` to a proxy that inserts\n * a valid API key on your behalf).\n *\n * @param {string} email the email address to query\n * @param {object} [options] a configuration object\n * @param {string} [options.apiKey] an API key from\n * https://haveibeenpwned.com/API/Key (default: undefined)\n * @param {string} [options.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {(Promise<Paste[]> | Promise<null>)} a Promise which resolves to an\n * array of paste objects (or null if no pastes were found), or rejects with an\n * Error\n * @example\n * try {\n *   const data = await pasteAccount(\"foo@bar.com\", { apiKey: \"my-api-key\" });\n *   if (data) {\n *     // ...\n *   } else {\n *     // ...\n *   }\n * } catch (err) {\n *   // ...\n * }\n * @example\n * try {\n *   const data = await pasteAccount(\"foo@bar.com\", {\n *     baseUrl: \"https://my-hibp-proxy:8080\",\n *   });\n *   if (data) {\n *     // ...\n *   } else {\n *     // ...\n *   }\n * } catch (err) {\n *   // ...\n * }\n */\nexport function pasteAccount(\n  email: string,\n  options: {\n    /**\n     * an API key from https://haveibeenpwned.com/API/Key (default: undefined)\n     */\n    apiKey?: string;\n    /**\n     * a custom base URL for the haveibeenpwned.com API endpoints (default:\n     * `https://haveibeenpwned.com/api/v3`)\n     */\n    baseUrl?: string;\n    /**\n     * a custom string to send as the User-Agent field in the request headers\n     * (default: `hibp <version>`)\n     */\n    userAgent?: string;\n  } = {},\n): Promise<Paste[] | null> {\n  return fetchFromApi(\n    `/pasteaccount/${encodeURIComponent(email)}`,\n    options,\n  ) as Promise<Paste[] | null>;\n}\n"],"names":["pasteAccount","email","options","fetchFromApi","encodeURIComponent"],"mappings":";;;;AAGA;;;;;;;;;AASG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CG;SACaA,YAAYA,CAC1BC,KAAa,EACbC,UAeI,EAAE,EAAA;EAEN,OAAOC,YAAAA,CAAAA,YAAY,CACjB,iBAAiBC,kBAAkB,CAACH,KAAK,CAAG,EAAA,EAC5CC,OAAO,CACmB;AAC9B;"}

package/dist/cjs/{pwnedPasswordRange.js → pwned-password-range.cjs}

@@ -1,6 +1,6 @@
 'use strict';
 
-var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetchFromApi.js');
+var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetch-from-api.cjs');
 
 /**
  * An object mapping an exposed password hash suffix (corresponding to a given
@@ -9,7 +9,8 @@ var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetchFromApi.js');
  * @typedef {Object.<string, number>} PwnedPasswordSuffixes
  */
 /**
- * Fetches the SHA-1 hash suffixes for the given 5-character SHA-1 hash prefix.
+ * Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash
+ * prefix.
  *
  * When a password hash with the same first 5 characters is found in the Pwned
  * Passwords repository, the API will respond with an HTTP 200 and include the
@@ -17,9 +18,13 @@ var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetchFromApi.js');
  * of how many times it appears in the data set. This function parses the
  * response and returns a more structured format.
  *
- * @param {string} prefix the first 5 characters of a SHA-1 password hash (case
+ * @param {string} prefix the first 5 characters of a password hash (case
  * insensitive)
  * @param {object} [options] a configuration object
+ * @param {boolean} [options.addPadding] ask the remote API to add padding to
+ * the response to obscure the password prefix (default: `false`)
+ * @param {'sha1' | 'ntlm'} [options.mode] return SHA-1 or NTLM hashes
+ * (default: `sha1`)
  * @param {string} [options.baseUrl] a custom base URL for the
  * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)
  * @param {string} [options.userAgent] a custom string to send as the User-Agent
@@ -30,34 +35,48 @@ var fetchFromApi = /*#__PURE__*/require('./api/pwnedpasswords/fetchFromApi.js');
  * password data set, or rejects with an Error
  *
  * @example
- * pwnedPasswordRange('5BAA6')
- *   .then(results => {
- *     // results will have the following shape:
- *     // {
- *     //   "003D68EB55068C33ACE09247EE4C639306B": 3,
- *     //   "012C192B2F16F82EA0EB9EF18D9D539B0DD": 1,
- *     //   ...
- *     // }
- *   })
+ * try {
+ *   const results = await pwnedPasswordRange("5BAA6");
+ *   // results will have the following shape:
+ *   // {
+ *   //   "003D68EB55068C33ACE09247EE4C639306B": 3,
+ *   //   "012C192B2F16F82EA0EB9EF18D9D539B0DD": 1,
+ *   //   ...
+ *   // }
+ * } catch (err) {
+ *   // ...
+ * }
  * @example
- * const suffix = '1E4C9B93F3F0682250B6CF8331B7EE68FD8';
- * pwnedPasswordRange('5BAA6')
- *   .then(results => (results[suffix] || 0))
- *   .catch(err => {
- *     // ...
- *   });
+ * try {
+ *   const suffix = "1E4C9B93F3F0682250B6CF8331B7EE68FD8";
+ *   const results = await pwnedPasswordRange("5BAA6");
+ *   const numPwns = results[suffix] || 0;
+ * } catch (err) {
+ *   // ...
+ * }
  * @see https://haveibeenpwned.com/api/v3#SearchingPwnedPasswordsByRange
  */
-function pwnedPasswordRange(prefix, options = {}) {
-  return fetchFromApi.fetchFromApi(`/range/${encodeURIComponent(prefix)}`, options)
+async function pwnedPasswordRange(prefix, options = {}) {
+  const {
+    baseUrl,
+    userAgent,
+    addPadding = false,
+    mode = 'sha1'
+  } = options;
+  const data = await fetchFromApi.fetchFromApi(`/range/${encodeURIComponent(prefix)}`, {
+    baseUrl,
+    userAgent,
+    addPadding,
+    mode
+  });
   // create array from lines of text in response body
-  .then(data => data.split('\n').filter(Boolean))
+  const results = data.split('\n').filter(Boolean);
   // convert into an object mapping suffix to count for each line
-  .then(results => results.reduce((acc, row) => {
+  return results.reduce((acc, row) => {
     const [suffix, countString] = row.split(':');
-    acc[suffix] = parseInt(countString, 10);
+    acc[suffix] = Number.parseInt(countString, 10);
     return acc;
-  }, {}));
+  }, {});
 }
 exports.pwnedPasswordRange = pwnedPasswordRange;
-//# sourceMappingURL=pwnedPasswordRange.js.map
+//# sourceMappingURL=pwned-password-range.cjs.map

package/dist/cjs/pwned-password-range.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"pwned-password-range.cjs","sources":["../../src/pwned-password-range.ts"],"sourcesContent":["import { fetchFromApi } from './api/pwnedpasswords/fetch-from-api.js';\n\nexport type PwnedPasswordSuffixes = Record<string, number>;\n\n/**\n * An object mapping an exposed password hash suffix (corresponding to a given\n * hash prefix) to how many times it occurred in the Pwned Passwords repository.\n *\n * @typedef {Object.<string, number>} PwnedPasswordSuffixes\n */\n\n/**\n * Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash\n * prefix.\n *\n * When a password hash with the same first 5 characters is found in the Pwned\n * Passwords repository, the API will respond with an HTTP 200 and include the\n * suffix of every hash beginning with the specified prefix, followed by a count\n * of how many times it appears in the data set. This function parses the\n * response and returns a more structured format.\n *\n * @param {string} prefix the first 5 characters of a password hash (case\n * insensitive)\n * @param {object} [options] a configuration object\n * @param {boolean} [options.addPadding] ask the remote API to add padding to\n * the response to obscure the password prefix (default: `false`)\n * @param {'sha1' | 'ntlm'} [options.mode] return SHA-1 or NTLM hashes\n * (default: `sha1`)\n * @param {string} [options.baseUrl] a custom base URL for the\n * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<PwnedPasswordSuffixes>} a Promise which resolves to an\n * object mapping the `suffix` that when matched with the prefix composes the\n * complete hash, to the `count` of how many times it appears in the breached\n * password data set, or rejects with an Error\n *\n * @example\n * try {\n *   const results = await pwnedPasswordRange(\"5BAA6\");\n *   // results will have the following shape:\n *   // {\n *   //   \"003D68EB55068C33ACE09247EE4C639306B\": 3,\n *   //   \"012C192B2F16F82EA0EB9EF18D9D539B0DD\": 1,\n *   //   ...\n *   // }\n * } catch (err) {\n *   // ...\n * }\n * @example\n * try {\n *   const suffix = \"1E4C9B93F3F0682250B6CF8331B7EE68FD8\";\n *   const results = await pwnedPasswordRange(\"5BAA6\");\n *   const numPwns = results[suffix] || 0;\n * } catch (err) {\n *   // ...\n * }\n * @see https://haveibeenpwned.com/api/v3#SearchingPwnedPasswordsByRange\n */\nexport async function pwnedPasswordRange(\n  prefix: string,\n  options: {\n    /**\n     * ask the remote API to add padding to the response to obscure the password\n     * prefix (default: `false`)\n     */\n    addPadding?: boolean;\n    /**\n     * return SHA-1 or NTLM hashes (default: `sha1`)\n     */\n    mode?: 'sha1' | 'ntlm';\n    /**\n     * a custom base URL for the haveibeenpwned.com API endpoints (default:\n     * `https://haveibeenpwned.com/api/v3`)\n     */\n    baseUrl?: string;\n    /**\n     * a custom string to send as the User-Agent field in the request headers\n     * (default: `hibp <version>`)\n     */\n    userAgent?: string;\n  } = {},\n): Promise<PwnedPasswordSuffixes> {\n  const { baseUrl, userAgent, addPadding = false, mode = 'sha1' } = options;\n\n  const data = await fetchFromApi(`/range/${encodeURIComponent(prefix)}`, {\n    baseUrl,\n    userAgent,\n    addPadding,\n    mode,\n  });\n\n  // create array from lines of text in response body\n  const results = data.split('\\n').filter(Boolean);\n\n  // convert into an object mapping suffix to count for each line\n  return results.reduce<PwnedPasswordSuffixes>((acc, row) => {\n    const [suffix, countString] = row.split(':');\n    acc[suffix] = Number.parseInt(countString, 10);\n    return acc;\n  }, {});\n}\n"],"names":["pwnedPasswordRange","prefix","options","baseUrl","userAgent","addPadding","mode","data","fetchFromApi","encodeURIComponent","results","split","filter","Boolean","reduce","acc","row","suffix","countString","Number","parseInt"],"mappings":";;;;AAIA;;;;;AAKG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CG;AACI,eAAeA,kBAAkBA,CACtCC,MAAc,EACdC,UAoBI,EAAE,EAAA;EAEN,MAAM;IAAEC,OAAO;IAAEC,SAAS;IAAEC,UAAU,GAAG,KAAK;IAAEC,IAAI,GAAG;EAAQ,CAAA,GAAGJ,OAAO;EAEzE,MAAMK,IAAI,GAAG,MAAMC,yBAAY,CAAW,UAAAC,kBAAkB,CAACR,MAAM,CAAC,EAAE,EAAE;IACtEE,OAAO;IACPC,SAAS;IACTC,UAAU;IACVC;EACD,CAAA,CAAC;;EAGF,MAAMI,OAAO,GAAGH,IAAI,CAACI,KAAK,CAAC,IAAI,CAAC,CAACC,MAAM,CAACC,OAAO,CAAC;;EAGhD,OAAOH,OAAO,CAACI,MAAM,CAAwB,CAACC,GAAG,EAAEC,GAAG,KAAI;IACxD,MAAM,CAACC,MAAM,EAAEC,WAAW,CAAC,GAAGF,GAAG,CAACL,KAAK,CAAC,GAAG,CAAC;IAC5CI,GAAG,CAACE,MAAM,CAAC,GAAGE,MAAM,CAACC,QAAQ,CAACF,WAAW,EAAE,EAAE,CAAC;IAC9C,OAAOH,GAAG;EACX,CAAA,EAAE,CAAE,CAAA,CAAC;AACR;"}

package/dist/cjs/{pwnedPassword.js → pwned-password.cjs}

@@ -1,7 +1,7 @@
 'use strict';
 
 var JSSHA = /*#__PURE__*/require('jssha/dist/sha1');
-var pwnedPasswordRange = /*#__PURE__*/require('./pwnedPasswordRange.js');
+var pwnedPasswordRange = /*#__PURE__*/require('./pwned-password-range.cjs');
 
 /**
  * Fetches the number of times the the given password has been exposed in a
@@ -10,6 +10,8 @@ var pwnedPasswordRange = /*#__PURE__*/require('./pwnedPasswordRange.js');
  *
  * @param {string} password a password in plain text
  * @param {object} [options] a configuration object
+ * @param {boolean} [options.addPadding] ask the remote API to add padding to
+ * the response to obscure the password prefix (default: `false`)
  * @param {string} [options.baseUrl] a custom base URL for the
  * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)
  * @param {string} [options.userAgent] a custom string to send as the User-Agent
@@ -17,21 +19,22 @@ var pwnedPasswordRange = /*#__PURE__*/require('./pwnedPasswordRange.js');
  * @returns {Promise<number>} a Promise which resolves to the number of times
  * the password has been exposed in a breach, or rejects with an Error
  * @example
- * pwnedPassword('f00b4r')
- *   .then(numPwns => {
- *     // truthy check or numeric condition
- *     if (numPwns) {
- *       // ...
- *     } else {
- *       // ...
- *     }
- *   })
- *   .catch(err => {
+ * try {
+ *   const numPwns = await pwnedPassword("f00b4r");
+ *   // truthy check or numeric condition
+ *   if (numPwns) {
  *     // ...
- *   });
+ *   } else {
+ *     // ...
+ *   }
+ * } catch (err) {
+ *   // ...
+ * }
  * @see https://haveibeenpwned.com/api/v3#PwnedPasswords
  */
-function pwnedPassword(password, options = {}) {
+async function pwnedPassword(password, options = {}) {
+  /* eslint-disable */
+  // @ts-expect-error: JSSHA types are busted
   const sha1 = new JSSHA('SHA-1', 'TEXT');
   sha1.update(password);
   const hash = sha1.getHash('HEX', {
@@ -39,7 +42,9 @@ function pwnedPassword(password, options = {}) {
   });
   const prefix = hash.slice(0, 5);
   const suffix = hash.slice(5);
-  return pwnedPasswordRange.pwnedPasswordRange(prefix, options).then(range => range[suffix] || 0);
+  const range = await pwnedPasswordRange.pwnedPasswordRange(prefix, options);
+  return range[suffix] || 0;
+  /* eslint-enable */
 }
 exports.pwnedPassword = pwnedPassword;
-//# sourceMappingURL=pwnedPassword.js.map
+//# sourceMappingURL=pwned-password.cjs.map

package/dist/cjs/pwned-password.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"pwned-password.cjs","sources":["../../src/pwned-password.ts"],"sourcesContent":["import JSSHA from 'jssha/dist/sha1';\nimport { pwnedPasswordRange } from './pwned-password-range.js';\n\n/**\n * Fetches the number of times the the given password has been exposed in a\n * breach (0 indicating no exposure). The password is given in plain text, but\n * only the first 5 characters of its SHA-1 hash will be submitted to the API.\n *\n * @param {string} password a password in plain text\n * @param {object} [options] a configuration object\n * @param {boolean} [options.addPadding] ask the remote API to add padding to\n * the response to obscure the password prefix (default: `false`)\n * @param {string} [options.baseUrl] a custom base URL for the\n * pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<number>} a Promise which resolves to the number of times\n * the password has been exposed in a breach, or rejects with an Error\n * @example\n * try {\n *   const numPwns = await pwnedPassword(\"f00b4r\");\n *   // truthy check or numeric condition\n *   if (numPwns) {\n *     // ...\n *   } else {\n *     // ...\n *   }\n * } catch (err) {\n *   // ...\n * }\n * @see https://haveibeenpwned.com/api/v3#PwnedPasswords\n */\nexport async function pwnedPassword(\n  password: string,\n  options: {\n    /**\n     * ask the remote API to add padding to the response to obscure the password\n     * prefix (default: `false`)\n     */\n    addPadding?: boolean;\n    /**\n     * a custom base URL for the haveibeenpwned.com API endpoints (default:\n     * `https://haveibeenpwned.com/api/v3`)\n     */\n    baseUrl?: string;\n    /**\n     * a custom string to send as the User-Agent field in the request headers\n     * (default: `hibp <version>`)\n     */\n    userAgent?: string;\n  } = {},\n): Promise<number> {\n  /* eslint-disable */\n  // @ts-expect-error: JSSHA types are busted\n  const sha1 = new JSSHA('SHA-1', 'TEXT');\n  sha1.update(password);\n  const hash = sha1.getHash('HEX', { outputUpper: true });\n  const prefix = hash.slice(0, 5);\n  const suffix = hash.slice(5);\n\n  const range = await pwnedPasswordRange(prefix, options);\n  return range[suffix] || 0;\n  /* eslint-enable */\n}\n"],"names":["pwnedPassword","password","options","sha1","JSSHA","update","hash","getHash","outputUpper","prefix","slice","suffix","range","pwnedPasswordRange"],"mappings":";;;;;AAGA;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BG;AACI,eAAeA,aAAaA,CACjCC,QAAgB,EAChBC,UAgBI,EAAE,EAAA;;;EAIN,MAAMC,IAAI,GAAG,IAAIC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC;EACvCD,IAAI,CAACE,MAAM,CAACJ,QAAQ,CAAC;EACrB,MAAMK,IAAI,GAAGH,IAAI,CAACI,OAAO,CAAC,KAAK,EAAE;IAAEC,WAAW,EAAE;EAAI,CAAE,CAAC;EACvD,MAAMC,MAAM,GAAGH,IAAI,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;EAC/B,MAAMC,MAAM,GAAGL,IAAI,CAACI,KAAK,CAAC,CAAC,CAAC;EAE5B,MAAME,KAAK,GAAG,MAAMC,kBAAAA,CAAAA,kBAAkB,CAACJ,MAAM,EAAEP,OAAO,CAAC;EACvD,OAAOU,KAAK,CAACD,MAAM,CAAC,IAAI,CAAC;;AAE3B;"}

package/dist/cjs/{search.js → search.cjs}

@@ -1,7 +1,7 @@
 'use strict';
 
-var breachedAccount = /*#__PURE__*/require('./breachedAccount.js');
-var pasteAccount = /*#__PURE__*/require('./pasteAccount.js');
+var breachedAccount = /*#__PURE__*/require('./breached-account.cjs');
+var pasteAccount = /*#__PURE__*/require('./paste-account.cjs');
 
 /**
  * An object representing search results.
@@ -19,79 +19,81 @@ var pasteAccount = /*#__PURE__*/require('./pasteAccount.js');
  * exactly how searching via the current web interface behaves, which this
  * convenience method is designed to mimic.
  *
- * ***Warning (July 18, 2019):***
- *
- * `haveibeenpwned.com` now requires an API key from
+ * 🔑 `haveibeenpwned.com` requires an API key from
  * https://haveibeenpwned.com/API/Key for the `breachedaccount` and
- * `pasteaccount` endpoints. The  `apiKey` option here is not explicitly
- * required, but direct requests made without it (that is, without specifying a
- * `baseUrl` to a proxy that inserts a valid API key on your behalf) will fail.
+ * `pasteaccount` endpoints. The `apiKey` option here is not explicitly
+ * required, but direct requests made without it will fail (unless you specify a
+ * `baseUrl` to a proxy that inserts a valid API key on your behalf).
  *
  * @param {string} account an email address or username
- * @param {object} [breachOptions] a configuration object pertaining to breach
- * queries
- * @param {string} [breachOptions.apiKey] an API key from
- * https://haveibeenpwned.com/API/Key
- * @param {string} [breachOptions.domain] a domain by which to filter the
+ * @param {object} [options] a configuration object
+ * @param {string} [options.apiKey] an API key from
+ * https://haveibeenpwned.com/API/Key (default: undefined)
+ * @param {string} [options.domain] a domain by which to filter the breach
  * results (default: all domains)
- * @param {boolean} [breachOptions.truncate] truncate the results to only
+ * @param {boolean} [options.truncate] truncate the breach results to only
  * include the name of each breach (default: true)
- * @param {string} [breachOptions.baseUrl] a custom base URL for the
+ * @param {string} [options.baseUrl] a custom base URL for the
  * haveibeenpwned.com API endpoints (default:
  * `https://haveibeenpwned.com/api/v3`)
- * @param {string} [breachOptions.userAgent] a custom string to send as the
+ * @param {string} [options.userAgent] a custom string to send as the
  * User-Agent field in the request headers (default: `hibp <version>`)
  * @returns {Promise<SearchResults>} a Promise which resolves to an object
  * containing a "breaches" key (which can be null or an array of breach objects)
  * and a "pastes" key (which can be null or an array of paste objects), or
  * rejects with an Error
  * @example
- * search('foo', { apiKey: 'my-api-key' })
- *   .then(data => {
- *     if (data.breaches || data.pastes) {
- *       // ...
- *     } else {
- *       // ...
- *     }
- *   })
- *   .catch(err => {
+ * try {
+ *   const data = await search("foo", { apiKey: "my-api-key" });
+ *   if (data.breaches || data.pastes) {
  *     // ...
- *   });
- * @example
- * search('nobody@nowhere.com', { apiKey: 'my-api-key', truncate: false })
- *   .then(data => {
- *     if (data.breaches || data.pastes) {
- *       // ...
- *     } else {
- *       // ...
- *     }
- *   })
- *   .catch(err => {
+ *   } else {
  *     // ...
+ *   }
+ * } catch (err) {
+ *   // ...
+ * }
+ * @example
+ * try {
+ *   const data = await search("nobody@nowhere.com", {
+ *     baseUrl: "https://my-hibp-proxy:8080",
+ *     truncate: false,
  *   });
- *
+ *   if (data.breaches || data.pastes) {
+ *     // ...
+ *   } else {
+ *     // ...
+ *   }
+ * } catch (err) {
+ *   // ...
+ * }
  * @see https://haveibeenpwned.com/
  */
-function search(account, breachOptions = {
-  truncate: true
-}) {
+async function search(account, options = {}) {
   const {
     apiKey,
+    domain,
+    truncate = true,
+    baseUrl,
+    userAgent
+  } = options;
+  const [breaches, pastes] = await Promise.all([breachedAccount.breachedAccount(account, {
+    apiKey,
+    domain,
+    truncate,
     baseUrl,
     userAgent
-  } = breachOptions;
-  return Promise.all([breachedAccount.breachedAccount(account, breachOptions),
+  }),
   // This email regex is garbage but it seems to be what the API uses:
   /^.+@.+$/.test(account) ? pasteAccount.pasteAccount(account, {
     apiKey,
     baseUrl,
     userAgent
-  }) : null]).then(
-  // Avoid array destructuring here to prevent need for Babel helpers
-  promises => ({
-    breaches: promises[0],
-    pastes: promises[1]
-  }));
+  }) : null]);
+  return {
+    breaches,
+    pastes
+  };
 }
 exports.search = search;
-//# sourceMappingURL=search.js.map
+//# sourceMappingURL=search.cjs.map

package/dist/cjs/search.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.cjs","sources":["../../src/search.ts"],"sourcesContent":["import type { Breach, Paste } from './api/haveibeenpwned/types.js';\nimport { breachedAccount } from './breached-account.js';\nimport { pasteAccount } from './paste-account.js';\n\nexport interface SearchResults {\n  breaches: Breach[] | null;\n  pastes: Paste[] | null;\n}\n\n/**\n * An object representing search results.\n *\n * @typedef {object} SearchResults\n * @property {(Breach[] | null)} breaches\n * @property {(Paste[] | null)} pastes\n */\n\n/**\n * Fetches all breaches and all pastes associated with the provided account\n * (email address or username). Note that the remote API does not support\n * querying pastes by username (only email addresses), so in the event the\n * provided account is not a valid email address, only breach data is queried\n * and the \"pastes\" field of the resulting object will always be null. This is\n * exactly how searching via the current web interface behaves, which this\n * convenience method is designed to mimic.\n *\n * 🔑 `haveibeenpwned.com` requires an API key from\n * https://haveibeenpwned.com/API/Key for the `breachedaccount` and\n * `pasteaccount` endpoints. The `apiKey` option here is not explicitly\n * required, but direct requests made without it will fail (unless you specify a\n * `baseUrl` to a proxy that inserts a valid API key on your behalf).\n *\n * @param {string} account an email address or username\n * @param {object} [options] a configuration object\n * @param {string} [options.apiKey] an API key from\n * https://haveibeenpwned.com/API/Key (default: undefined)\n * @param {string} [options.domain] a domain by which to filter the breach\n * results (default: all domains)\n * @param {boolean} [options.truncate] truncate the breach results to only\n * include the name of each breach (default: true)\n * @param {string} [options.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [options.userAgent] a custom string to send as the\n * User-Agent field in the request headers (default: `hibp <version>`)\n * @returns {Promise<SearchResults>} a Promise which resolves to an object\n * containing a \"breaches\" key (which can be null or an array of breach objects)\n * and a \"pastes\" key (which can be null or an array of paste objects), or\n * rejects with an Error\n * @example\n * try {\n *   const data = await search(\"foo\", { apiKey: \"my-api-key\" });\n *   if (data.breaches || data.pastes) {\n *     // ...\n *   } else {\n *     // ...\n *   }\n * } catch (err) {\n *   // ...\n * }\n * @example\n * try {\n *   const data = await search(\"nobody@nowhere.com\", {\n *     baseUrl: \"https://my-hibp-proxy:8080\",\n *     truncate: false,\n *   });\n *   if (data.breaches || data.pastes) {\n *     // ...\n *   } else {\n *     // ...\n *   }\n * } catch (err) {\n *   // ...\n * }\n * @see https://haveibeenpwned.com/\n */\nexport async function search(\n  account: string,\n  options: {\n    /**\n     * an API key from https://haveibeenpwned.com/API/Key (default: undefined)\n     */\n    apiKey?: string;\n    /**\n     * a domain by which to filter the results (default: all domains)\n     */\n    domain?: string;\n    /**\n     * truncate the results to only include the name of each breach (default:\n     * true)\n     */\n    truncate?: boolean;\n    /**\n     * a custom base URL for the haveibeenpwned.com API endpoints (default:\n     * `https://haveibeenpwned.com/api/v3`)\n     */\n    baseUrl?: string;\n    /**\n     * a custom string to send as the User-Agent field in the request headers\n     * (default: `hibp <version>`)\n     */\n    userAgent?: string;\n  } = {},\n): Promise<SearchResults> {\n  const { apiKey, domain, truncate = true, baseUrl, userAgent } = options;\n\n  const [breaches, pastes] = await Promise.all([\n    breachedAccount(account, { apiKey, domain, truncate, baseUrl, userAgent }),\n    // This email regex is garbage but it seems to be what the API uses:\n    /^.+@.+$/.test(account)\n      ? pasteAccount(account, { apiKey, baseUrl, userAgent })\n      : null,\n  ]);\n\n  return { breaches, pastes };\n}\n"],"names":["search","account","options","apiKey","domain","truncate","baseUrl","userAgent","breaches","pastes","Promise","all","breachedAccount","test","pasteAccount"],"mappings":";;;;;AASA;;;;;;AAMG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DG;AACI,eAAeA,MAAMA,CAC1BC,OAAe,EACfC,UAwBI,EAAE,EAAA;EAEN,MAAM;IAAEC,MAAM;IAAEC,MAAM;IAAEC,QAAQ,GAAG,IAAI;IAAEC,OAAO;IAAEC;EAAW,CAAA,GAAGL,OAAO;EAEvE,MAAM,CAACM,QAAQ,EAAEC,MAAM,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC3CC,eAAe,CAAAA,eAAA,CAACX,OAAO,EAAE;IAAEE,MAAM;IAAEC,MAAM;IAAEC,QAAQ;IAAEC,OAAO;IAAEC;GAAW,CAAC;;EAE1E,SAAS,CAACM,IAAI,CAACZ,OAAO,CAAC,GACnBa,YAAAA,CAAAA,YAAY,CAACb,OAAO,EAAE;IAAEE,MAAM;IAAEG,OAAO;IAAEC;EAAS,CAAE,CAAC,GACrD,IAAI,CACT,CAAC;EAEF,OAAO;IAAEC,QAAQ;IAAEC;GAAQ;AAC7B;"}

package/dist/cjs/subscription-status.cjs

@@ -0,0 +1,56 @@
+'use strict';
+
+var fetchFromApi = /*#__PURE__*/require('./api/haveibeenpwned/fetch-from-api.cjs');
+
+/**
+ * An object representing the status of your HIBP subscription.
+ *
+ * @typedef {object} SubscriptionStatus
+ * @property {string} SubscriptionName
+ * @property {string} Description
+ * @property {string} SubscribedUntil
+ * @property {number} Rpm
+ * @property {number} DomainSearchMaxBreachedAccounts
+ */
+/**
+ * Fetches the current status of your HIBP subscription (API key).
+ *
+ * 🔑 `haveibeenpwned.com` requires an API key from
+ * https://haveibeenpwned.com/API/Key for the `subscription/status` endpoint.
+ * The `apiKey` option here is not explicitly required, but direct requests made
+ * without it will fail (unless you specify a `baseUrl` to a proxy that inserts
+ * a valid API key on your behalf).
+ *
+ * @param {object} [options] a configuration object
+ * @param {string} [options.apiKey] an API key from
+ * https://haveibeenpwned.com/API/Key (default: undefined)
+ * @param {string} [options.baseUrl] a custom base URL for the
+ * haveibeenpwned.com API endpoints (default:
+ * `https://haveibeenpwned.com/api/v3`)
+ * @param {string} [options.userAgent] a custom string to send as the User-Agent
+ * field in the request headers (default: `hibp <version>`)
+ * @returns {Promise<SubscriptionStatus>} a Promise which resolves to a
+ * subscription status object, or rejects with an Error
+ * @example
+ * try {
+ *   const data = await subscriptionStatus({ apiKey: "my-api-key" });
+ *   // ...
+ * } catch (err) {
+ *   // ...
+ * }
+ * @example
+ * try {
+ *   const data = await subscriptionStatus({
+ *     baseUrl: "https://my-hibp-proxy:8080",
+ *   });
+ *   // ...
+ * } catch (err) {
+ *   // ...
+ * }
+ */
+async function subscriptionStatus(options = {}) {
+  const endpoint = '/subscription/status';
+  return fetchFromApi.fetchFromApi(endpoint, options);
+}
+exports.subscriptionStatus = subscriptionStatus;
+//# sourceMappingURL=subscription-status.cjs.map

package/dist/cjs/subscription-status.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscription-status.cjs","sources":["../../src/subscription-status.ts"],"sourcesContent":["import type { SubscriptionStatus } from './api/haveibeenpwned/types.js';\nimport { fetchFromApi } from './api/haveibeenpwned/fetch-from-api.js';\n\n/**\n * An object representing the status of your HIBP subscription.\n *\n * @typedef {object} SubscriptionStatus\n * @property {string} SubscriptionName\n * @property {string} Description\n * @property {string} SubscribedUntil\n * @property {number} Rpm\n * @property {number} DomainSearchMaxBreachedAccounts\n */\n\n/**\n * Fetches the current status of your HIBP subscription (API key).\n *\n * 🔑 `haveibeenpwned.com` requires an API key from\n * https://haveibeenpwned.com/API/Key for the `subscription/status` endpoint.\n * The `apiKey` option here is not explicitly required, but direct requests made\n * without it will fail (unless you specify a `baseUrl` to a proxy that inserts\n * a valid API key on your behalf).\n *\n * @param {object} [options] a configuration object\n * @param {string} [options.apiKey] an API key from\n * https://haveibeenpwned.com/API/Key (default: undefined)\n * @param {string} [options.baseUrl] a custom base URL for the\n * haveibeenpwned.com API endpoints (default:\n * `https://haveibeenpwned.com/api/v3`)\n * @param {string} [options.userAgent] a custom string to send as the User-Agent\n * field in the request headers (default: `hibp <version>`)\n * @returns {Promise<SubscriptionStatus>} a Promise which resolves to a\n * subscription status object, or rejects with an Error\n * @example\n * try {\n *   const data = await subscriptionStatus({ apiKey: \"my-api-key\" });\n *   // ...\n * } catch (err) {\n *   // ...\n * }\n * @example\n * try {\n *   const data = await subscriptionStatus({\n *     baseUrl: \"https://my-hibp-proxy:8080\",\n *   });\n *   // ...\n * } catch (err) {\n *   // ...\n * }\n */\nexport async function subscriptionStatus(\n  options: {\n    /**\n     * an API key from https://haveibeenpwned.com/API/Key (default: undefined)\n     */\n    apiKey?: string;\n    /**\n     * a custom base URL for the haveibeenpwned.com API endpoints (default:\n     * `https://haveibeenpwned.com/api/v3`)\n     */\n    baseUrl?: string;\n    /**\n     * a custom string to send as the User-Agent field in the request headers\n     * (default: `hibp <version>`)\n     */\n    userAgent?: string;\n  } = {},\n) {\n  const endpoint = '/subscription/status';\n\n  return fetchFromApi(endpoint, options) as Promise<SubscriptionStatus>;\n}\n"],"names":["subscriptionStatus","options","endpoint","fetchFromApi"],"mappings":";;;;AAGA;;;;;;;;;AASG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCG;AACI,eAAeA,kBAAkBA,CACtCC,UAeI,EAAE,EAAA;EAEN,MAAMC,QAAQ,GAAG,sBAAsB;EAEvC,OAAOC,YAAY,CAAAA,YAAA,CAACD,QAAQ,EAAED,OAAO,CAAgC;AACvE;"}

package/dist/esm/api/fetch-polyfill.js

@@ -0,0 +1,25 @@
+/* eslint-disable global-require */
+/* eslint-disable @typescript-eslint/no-var-requires */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+// This can probably be removed in favor of Node's native fetch once we drop
+// support for v18. https://x.com/ebey_jacob/status/1709975146939973909?s=20
+function installUndiciOnNode18() {
+  if (typeof process !== 'undefined' && process.versions.node.startsWith('18.')) {
+    const {
+      File: UndiciFile,
+      fetch: undiciFetch,
+      FormData: UndiciFormData,
+      Headers: UndiciHeaders,
+      Request: UndiciRequest,
+      Response: UndiciResponse
+    } = require('undici');
+    global.File = UndiciFile;
+    global.Headers = UndiciHeaders;
+    global.Request = UndiciRequest;
+    global.Response = UndiciResponse;
+    global.fetch = undiciFetch;
+    global.FormData = UndiciFormData;
+  }
+}
+export { installUndiciOnNode18 };
+//# sourceMappingURL=fetch-polyfill.js.map

package/dist/esm/api/fetch-polyfill.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch-polyfill.js","sources":["../../../src/api/fetch-polyfill.ts"],"sourcesContent":["/* eslint-disable global-require */\n/* eslint-disable @typescript-eslint/no-var-requires */\n/* eslint-disable @typescript-eslint/no-unsafe-assignment */\n\n// This can probably be removed in favor of Node's native fetch once we drop\n// support for v18. https://x.com/ebey_jacob/status/1709975146939973909?s=20\n\nexport function installUndiciOnNode18() {\n  if (\n    typeof process !== 'undefined' &&\n    process.versions.node.startsWith('18.')\n  ) {\n    const {\n      File: UndiciFile,\n      fetch: undiciFetch,\n      FormData: UndiciFormData,\n      Headers: UndiciHeaders,\n      Request: UndiciRequest,\n      Response: UndiciResponse,\n    } = require('undici');\n    global.File = UndiciFile as unknown as typeof File;\n    global.Headers = UndiciHeaders;\n    global.Request = UndiciRequest;\n    global.Response = UndiciResponse;\n    global.fetch = undiciFetch;\n    global.FormData = UndiciFormData;\n  }\n}\n"],"names":["installUndiciOnNode18","process","versions","node","startsWith","File","UndiciFile","fetch","undiciFetch","FormData","UndiciFormData","Headers","UndiciHeaders","Request","UndiciRequest","Response","UndiciResponse","require","global"],"mappings":"AAAA;AACA;AACA;AAEA;AACA;SAEgBA,qBAAqBA,CAAA,EAAA;EACnC,IACE,OAAOC,OAAO,KAAK,WAAW,IAC9BA,OAAO,CAACC,QAAQ,CAACC,IAAI,CAACC,UAAU,CAAC,KAAK,CAAC,EACvC;IACA,MAAM;MACJC,IAAI,EAAEC,UAAU;MAChBC,KAAK,EAAEC,WAAW;MAClBC,QAAQ,EAAEC,cAAc;MACxBC,OAAO,EAAEC,aAAa;MACtBC,OAAO,EAAEC,aAAa;MACtBC,QAAQ,EAAEC;IAAc,CACzB,GAAGC,OAAO,CAAC,QAAQ,CAAC;IACrBC,MAAM,CAACb,IAAI,GAAGC,UAAoC;IAClDY,MAAM,CAACP,OAAO,GAAGC,aAAa;IAC9BM,MAAM,CAACL,OAAO,GAAGC,aAAa;IAC9BI,MAAM,CAACH,QAAQ,GAAGC,cAAc;IAChCE,MAAM,CAACX,KAAK,GAAGC,WAAW;IAC1BU,MAAM,CAACT,QAAQ,GAAGC,cAAc;EACjC;AACH;"}

package/dist/esm/api/haveibeenpwned/{fetchFromApi.mjs → fetch-from-api.js}

@@ -1,7 +1,7 @@
-import fetch from '@remix-run/web-fetch';
-import { name, version } from '../../package.json.mjs';
-import { TOO_MANY_REQUESTS, NOT_FOUND, FORBIDDEN, UNAUTHORIZED, BAD_REQUEST } from './responses.mjs';
-
+import { name, version } from '../../package.json.js';
+import { installUndiciOnNode18 } from '../fetch-polyfill.js';
+import { TOO_MANY_REQUESTS, NOT_FOUND, FORBIDDEN, UNAUTHORIZED, BAD_REQUEST } from './responses.js';
+installUndiciOnNode18();
 /**
  * Custom error thrown when the haveibeenpwned.com API responds with 429 Too
  * Many Requests. See the `retryAfterSeconds` property for the number of seconds
@@ -19,10 +19,9 @@ class RateLimitError extends Error {
   constructor(retryAfter, message, options) {
     super(message, options);
     this.name = this.constructor.name;
-    this.retryAfterSeconds = typeof retryAfter === 'string' ? Number.parseInt(retryAfter, 10) /* c8 ignore start */ : undefined;
+    this.retryAfterSeconds = typeof retryAfter === 'string' ? Number.parseInt(retryAfter, 10) /* c8 ignore start */ : undefined; /* c8 ignore stop */
   }
 }
-/* c8 ignore stop */
 function blockedWithRayId(rayId) {
   return `Request blocked, contact haveibeenpwned.com if this continues (Ray ID: ${rayId})`;
 }
@@ -51,11 +50,12 @@ function blockedWithRayId(rayId) {
  * from the query (or null for 404 Not Found responses), or rejects with an
  * Error
  */
-function fetchFromApi(endpoint, {
-  apiKey,
-  baseUrl = 'https://haveibeenpwned.com/api/v3',
-  userAgent
-} = {}) {
+async function fetchFromApi(endpoint, options = {}) {
+  const {
+    apiKey,
+    baseUrl = 'https://haveibeenpwned.com/api/v3',
+    userAgent
+  } = options;
   const headers = {};
   if (apiKey) {
     headers['HIBP-API-Key'] = apiKey;
@@ -71,34 +71,39 @@ function fetchFromApi(endpoint, {
     headers
   };
   const url = `${baseUrl.replace(/\/$/g, '')}${endpoint}`;
-  return fetch(url, config).then(res => {
-    if (res.ok) return res.json();
-    switch (res.status) {
-      case BAD_REQUEST.status:
+  const response = await fetch(url, config);
+  if (response.ok) return response.json();
+  switch (response.status) {
+    case BAD_REQUEST.status:
+      {
         throw new Error(BAD_REQUEST.statusText);
-      case UNAUTHORIZED.status:
-        return res.json().then(body => {
-          throw new Error(body.message);
-        });
-      case FORBIDDEN.status:
-        {
-          const rayId = res.headers.get('cf-ray');
-          if (rayId) {
-            throw new Error(blockedWithRayId(rayId));
-          }
-          throw new Error(FORBIDDEN.statusText);
-        }
-      case NOT_FOUND.status:
+      }
+    case UNAUTHORIZED.status:
+      {
+        const body = await response.json();
+        throw new Error(body.message);
+      }
+    case FORBIDDEN.status:
+      {
+        const rayId = response.headers.get('cf-ray');
+        if (rayId) throw new Error(blockedWithRayId(rayId));
+        throw new Error(FORBIDDEN.statusText);
+      }
+    case NOT_FOUND.status:
+      {
         return null;
-      case TOO_MANY_REQUESTS.status:
-        return res.json().then(body => {
-          const retryAfter = res.headers.get('retry-after');
-          throw new RateLimitError(retryAfter, body.message);
-        });
-      default:
-        throw new Error(res.statusText);
-    }
-  });
+      }
+    case TOO_MANY_REQUESTS.status:
+      {
+        const body = await response.json();
+        const retryAfter = response.headers.get('retry-after');
+        throw new RateLimitError(retryAfter, body.message);
+      }
+    default:
+      {
+        throw new Error(response.statusText);
+      }
+  }
 }
 export { RateLimitError, fetchFromApi };
-//# sourceMappingURL=fetchFromApi.mjs.map
+//# sourceMappingURL=fetch-from-api.js.map