Estimate strength of users' new password input with zxcvbn, and query haveibeenpwned for matches against known hacked accounts



First things first - the goods:

This worker handles your users’ password input directly, so please read the source before deploying! src/index.js is only 147 lines of very heavily commented code.

Simply change the env file, and deploy - nice and easy. Detailed instructions and some config options are documented in

Libs are bundled up with the sauce via webpack, so you will need NodeJS installed in order to deploy.

For context, here’s an example of how I use this client-side in my own application:

Many thank-you’s to Cloudflare and @troyhunt for freely providing the haveibeenpwned API The maintainers of zxcvbn at DropBox are also a strapping lot.


Simple Cloudflare Worker with built-in Routing