Sigilock
Check your passwords without exposing them.
What it is
Sigilock checks how strong your passwords are and whether they have been breached, without ever sending them anywhere. It combines local entropy and reuse analysis with the HIBP k-anonymity pattern: the SHA-1 hash is split into prefix and suffix, only the prefix is queried, and the suffix is matched on-device. It is a from-scratch, dependency-light build covered by 19 tested assertions that you can download and run locally.
Local entropy + reuse analysis plus the HIBP k-anonymity pattern: SHA-1 split into prefix/suffix, the suffix matched on-device. 19 tested assertions.
What's inside
The full source, the tests, and CI. Open it, read it, change it. A zero-dependency core, free, in the MIT spirit.
Run it after unzip
pnpm install && pnpm dev