hibp 0.0.0-dev.9896b89a → 0.0.0-dev.debac06f

package/API.md

@@ -6,12 +6,11 @@
 </dd>
 <dt><a href="#breachedAccount">breachedAccount(account, [options])</a> ⇒ <code><a href="#breach--object">Promise.&lt;Array.&lt;Breach&gt;&gt;</a></code> | <code>Promise.&lt;null&gt;</code></dt>
 <dd><p>Fetches breach data for a specific account.</p>
-<p><em><strong>Warning (July 18, 2019):</strong></em></p>
-<p><code>haveibeenpwned.com</code> now requires an API key from
+<p>🔑 <code>haveibeenpwned.com</code> requires an API key from
 <a href="https://haveibeenpwned.com/API/Key">https://haveibeenpwned.com/API/Key</a> for the <code>breachedaccount</code> endpoint. The
 <code>apiKey</code> option here is not explicitly required, but direct requests made
-without it (that is, without specifying a <code>baseUrl</code> to a proxy that inserts a
-valid API key on your behalf) will fail.</p>
+without it will fail (unless you specify a <code>baseUrl</code> to a proxy that inserts
+a valid API key on your behalf).</p>
 </dd>
 <dt><a href="#breaches">breaches([options])</a> ⇒ <code><a href="#breach--object">Promise.&lt;Array.&lt;Breach&gt;&gt;</a></code></dt>
 <dd><p>Fetches all breach events in the system.</p>
@@ -21,27 +20,27 @@ valid API key on your behalf) will fail.</p>
 </dd>
 <dt><a href="#pasteAccount">pasteAccount(email, [options])</a> ⇒ <code><a href="#paste--object">Promise.&lt;Array.&lt;Paste&gt;&gt;</a></code> | <code>Promise.&lt;null&gt;</code></dt>
 <dd><p>Fetches paste data for a specific account (email address).</p>
-<p><em><strong>Warning (July 18, 2019):</strong></em></p>
-<p><code>haveibeenpwned.com</code> now requires an API key from
+<p>🔑 <code>haveibeenpwned.com</code> requires an API key from
 <a href="https://haveibeenpwned.com/API/Key">https://haveibeenpwned.com/API/Key</a> for the <code>pasteaccount</code> endpoint. The
 <code>apiKey</code> option here is not explicitly required, but direct requests made
-without it (that is, without specifying a <code>baseUrl</code> to a proxy that inserts a
-valid API key on your behalf) will fail.</p>
-</dd>
-<dt><a href="#pwnedPassword">pwnedPassword(password, [options])</a> ⇒ <code>Promise.&lt;number&gt;</code></dt>
-<dd><p>Fetches the number of times the the given password has been exposed in a
-breach (0 indicating no exposure). The password is given in plain text, but
-only the first 5 characters of its SHA-1 hash will be submitted to the API.</p>
+without it will fail (unless you specify a <code>baseUrl</code> to a proxy that inserts
+a valid API key on your behalf).</p>
 </dd>
 <dt><a href="#pwnedPasswordRange">pwnedPasswordRange(prefix, [options])</a> ⇒ <code><a href="#PwnedPasswordSuffixes">Promise.&lt;PwnedPasswordSuffixes&gt;</a></code></dt>
-<dd><p>Fetches the SHA-1 hash suffixes for the given 5-character SHA-1 hash prefix.</p>
+<dd><p>Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash
+prefix.</p>
 <p>When a password hash with the same first 5 characters is found in the Pwned
 Passwords repository, the API will respond with an HTTP 200 and include the
 suffix of every hash beginning with the specified prefix, followed by a count
 of how many times it appears in the data set. This function parses the
 response and returns a more structured format.</p>
 </dd>
-<dt><a href="#search">search(account, [breachOptions])</a> ⇒ <code><a href="#SearchResults">Promise.&lt;SearchResults&gt;</a></code></dt>
+<dt><a href="#pwnedPassword">pwnedPassword(password, [options])</a> ⇒ <code>Promise.&lt;number&gt;</code></dt>
+<dd><p>Fetches the number of times the the given password has been exposed in a
+breach (0 indicating no exposure). The password is given in plain text, but
+only the first 5 characters of its SHA-1 hash will be submitted to the API.</p>
+</dd>
+<dt><a href="#search">search(account, [options])</a> ⇒ <code><a href="#SearchResults">Promise.&lt;SearchResults&gt;</a></code></dt>
 <dd><p>Fetches all breaches and all pastes associated with the provided account
 (email address or username). Note that the remote API does not support
 querying pastes by username (only email addresses), so in the event the
@@ -49,12 +48,19 @@ provided account is not a valid email address, only breach data is queried
 and the &quot;pastes&quot; field of the resulting object will always be null. This is
 exactly how searching via the current web interface behaves, which this
 convenience method is designed to mimic.</p>
-<p><em><strong>Warning (July 18, 2019):</strong></em></p>
-<p><code>haveibeenpwned.com</code> now requires an API key from
+<p>🔑 <code>haveibeenpwned.com</code> requires an API key from
 <a href="https://haveibeenpwned.com/API/Key">https://haveibeenpwned.com/API/Key</a> for the <code>breachedaccount</code> and
-<code>pasteaccount</code> endpoints. The  <code>apiKey</code> option here is not explicitly
-required, but direct requests made without it (that is, without specifying a
-<code>baseUrl</code> to a proxy that inserts a valid API key on your behalf) will fail.</p>
+<code>pasteaccount</code> endpoints. The <code>apiKey</code> option here is not explicitly
+required, but direct requests made without it will fail (unless you specify a
+<code>baseUrl</code> to a proxy that inserts a valid API key on your behalf).</p>
+</dd>
+<dt><a href="#subscriptionStatus">subscriptionStatus([options])</a> ⇒ <code><a href="#subscriptionstatus--object">Promise.&lt;SubscriptionStatus&gt;</a></code></dt>
+<dd><p>Fetches the current status of your HIBP subscription (API key).</p>
+<p>🔑 <code>haveibeenpwned.com</code> requires an API key from
+<a href="https://haveibeenpwned.com/API/Key">https://haveibeenpwned.com/API/Key</a> for the <code>subscription/status</code> endpoint.
+The <code>apiKey</code> option here is not explicitly required, but direct requests made
+without it will fail (unless you specify a <code>baseUrl</code> to a proxy that inserts
+a valid API key on your behalf).</p>
 </dd>
 </dl>
 
@@ -74,6 +80,9 @@ hash prefix) to how many times it occurred in the Pwned Passwords repository.</p
 <dt><a href="#SearchResults">SearchResults</a> : <code>object</code></dt>
 <dd><p>An object representing search results.</p>
 </dd>
+<dt><a href="#subscriptionstatus--object">SubscriptionStatus</a> : <code>object</code></dt>
+<dd><p>An object representing the status of your HIBP subscription.</p>
+</dd>
 </dl>
 
 <a name="breach"></a>
@@ -95,30 +104,27 @@ with an Error
 
 **Example**  
 ```js
-breach('Adobe')
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await breach("Adobe");
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="breachedAccount"></a>
 
 ## breachedAccount(account, [options]) ⇒ <code><a href="#breach--object">Promise.&lt;Array.&lt;Breach&gt;&gt;</a></code> \| <code>Promise.&lt;null&gt;</code>
 Fetches breach data for a specific account.
 
-***Warning (July 18, 2019):***
-
-`haveibeenpwned.com` now requires an API key from
+🔑 `haveibeenpwned.com` requires an API key from
 https://haveibeenpwned.com/API/Key for the `breachedaccount` endpoint. The
 `apiKey` option here is not explicitly required, but direct requests made
-without it (that is, without specifying a `baseUrl` to a proxy that inserts a
-valid API key on your behalf) will fail.
+without it will fail (unless you specify a `baseUrl` to a proxy that inserts
+a valid API key on your behalf).
 
 **Kind**: global function  
 **Returns**: <code><a href="#breach--object">Promise.&lt;Array.&lt;Breach&gt;&gt;</a></code> \| <code>Promise.&lt;null&gt;</code> - a Promise which resolves to an
@@ -138,53 +144,50 @@ an Error
 
 **Example**  
 ```js
-breachedAccount('foo', { apiKey: 'my-api-key' })
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await breachedAccount("foo", { apiKey: "my-api-key" });
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 **Example**  
 ```js
-breachedAccount('bar', {
-  includeUnverified: false,
-  baseUrl: 'https://my-hibp-proxy:8080',
-})
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
-    // ...
+try {
+  const data = await breachedAccount("bar", {
+    includeUnverified: false,
+    baseUrl: "https://my-hibp-proxy:8080",
   });
+  if (data) {
+    // ...
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 **Example**  
 ```js
-breachedAccount('baz', {
-  apiKey: 'my-api-key',
-  domain: 'adobe.com',
-  truncate: false,
-  userAgent: 'my-app 1.0'
-})
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
-    // ...
+try {
+  const data = await breachedAccount("baz", {
+    apiKey: "my-api-key",
+    domain: "adobe.com",
+    truncate: false,
+    userAgent: "my-app 1.0",
   });
+  if (data) {
+    // ...
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="breaches"></a>
 
@@ -204,31 +207,29 @@ objects (an empty array if no breaches were found), or rejects with an Error
 
 **Example**  
 ```js
-breaches()
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await breaches();
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 **Example**  
 ```js
-breaches({ domain: 'adobe.com' })
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await breaches({ domain: "adobe.com" });
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="dataClasses"></a>
 
@@ -248,30 +249,27 @@ Error
 
 **Example**  
 ```js
-dataClasses()
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await dataClasses();
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="pasteAccount"></a>
 
 ## pasteAccount(email, [options]) ⇒ <code><a href="#paste--object">Promise.&lt;Array.&lt;Paste&gt;&gt;</a></code> \| <code>Promise.&lt;null&gt;</code>
 Fetches paste data for a specific account (email address).
 
-***Warning (July 18, 2019):***
-
-`haveibeenpwned.com` now requires an API key from
+🔑 `haveibeenpwned.com` requires an API key from
 https://haveibeenpwned.com/API/Key for the `pasteaccount` endpoint. The
 `apiKey` option here is not explicitly required, but direct requests made
-without it (that is, without specifying a `baseUrl` to a proxy that inserts a
-valid API key on your behalf) will fail.
+without it will fail (unless you specify a `baseUrl` to a proxy that inserts
+a valid API key on your behalf).
 
 **Kind**: global function  
 **Returns**: <code><a href="#paste--object">Promise.&lt;Array.&lt;Paste&gt;&gt;</a></code> \| <code>Promise.&lt;null&gt;</code> - a Promise which resolves to an
@@ -282,62 +280,43 @@ Error
 | --- | --- | --- |
 | email | <code>string</code> | the email address to query |
 | [options] | <code>object</code> | a configuration object |
-| [options.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key |
+| [options.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
 | [options.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
 | [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
 
 **Example**  
 ```js
-pasteAccount('foo@bar.com', { apiKey: 'my-api-key' })
-  .then(data => {
-    if (data) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await pasteAccount("foo@bar.com", { apiKey: "my-api-key" });
+  if (data) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
-<a name="pwnedPassword"></a>
-
-## pwnedPassword(password, [options]) ⇒ <code>Promise.&lt;number&gt;</code>
-Fetches the number of times the the given password has been exposed in a
-breach (0 indicating no exposure). The password is given in plain text, but
-only the first 5 characters of its SHA-1 hash will be submitted to the API.
-
-**Kind**: global function  
-**Returns**: <code>Promise.&lt;number&gt;</code> - a Promise which resolves to the number of times
-the password has been exposed in a breach, or rejects with an Error  
-**See**: https://haveibeenpwned.com/api/v3#PwnedPasswords  
-
-| Param | Type | Description |
-| --- | --- | --- |
-| password | <code>string</code> | a password in plain text |
-| [options] | <code>object</code> | a configuration object |
-| [options.baseUrl] | <code>string</code> | a custom base URL for the pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`) |
-| [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
-
 **Example**  
 ```js
-pwnedPassword('f00b4r')
-  .then(numPwns => {
-    // truthy check or numeric condition
-    if (numPwns) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
-    // ...
+try {
+  const data = await pasteAccount("foo@bar.com", {
+    baseUrl: "https://my-hibp-proxy:8080",
   });
+  if (data) {
+    // ...
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="pwnedPasswordRange"></a>
 
 ## pwnedPasswordRange(prefix, [options]) ⇒ [<code>Promise.&lt;PwnedPasswordSuffixes&gt;</code>](#PwnedPasswordSuffixes)
-Fetches the SHA-1 hash suffixes for the given 5-character SHA-1 hash prefix.
+Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash
+prefix.
 
 When a password hash with the same first 5 characters is found in the Pwned
 Passwords repository, the API will respond with an HTTP 200 and include the
@@ -354,35 +333,74 @@ password data set, or rejects with an Error
 
 | Param | Type | Description |
 | --- | --- | --- |
-| prefix | <code>string</code> | the first 5 characters of a SHA-1 password hash (case insensitive) |
+| prefix | <code>string</code> | the first 5 characters of a password hash (case insensitive) |
 | [options] | <code>object</code> | a configuration object |
+| [options.addPadding] | <code>boolean</code> | ask the remote API to add padding to the response to obscure the password prefix (default: `false`) |
+| [options.mode] | <code>&#x27;sha1&#x27;</code> \| <code>&#x27;ntlm&#x27;</code> | return SHA-1 or NTLM hashes (default: `sha1`) |
 | [options.baseUrl] | <code>string</code> | a custom base URL for the pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`) |
 | [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
 
 **Example**  
 ```js
-pwnedPasswordRange('5BAA6')
-  .then(results => {
-    // results will have the following shape:
-    // {
-    //   "003D68EB55068C33ACE09247EE4C639306B": 3,
-    //   "012C192B2F16F82EA0EB9EF18D9D539B0DD": 1,
-    //   ...
-    // }
-  })
+try {
+  const results = await pwnedPasswordRange("5BAA6");
+  // results will have the following shape:
+  // {
+  //   "003D68EB55068C33ACE09247EE4C639306B": 3,
+  //   "012C192B2F16F82EA0EB9EF18D9D539B0DD": 1,
+  //   ...
+  // }
+} catch (err) {
+  // ...
+}
 ```
 **Example**  
 ```js
-const suffix = '1E4C9B93F3F0682250B6CF8331B7EE68FD8';
-pwnedPasswordRange('5BAA6')
-  .then(results => (results[suffix] || 0))
-  .catch(err => {
+try {
+  const suffix = "1E4C9B93F3F0682250B6CF8331B7EE68FD8";
+  const results = await pwnedPasswordRange("5BAA6");
+  const numPwns = results[suffix] || 0;
+} catch (err) {
+  // ...
+}
+```
+<a name="pwnedPassword"></a>
+
+## pwnedPassword(password, [options]) ⇒ <code>Promise.&lt;number&gt;</code>
+Fetches the number of times the the given password has been exposed in a
+breach (0 indicating no exposure). The password is given in plain text, but
+only the first 5 characters of its SHA-1 hash will be submitted to the API.
+
+**Kind**: global function  
+**Returns**: <code>Promise.&lt;number&gt;</code> - a Promise which resolves to the number of times
+the password has been exposed in a breach, or rejects with an Error  
+**See**: https://haveibeenpwned.com/api/v3#PwnedPasswords  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| password | <code>string</code> | a password in plain text |
+| [options] | <code>object</code> | a configuration object |
+| [options.addPadding] | <code>boolean</code> | ask the remote API to add padding to the response to obscure the password prefix (default: `false`) |
+| [options.baseUrl] | <code>string</code> | a custom base URL for the pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`) |
+| [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
+
+**Example**  
+```js
+try {
+  const numPwns = await pwnedPassword("f00b4r");
+  // truthy check or numeric condition
+  if (numPwns) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 <a name="search"></a>
 
-## search(account, [breachOptions]) ⇒ [<code>Promise.&lt;SearchResults&gt;</code>](#SearchResults)
+## search(account, [options]) ⇒ [<code>Promise.&lt;SearchResults&gt;</code>](#SearchResults)
 Fetches all breaches and all pastes associated with the provided account
 (email address or username). Note that the remote API does not support
 querying pastes by username (only email addresses), so in the event the
@@ -391,13 +409,11 @@ and the "pastes" field of the resulting object will always be null. This is
 exactly how searching via the current web interface behaves, which this
 convenience method is designed to mimic.
 
-***Warning (July 18, 2019):***
-
-`haveibeenpwned.com` now requires an API key from
+🔑 `haveibeenpwned.com` requires an API key from
 https://haveibeenpwned.com/API/Key for the `breachedaccount` and
-`pasteaccount` endpoints. The  `apiKey` option here is not explicitly
-required, but direct requests made without it (that is, without specifying a
-`baseUrl` to a proxy that inserts a valid API key on your behalf) will fail.
+`pasteaccount` endpoints. The `apiKey` option here is not explicitly
+required, but direct requests made without it will fail (unless you specify a
+`baseUrl` to a proxy that inserts a valid API key on your behalf).
 
 **Kind**: global function  
 **Returns**: [<code>Promise.&lt;SearchResults&gt;</code>](#SearchResults) - a Promise which resolves to an object
@@ -409,40 +425,83 @@ rejects with an Error
 | Param | Type | Description |
 | --- | --- | --- |
 | account | <code>string</code> | an email address or username |
-| [breachOptions] | <code>object</code> | a configuration object pertaining to breach queries |
-| [breachOptions.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key |
-| [breachOptions.domain] | <code>string</code> | a domain by which to filter the results (default: all domains) |
-| [breachOptions.truncate] | <code>boolean</code> | truncate the results to only include the name of each breach (default: true) |
-| [breachOptions.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
-| [breachOptions.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
+| [options] | <code>object</code> | a configuration object |
+| [options.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
+| [options.domain] | <code>string</code> | a domain by which to filter the breach results (default: all domains) |
+| [options.truncate] | <code>boolean</code> | truncate the breach results to only include the name of each breach (default: true) |
+| [options.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
+| [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
 
 **Example**  
 ```js
-search('foo', { apiKey: 'my-api-key' })
-  .then(data => {
-    if (data.breaches || data.pastes) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await search("foo", { apiKey: "my-api-key" });
+  if (data.breaches || data.pastes) {
     // ...
-  });
+  } else {
+    // ...
+  }
+} catch (err) {
+  // ...
+}
 ```
 **Example**  
 ```js
-search('nobody@nowhere.com', { apiKey: 'my-api-key', truncate: false })
-  .then(data => {
-    if (data.breaches || data.pastes) {
-      // ...
-    } else {
-      // ...
-    }
-  })
-  .catch(err => {
+try {
+  const data = await search("nobody@nowhere.com", {
+    baseUrl: "https://my-hibp-proxy:8080",
+    truncate: false,
+  });
+  if (data.breaches || data.pastes) {
+    // ...
+  } else {
     // ...
+  }
+} catch (err) {
+  // ...
+}
+```
+<a name="subscriptionStatus"></a>
+
+## subscriptionStatus([options]) ⇒ [<code>Promise.&lt;SubscriptionStatus&gt;</code>](#subscriptionstatus--object)
+Fetches the current status of your HIBP subscription (API key).
+
+🔑 `haveibeenpwned.com` requires an API key from
+https://haveibeenpwned.com/API/Key for the `subscription/status` endpoint.
+The `apiKey` option here is not explicitly required, but direct requests made
+without it will fail (unless you specify a `baseUrl` to a proxy that inserts
+a valid API key on your behalf).
+
+**Kind**: global function  
+**Returns**: [<code>Promise.&lt;SubscriptionStatus&gt;</code>](#subscriptionstatus--object) - a Promise which resolves to a
+subscription status object, or rejects with an Error  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| [options] | <code>object</code> | a configuration object |
+| [options.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
+| [options.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
+| [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
+
+**Example**  
+```js
+try {
+  const data = await subscriptionStatus({ apiKey: "my-api-key" });
+  // ...
+} catch (err) {
+  // ...
+}
+```
+**Example**  
+```js
+try {
+  const data = await subscriptionStatus({
+    baseUrl: "https://my-hibp-proxy:8080",
   });
+  // ...
+} catch (err) {
+  // ...
+}
 ```
 <a name="Breach"></a>
 
@@ -462,13 +521,15 @@ An object representing a breach.
 | ModifiedDate | <code>string</code> | 
 | PwnCount | <code>number</code> | 
 | Description | <code>string</code> | 
-| LogoPath | <code>string</code> | 
 | DataClasses | <code>Array.&lt;string&gt;</code> | 
 | IsVerified | <code>boolean</code> | 
 | IsFabricated | <code>boolean</code> | 
 | IsSensitive | <code>boolean</code> | 
 | IsRetired | <code>boolean</code> | 
 | IsSpamList | <code>boolean</code> | 
+| IsMalware | <code>boolean</code> | 
+| IsSubscriptionFree | <code>boolean</code> | 
+| LogoPath | <code>string</code> | 
 
 <a name="Paste"></a>
 
@@ -506,3 +567,19 @@ An object representing search results.
 | breaches | [<code>Array.&lt;Breach&gt;</code>](#breach--object) \| <code>null</code> | 
 | pastes | [<code>Array.&lt;Paste&gt;</code>](#Paste) \| <code>null</code> | 
 
+<a name="SubscriptionStatus"></a>
+
+## SubscriptionStatus : <code>object</code>
+An object representing the status of your HIBP subscription.
+
+**Kind**: global typedef  
+**Properties**
+
+| Name | Type |
+| --- | --- |
+| SubscriptionName | <code>string</code> | 
+| Description | <code>string</code> | 
+| SubscribedUntil | <code>string</code> | 
+| Rpm | <code>number</code> | 
+| DomainSearchMaxBreachedAccounts | <code>number</code> | 
+