wKovacs64/pwned

Unexpected token 'Y'

ru44 opened this issue · 11 comments

ru44 commented

I believe there is issue in pwned tool

e.g. pwned ba loka@gmail.com

Unexpected token 'Y', "your reque"... is not valid JSON

is it only me?

I haven't paid for an API key so I can't test the ba command while authenticated, but seems to do what it's supposed to do while unauthenticated and the other commands that don't require an API key are all working.

What version of pwned?
What version of Node.js?
What operating system?

ru44 commented

OS: blackarch
Node: v18.17.1
pwned: 2221.f3df0eb

2221.f3df0eb

That's not a valid version of pwned (latest published is 11.0.0), but that partial commit hash does match a commit from a few days ago so I'm guessing you're using a custom version built from source or something similar.

Do you get any different results running the distributed version via npx?

npx pwned ba loka@gmail.com

What about commands that don't require a paid API key like:

pwned pw password
ru44 commented

yea even when I run

npx pwned ba loka@gmail.com

getting the same but the free

npx pwned pw admin

its working fine

Try hitting the API directly with curl like so (replacing [YOUR_API_KEY] with your actual key):

curl --header "HIBP-API-Key: [YOUR_API_KEY]" -i https://haveibeenpwned.com/api/v3/breachedaccount/loka%40gmail.com

Then tell me whatever you can about the results without revealing anything you consider private information.

@ru44 I had to renew my API key to implement some new features in another project and I was able to retrieve your breached account information just fine.

ru44 commented

I see but still not working because when I run npx pwned ba loka@gamil.com
I get
image

Not sure what that could be other than something unusual on your end. Did you try the curl command to see if you get a reasonable response from the HIBP API directly?

ru44 commented

no not really how do I do that?

no not really how do I do that?

#239 (comment)

@ru44 I was just able to successfully use pwned to look up your account in blackarch, so I'm going to close this as I don't see anything indicating it's a problem with the tool. Feel free to try the curl command I mentioned above, as it may reveal the next troubleshooting step.

Good luck!