npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

check-my-secrets

v0.0.9

Published

NodeJS script checking whether any of the passwords used online are compromised.

Downloads

95

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

koalyptuskoalyptus

Keywords

securitysecretssecret-managementpassword-integritypassword-safetyhaveibeenpwnedsecurity-tools

Readme

Check My Secrets

NodeJS script checking whether any of the passwords used online are compromised.

It uses the ';--have i been pwned? V3 API, specifically the GET https://api.pwnedpasswords.com/range/{first 5 hash chars} to determine if a password is compromised.

Requirements

  • Node >= v17

Getting started

  1. Clone the repo :point_up:, for example:
git clone https://github.com/koalyptus/check-my-secrets.git
  1. Install all the requirements:
npm install
  1. Run the setup command to create your global config folder and a default .env file:
npm run setup

This will create a folder at ~/.check-my-secrets and place a default .env file inside it. You can then open this .env file in your preferred text editor to customize your PWDS_KEY and PWDS_SEPARATOR.

:warning: The CLI loads configuration from the single global location: ~/.check-my-secrets/.env. If this file is not present, or if PWDS_KEY or PWDS_SEPARATOR are not defined within it, the script will fall back to the built-in defaults:

checkmysecrets.pwds
,

Input Mode Configuration

By default, passwords are entered using a hidden prompt (recommended). You can change this in your .env file:

  • PWDS_INPUT_MODE=prompt (default) - Enter passwords via hidden input with masked characters
  • PWDS_INPUT_MODE=cli - Pass passwords as visible command line arguments

Security notes:

  • PWDS_KEY is only a keyring identifier (safe to store). Do NOT store the actual encryption key or plaintext secrets in this file.
  • Restrict file permissions so only your user can read it (on Unix: chmod 600 ~/.check-my-secrets/.env).
  • On Windows, ensure the file ACL only grants access to your user account.

  1. Manage your passwords using the following commands:

    • Add a password:

      npm run secrets:add

      With default prompt mode, password input is hidden. You'll be asked to confirm before saving. Press any key to reveal, Enter to save.

    • List all stored passwords:

      npm run secrets:list

      This will display a table of your stored passwords after an interactive confirmation.

    • Delete a password:

      npm run secrets:delete

      Enter the password to delete (hidden in prompt mode). You'll see the stored password masked and confirm before deletion.

    • Check all your passwords:

      npm start

      or

      npm run secrets:check

      This command will check the integrity of all passwords stored in your keyring. Depending on your OS, a notification will pop up similar to below:

Check My Secrets notification

Development

Setup for Local Development

To use the CLI commands globally while developing, link the package locally:

npm link

This creates symlinks for all CLI commands, making them available system-wide:

  • check-my-secrets - Check all stored passwords
  • secrets-add - Add a password
  • secrets-check - Check all stored passwords
  • secrets-delete - Delete a password
  • secrets-list - List all passwords

Example:

check-my-secrets
secrets-add MyPassword123
secrets-list
secrets-delete MyPassword123

To unlink when done:

npm unlink -g check-my-secrets

Running Tests

Run all tests:

npm test

Run specific test suite:

npm test -- tests/lib/config.test.js

Test coverage:

npm run test:coverage

Code Quality

Format code:

npm run format:fix

Lint code:

npm run lint