ByteDev.PwnedPasswords 2.0.1

There is a newer version of this package available.
See the version list below for details.
Install-Package ByteDev.PwnedPasswords -Version 2.0.1
dotnet add package ByteDev.PwnedPasswords --version 2.0.1
<PackageReference Include="ByteDev.PwnedPasswords" Version="2.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add ByteDev.PwnedPasswords --version 2.0.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: ByteDev.PwnedPasswords, 2.0.1"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install ByteDev.PwnedPasswords as a Cake Addin
#addin nuget:?package=ByteDev.PwnedPasswords&version=2.0.1

// Install ByteDev.PwnedPasswords as a Cake Tool
#tool nuget:?package=ByteDev.PwnedPasswords&version=2.0.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.


Provides client functionality to talk to Troy Hunt's Pwnedpasswords API and check whether a particular password has been pwned and if so how many occurrences there have been.


ByteDev.PwnedPasswords has been written as a .NET Standard 2.0 library, so you can consume it from a .NET Core or .NET Framework 4.6.1 (or greater) application.

ByteDev.PwnedPasswords is hosted as a package on To install from the Package Manager Console in Visual Studio run:

Install-Package ByteDev.PwnedPasswords

Further details can be found on the nuget page.


The repo can be cloned from git bash:

git clone

Unit tests and integration tests are also provided in the solution.


The PwnedPasswordsClient class has two public methods:

  • GetHasBeenPwnedAsync(string password)
  • GetHasBeenPwnedAsync(string password, CancellationToken cancellationToken)

This methods will return a PwnedPasswordResponse object containing details of whether the password has been pwned and a count of how many times.

If the PwnedPasswordsClient class has any problems getting the details for a password it will throw an PwnedPasswordsClientException.


var client = new PwnedPasswordsClient(new HttpClient());

var result = await client.GetHasBeenPwnedAsync("Password1");

Console.WriteLine($"Has Password been pwned: {result.IsPwned}");
Console.WriteLine($"Password has been pwned {result.Count} times.");

Version 2.0 changes

A number of breaking changes were made from version 1.1. to 2.0:

  • PwnedPasswordsClient now takes a simple string for the password (as the API only takes a hash of the password theres no need for the consumer to supply a HashedPassword object)
  • IPwnedPasswordsClient interface now provided
  • PwnedPasswordsClient needs to be provided with an implementation of HttpClient on construction
  • PwnedPasswordsClient.GetHasBeenPwnedAsync method now takes optional CancellationToken

Further information

See the following for more general information:

See the following to changes to the API to only support partial hash (range) only searches:

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.3 1,389 7/24/2020
2.0.2 249 7/2/2020
2.0.1 540 12/2/2019
2.0.0 369 6/30/2019
1.1.0 764 4/30/2018
1.0.1 684 4/9/2018