Promise.<Breach> | Promise.<null>Fetches data for a specific breach event.
Promise.<Array.<Breach>> | Promise.<null>Fetches breach data for a specific account.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the breachedaccount endpoint. The
apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<BreachedDomainsByEmailAlias> | Promise.<null>Fetches all breached email addresses for a domain.
The result maps email aliases (the local-part before the '@') to an array of
breach names. For example, querying example.com could return an object like
{ "john": ["Adobe"], "jane": ["Adobe", "Gawker"] }, corresponding to
john@example.com and jane@example.com.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the breacheddomain endpoint. The
apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<Array.<Breach>>Fetches all breach events in the system.
Promise.<Array.<string>> | Promise.<null>Fetches all data classes in the system.
Promise.<Breach> | Promise.<null>Fetches the most recently added breach.
Promise.<Array.<Paste>> | Promise.<null>Fetches paste data for a specific account (email address).
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the pasteaccount endpoint. The
apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<PwnedPasswordSuffixes>Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash prefix.
When a password hash with the same first 5 characters is found in the Pwned Passwords repository, the API will respond with an HTTP 200 and include the suffix of every hash beginning with the specified prefix, followed by a count of how many times it appears in the data set. This function parses the response and returns a more structured format.
Promise.<number>Fetches the number of times the the given password has been exposed in a breach (0 indicating no exposure). The password is given in plain text, but only the first 5 characters of its SHA-1 hash will be submitted to the API.
Promise.<SearchResults>Fetches all breaches and all pastes associated with the provided account (email address or username). Note that the remote API does not support querying pastes by username (only email addresses), so in the event the provided account is not a valid email address, only breach data is queried and the "pastes" field of the resulting object will always be null. This is exactly how searching via the current web interface behaves, which this convenience method is designed to mimic.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the breachedaccount and
pasteaccount endpoints. The apiKey option here is not explicitly
required, but direct requests made without it will fail (unless you specify a
baseUrl to a proxy that inserts a valid API key on your behalf).
Promise.<StealerLogDomainsByEmailAlias> | Promise.<null>Fetches all stealer log email aliases for an email domain.
The result maps email aliases (the local-part before the '@') to an array of
email domains found in stealer logs. For example, querying example.com
could return an object like { "andy": ["netflix.com"], "jane": ["netflix.com", "spotify.com"] }, corresponding to andy@example.com and jane@example.com.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the stealerlogsbyemaildomain endpoint.
The apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<Array.<string>> | Promise.<null>Fetches all stealer log domains for an email address.
Returns an array of domains for which stealer logs contain entries for the supplied email address.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the stealerlogsbyemail endpoint. The
apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<Array.<string>> | Promise.<null>Fetches all stealer log email addresses for a website domain.
The result is an array of strings representing email addresses found in stealer logs for the specified website domain (e.g., "example.com").
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the stealerlogsbywebsitedomain
endpoint. The apiKey option here is not explicitly required, but direct
requests made without it will fail (unless you specify a baseUrl to a proxy
that inserts a valid API key on your behalf).
Promise.<Array.<SubscribedDomain>>Fetches all subscribed domains for your HIBP account.
Returns domains that have been successfully added to the Domain Search dashboard after verifying control. Each domain includes metadata about breach counts and the next renewal date, where available.
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the subscribeddomains endpoint. The
apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
Promise.<SubscriptionStatus>Fetches the current status of your HIBP subscription (API key).
🔑 haveibeenpwned.com requires an API key from
https://haveibeenpwned.com/API/Key for the subscription/status endpoint.
The apiKey option here is not explicitly required, but direct requests made
without it will fail (unless you specify a baseUrl to a proxy that inserts
a valid API key on your behalf).
objectAn object representing a breach.
Object.<string, Array.<string>>An object mapping an email alias (local-part before the '@') to the list of breach names that alias has appeared in for the specified domain.
objectAn object representing a paste.
Object.<string, number>An object mapping an exposed password hash suffix (corresponding to a given hash prefix) to how many times it occurred in the Pwned Passwords repository.
objectAn object representing search results.
Object.<string, Array.<string>>An object mapping an email alias (local-part before the '@') to the list of email domains that alias has appeared in within stealer logs for the specified email domain.
objectAn object representing a subscribed domain.
objectAn object representing the status of your HIBP subscription.
Promise.<Breach>](#breach--object) \| Promise.<null>
Fetches data for a specific breach event.
**Kind**: global function
**Returns**: [Promise.<Breach>](#breach--object) \| Promise.<null> - a Promise which resolves to an
object representing a breach (or null if no breach was found), or rejects
with an Error
| Param | Type | Description |
| --- | --- | --- |
| breachName | string | the name of a breach in the system |
| [options] | object | a configuration object |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<Breach>> \| Promise.<null>
Fetches breach data for a specific account.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `breachedaccount` endpoint. The
`apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: Promise.<Array.<Breach>> \| Promise.<null> - a Promise which resolves to an
array of breach objects (or null if no breaches were found), or rejects with
an Error
| Param | Type | Description |
| --- | --- | --- |
| account | string | a username or email address |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.domain] | string | a domain by which to filter the results (default: all domains) |
| [options.includeUnverified] | boolean | include "unverified" breaches in the results (default: true) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.truncate] | boolean | truncate the results to only include the name of each breach (default: true) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<BreachedDomainsByEmailAlias>](#breach--objectedDomainsByEmailAlias) \| Promise.<null>
Fetches all breached email addresses for a domain.
The result maps email aliases (the local-part before the '@') to an array of
breach names. For example, querying `example.com` could return an object like
`{ "john": ["Adobe"], "jane": ["Adobe", "Gawker"] }`, corresponding to
`john@example.com` and `jane@example.com`.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `breacheddomain` endpoint. The
`apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: [Promise.<BreachedDomainsByEmailAlias>](#breach--objectedDomainsByEmailAlias) \| Promise.<null> - a Promise which
resolves to an object mapping aliases to breach name arrays (or null if no
results were found), or rejects with an Error
| Param | Type | Description |
| --- | --- | --- |
| domain | string | the domain to query (e.g., "example.com") |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<Breach>>
Fetches all breach events in the system.
**Kind**: global function
**Returns**: Promise.<Array.<Breach>> - a Promise which resolves to an array of breach
objects (an empty array if no breaches were found), or rejects with an Error
| Param | Type | Description |
| --- | --- | --- |
| [options] | object | a configuration object |
| [options.domain] | string | a domain by which to filter the results (default: all domains) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<string>> \| Promise.<null>
Fetches all data classes in the system.
**Kind**: global function
**Returns**: Promise.<Array.<string>> \| Promise.<null> - a Promise which resolves to an
array of strings (or null if no data classes were found), or rejects with an
Error
| Param | Type | Description |
| --- | --- | --- |
| [options] | object | a configuration object |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Breach>](#breach--object) \| Promise.<null>
Fetches the most recently added breach.
**Kind**: global function
**Returns**: [Promise.<Breach>](#breach--object) \| Promise.<null> - a Promise which resolves to an
object representing a breach (or null if no breach was found), or rejects
with an Error
| Param | Type | Description |
| --- | --- | --- |
| [options] | object | a configuration object |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<Paste>> \| Promise.<null>
Fetches paste data for a specific account (email address).
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `pasteaccount` endpoint. The
`apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: Promise.<Array.<Paste>> \| Promise.<null> - a Promise which resolves to an
array of paste objects (or null if no pastes were found), or rejects with an
Error
| Param | Type | Description |
| --- | --- | --- |
| email | string | the email address to query |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<PwnedPasswordSuffixes>](#PwnedPasswordSuffixes)
Fetches the SHA-1 or NTLM hash suffixes for the given 5-character hash
prefix.
When a password hash with the same first 5 characters is found in the Pwned
Passwords repository, the API will respond with an HTTP 200 and include the
suffix of every hash beginning with the specified prefix, followed by a count
of how many times it appears in the data set. This function parses the
response and returns a more structured format.
**Kind**: global function
**Returns**: [Promise.<PwnedPasswordSuffixes>](#PwnedPasswordSuffixes) - a Promise which resolves to an
object mapping the `suffix` that when matched with the prefix composes the
complete hash, to the `count` of how many times it appears in the breached
password data set, or rejects with an Error
**See**: https://haveibeenpwned.com/api/v3#SearchingPwnedPasswordsByRange
| Param | Type | Description |
| --- | --- | --- |
| prefix | string | the first 5 characters of a password hash (case insensitive) |
| [options] | object | a configuration object |
| [options.addPadding] | boolean | ask the remote API to add padding to the response to obscure the password prefix (default: `false`) |
| [options.mode] | 'sha1' \| 'ntlm' | return SHA-1 or NTLM hashes (default: `sha1`) |
| [options.baseUrl] | string | a custom base URL for the pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<number>
Fetches the number of times the the given password has been exposed in a
breach (0 indicating no exposure). The password is given in plain text, but
only the first 5 characters of its SHA-1 hash will be submitted to the API.
**Kind**: global function
**Returns**: Promise.<number> - a Promise which resolves to the number of times
the password has been exposed in a breach, or rejects with an Error
**See**: https://haveibeenpwned.com/api/v3#PwnedPasswords
| Param | Type | Description |
| --- | --- | --- |
| password | string | a password in plain text |
| [options] | object | a configuration object |
| [options.addPadding] | boolean | ask the remote API to add padding to the response to obscure the password prefix (default: `false`) |
| [options.baseUrl] | string | a custom base URL for the pwnedpasswords.com API endpoints (default: `https://api.pwnedpasswords.com`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<SearchResults>](#SearchResults)
Fetches all breaches and all pastes associated with the provided account
(email address or username). Note that the remote API does not support
querying pastes by username (only email addresses), so in the event the
provided account is not a valid email address, only breach data is queried
and the "pastes" field of the resulting object will always be null. This is
exactly how searching via the current web interface behaves, which this
convenience method is designed to mimic.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `breachedaccount` and
`pasteaccount` endpoints. The `apiKey` option here is not explicitly
required, but direct requests made without it will fail (unless you specify a
`baseUrl` to a proxy that inserts a valid API key on your behalf).
**Kind**: global function
**Returns**: [Promise.<SearchResults>](#SearchResults) - a Promise which resolves to an object
containing a "breaches" key (which can be null or an array of breach objects)
and a "pastes" key (which can be null or an array of paste objects), or
rejects with an Error
**See**: https://haveibeenpwned.com/
| Param | Type | Description |
| --- | --- | --- |
| account | string | an email address or username |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.domain] | string | a domain by which to filter the breach results (default: all domains) |
| [options.truncate] | boolean | truncate the breach results to only include the name of each breach (default: true) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<StealerLogDomainsByEmailAlias>](#StealerLogDomainsByEmailAlias) \| Promise.<null>
Fetches all stealer log email aliases for an email domain.
The result maps email aliases (the local-part before the '@') to an array of
email domains found in stealer logs. For example, querying `example.com`
could return an object like `{ "andy": ["netflix.com"], "jane": ["netflix.com",
"spotify.com"] }`, corresponding to `andy@example.com` and `jane@example.com`.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `stealerlogsbyemaildomain` endpoint.
The `apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: [Promise.<StealerLogDomainsByEmailAlias>](#StealerLogDomainsByEmailAlias) \| Promise.<null> - a Promise
which resolves to an object mapping aliases to stealer log email domain arrays
(or null if no results were found), or rejects with an Error
| Param | Type | Description |
| --- | --- | --- |
| emailDomain | string | the email domain to query (e.g., "example.com") |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<string>> \| Promise.<null>
Fetches all stealer log domains for an email address.
Returns an array of domains for which stealer logs contain entries for the
supplied email address.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `stealerlogsbyemail` endpoint. The
`apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: Promise.<Array.<string>> \| Promise.<null> - a Promise which resolves to an
array of domain strings (or null if none were found), or rejects with an
Error
| Param | Type | Description |
| --- | --- | --- |
| emailAddress | string | the email address to query |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<string>> \| Promise.<null>
Fetches all stealer log email addresses for a website domain.
The result is an array of strings representing email addresses found in
stealer logs for the specified website domain (e.g., "example.com").
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `stealerlogsbywebsitedomain`
endpoint. The `apiKey` option here is not explicitly required, but direct
requests made without it will fail (unless you specify a `baseUrl` to a proxy
that inserts a valid API key on your behalf).
**Kind**: global function
**Returns**: Promise.<Array.<string>> \| Promise.<null> - a Promise which resolves to an
array of email addresses (or null if no results were found), or rejects with
an Error
| Param | Type | Description |
| --- | --- | --- |
| websiteDomain | string | the website domain to query (e.g., "example.com") |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<Array.<SubscribedDomain>>
Fetches all subscribed domains for your HIBP account.
Returns domains that have been successfully added to the Domain Search dashboard
after verifying control. Each domain includes metadata about breach counts and
the next renewal date, where available.
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `subscribeddomains` endpoint. The
`apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: Promise.<Array.<SubscribedDomain>> - a Promise which resolves to an array of
subscribed domain objects (an empty array if none), or rejects with an Error
| Param | Type | Description |
| --- | --- | --- |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp Promise.<SubscriptionStatus>](#subscriptionstatus--object)
Fetches the current status of your HIBP subscription (API key).
🔑 `haveibeenpwned.com` requires an API key from
https://haveibeenpwned.com/API/Key for the `subscription/status` endpoint.
The `apiKey` option here is not explicitly required, but direct requests made
without it will fail (unless you specify a `baseUrl` to a proxy that inserts
a valid API key on your behalf).
**Kind**: global function
**Returns**: [Promise.<SubscriptionStatus>](#subscriptionstatus--object) - a Promise which resolves to a
subscription status object, or rejects with an Error
| Param | Type | Description |
| --- | --- | --- |
| [options] | object | a configuration object |
| [options.apiKey] | string | an API key from https://haveibeenpwned.com/API/Key (default: undefined) |
| [options.baseUrl] | string | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
| [options.timeoutMs] | number | timeout for the request in milliseconds (default: none) |
| [options.signal] | AbortSignal | an AbortSignal to cancel the request (default: none) |
| [options.userAgent] | string | a custom string to send as the User-Agent field in the request headers (default: `hibp object
An object representing a breach.
**Kind**: global typedef
**Properties**
| Name | Type |
| --- | --- |
| Name | string |
| Title | string |
| Domain | string |
| BreachDate | string |
| AddedDate | string |
| ModifiedDate | string |
| PwnCount | number |
| Description | string |
| DataClasses | Array.<string> |
| IsVerified | boolean |
| IsFabricated | boolean |
| IsSensitive | boolean |
| IsRetired | boolean |
| IsSpamList | boolean |
| IsMalware | boolean |
| IsSubscriptionFree | boolean |
| LogoPath | string |
## BreachedDomainsByEmailAlias : Object.<string, Array.<string>>
An object mapping an email alias (local-part before the '@') to the list of
breach names that alias has appeared in for the specified domain.
**Kind**: global typedef
## Paste : object
An object representing a paste.
**Kind**: global typedef
**Properties**
| Name | Type |
| --- | --- |
| Id | string |
| Source | string |
| Title | string |
| Date | string |
| EmailCount | number |
## PwnedPasswordSuffixes : Object.<string, number>
An object mapping an exposed password hash suffix (corresponding to a given
hash prefix) to how many times it occurred in the Pwned Passwords repository.
**Kind**: global typedef
## SearchResults : object
An object representing search results.
**Kind**: global typedef
**Properties**
| Name | Type |
| --- | --- |
| breaches | [Array.<Breach>](#breach--object) \| null |
| pastes | [Array.<Paste>](#Paste) \| null |
## StealerLogDomainsByEmailAlias : Object.<string, Array.<string>>
An object mapping an email alias (local-part before the '@') to the list of
email domains that alias has appeared in within stealer logs for the specified
email domain.
**Kind**: global typedef
## SubscribedDomain : object
An object representing a subscribed domain.
**Kind**: global typedef
**Properties**
| Name | Type | Description |
| --- | --- | --- |
| DomainName | string | the fully qualified domain name |
| PwnCount | number \| null | total breached addresses at last search |
| PwnCountExcludingSpamLists | number \| null | breached addresses excluding spam lists at last search |
| PwnCountExcludingSpamListsAtLastSubscriptionRenewal | number \| null | breached addresses excluding spam lists at the time of last subscription renewal |
| NextSubscriptionRenewal | string \| null | ISO 8601 datetime when the current subscription ends |
## SubscriptionStatus : object
An object representing the status of your HIBP subscription.
**Kind**: global typedef
**Properties**
| Name | Type |
| --- | --- |
| SubscriptionName | string |
| Description | string |
| SubscribedUntil | string |
| Rpm | number |
| DomainSearchMaxBreachedAccounts | number |
| IncludesStealerLogs | boolean |