v15.0.1

Patch Changes

• #510 879fe9f Thanks @wKovacs64! - Export the API data model types that were missing in v15.0.0.

v15.0.0

Major Changes

• #509 e8d4986 Thanks @wKovacs64! - Drop support for Node 18 and remove the CommonJS and UMD builds:

  • Drop support for Node.js 18 as it is end-of-life, making the new minimum Node.js runtime v20.19.0. Please upgrade your Node.js environment if necessary, or continue using a previous release if you are unable to upgrade your environment.

    • This also allowed us to drop the fetch polyfill that was only necessary in Node 18, which reduced the bundle size by approximately 33%! 📉 The library now officially has zero dependencies. 🎉

  • Remove the CommonJS build since you can now require() ESM as of Node v20.19.0. Consumers in a CommonJS environment should still be able to use the library as before (given the appropriate Node.js version).

  • Remove the UMD build as all modern browsers support importing ESM via <script type="module"> tags. See the "Using in the browser" section of the README for more details.

Minor Changes

• #506 56fdf38 Thanks @wKovacs64! - Drop JSSHA dependency in favor of a native Web Crypto API SHA-1 hashing implementation. This change reduces the size of the library by approximately 30%! 📉

v14.1.3

Patch Changes

• #502 e810e6b Thanks @dependabot! - Update undici to v6.21.1 (only matters on Node v18).

v14.1.2

Patch Changes

• #479 f212d87 Thanks @wKovacs64! - Fix error handling for 401 Unauthorized API responses. The haveibeenpwned.com API (v3) changed its response type from a JSON body to text.

v14.1.1

Patch Changes

• #464 1dd6547 Thanks @wKovacs64! - Fix consumption from Next.js client components.

v14.1.0

Minor Changes

• #462 b6076f2 Thanks @wKovacs64! - Add the timeoutMs option to all modules, allowing the consumer to specify a timeout for the underlying network request (in milliseconds). Requests that take longer than the specified timeout period will throw/reject. There is no default timeout, as fetch itself has no timeout by default and providing one would be arbitrary, unexpected, and a breaking change.

• #458 0a82b8d Thanks @wKovacs64! - Only polyfill global fetch on Node.js v18, and use undici instead of @remix-run/web-fetch. This also enables use of hibp in web workers and extension background threads.

Patch Changes

• #461 aa90167 Thanks @wKovacs64! - Fix a bug in pwnedPassword and pwnedPasswordRange modules where the addPadding and userAgent options could not be used simultaneously.

v14.0.3

Patch Changes

• #438 3da8b89 Thanks @wKovacs64! - Restore missing TypeScript declarations that were forgotten in v14.0.2 (PR #436).

v14.0.2

Patch Changes

• #436 961d6e0 Thanks @wKovacs64! - Fix CommonJS exports that broke in v14.0.0.

  CommonJS consumers were getting an ERR_REQUIRE_ESM error as of v14.0.0 due to changing the project source to ESM in PR #420. This change resolves that by publishing the CommonJS files in dist/cjs with a .cjs file extension and the ESM files in dist/esm with the .js file extension.

v14.0.1

Patch Changes

• #428 4a69884 Thanks @wKovacs64! - Add descriptions to each config option for a better IDE experience.

v14.0.0

Major Changes

• #410 2643a0c Thanks @wKovacs64! - Drop support for Node.js 16 as it is end-of-life, making the new minimum Node.js runtime v18.0.0. Please upgrade your Node.js environment if necessary, or continue using a previous release if you are unable to upgrade your environment.

Minor Changes

• #425 cee2364 Thanks @wKovacs64! - Add a new subscriptionStatus module for retrieving the current subscription status of your HIBP API key. See https://haveibeenpwned.com/API/v3#SubscriptionStatus for more information.

• #426 5ff6e28 Thanks @wKovacs64! - Refresh the project logo.

• #422 be78f73 Thanks @wKovacs64! - Add mode option to the pwnedPasswordRange module to enable support for returning NTLM suffixes.

• #421 174ede4 Thanks @wKovacs64! - Add addPadding option to pwnedPassword and pwnedPasswordRange modules. See https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/ for more information.

Patch Changes

• #427 173a615 Thanks @wKovacs64! - Fix the subscriptionStatus implementation from PR #425 so that it supports a proxy that inserts the HIBP-API-Key header (via the baseUrl option) in the case where the consumer doesn't have direct access to the API key.

• #424 a512452 Thanks @wKovacs64! - Properly merge consumer-provided options with internal defaults.

• #419 799669b Thanks @wKovacs64! - Update the Breach model to include the IsMalware and IsSubscriptionFree fields.