fix: merge consumer-provided options with defaults (#424)

Author: wKovacs64

.bundlewatch.config.json

@@ -3,7 +3,7 @@
     {
       "//": "Pre-bundled for Browser (UMD)",
       "path": "dist/browser/hibp.umd.js",
-      "maxSize": "8.9 kB"
+      "maxSize": "9 kB"
     },
     {
       "//": "Pre-bundled for Browser (ESM)",

.changeset/light-apricots-develop.md

@@ -0,0 +1,5 @@
+---
+'hibp': patch
+---
+
+Properly merge consumer-provided options with internal defaults.

API.md

@@ -42,7 +42,7 @@ response and returns a more structured format.</p>
 breach (0 indicating no exposure). The password is given in plain text, but
 only the first 5 characters of its SHA-1 hash will be submitted to the API.</p>
 </dd>
-<dt><a href="#search">search(account, [breachOptions])</a> ⇒ <code><a href="#SearchResults">Promise.&lt;SearchResults&gt;</a></code></dt>
+<dt><a href="#search">search(account, [options])</a> ⇒ <code><a href="#SearchResults">Promise.&lt;SearchResults&gt;</a></code></dt>
 <dd><p>Fetches all breaches and all pastes associated with the provided account
 (email address or username). Note that the remote API does not support
 querying pastes by username (only email addresses), so in the event the
@@ -381,7 +381,7 @@ try {
 ```
 <a name="search"></a>
 
-## search(account, [breachOptions]) ⇒ [<code>Promise.&lt;SearchResults&gt;</code>](#SearchResults)
+## search(account, [options]) ⇒ [<code>Promise.&lt;SearchResults&gt;</code>](#SearchResults)
 Fetches all breaches and all pastes associated with the provided account
 (email address or username). Note that the remote API does not support
 querying pastes by username (only email addresses), so in the event the
@@ -408,12 +408,12 @@ rejects with an Error
 | Param | Type | Description |
 | --- | --- | --- |
 | account | <code>string</code> | an email address or username |
-| [breachOptions] | <code>object</code> | a configuration object pertaining to breach queries |
-| [breachOptions.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key |
-| [breachOptions.domain] | <code>string</code> | a domain by which to filter the results (default: all domains) |
-| [breachOptions.truncate] | <code>boolean</code> | truncate the results to only include the name of each breach (default: true) |
-| [breachOptions.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
-| [breachOptions.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
+| [options] | <code>object</code> | a configuration object |
+| [options.apiKey] | <code>string</code> | an API key from https://haveibeenpwned.com/API/Key |
+| [options.domain] | <code>string</code> | a domain by which to filter the breach results (default: all domains) |
+| [options.truncate] | <code>boolean</code> | truncate the breach results to only include the name of each breach (default: true) |
+| [options.baseUrl] | <code>string</code> | a custom base URL for the haveibeenpwned.com API endpoints (default: `https://haveibeenpwned.com/api/v3`) |
+| [options.userAgent] | <code>string</code> | a custom string to send as the User-Agent field in the request headers (default: `hibp <version>`) |
 
 **Example**  
 ```js

src/api/haveibeenpwned/fetch-from-api.ts

@@ -69,12 +69,17 @@ function blockedWithRayId(rayId: string) {
  */
 export async function fetchFromApi(
   endpoint: string,
-  {
+  options: {
+    apiKey?: string;
+    baseUrl?: string;
+    userAgent?: string;
+  } = {},
+): Promise<ApiData> {
+  const {
     apiKey,
     baseUrl = 'https://haveibeenpwned.com/api/v3',
     userAgent,
-  }: { apiKey?: string; baseUrl?: string; userAgent?: string } = {},
-): Promise<ApiData> {
+  } = options;
   const headers: Record<string, string> = {};
 
   if (apiKey) {

src/api/pwnedpasswords/fetch-from-api.ts

@@ -24,18 +24,20 @@ import { BAD_REQUEST } from './responses.js';
  */
 export async function fetchFromApi(
   endpoint: string,
-  {
-    baseUrl = 'https://api.pwnedpasswords.com',
-    userAgent,
-    addPadding = false,
-    mode = 'sha1',
-  }: {
+  options: {
     baseUrl?: string;
     userAgent?: string;
     addPadding?: boolean;
     mode?: 'sha1' | 'ntlm';
   } = {},
 ): Promise<string> {
+  const {
+    baseUrl = 'https://api.pwnedpasswords.com',
+    userAgent,
+    addPadding = false,
+    mode = 'sha1',
+  } = options;
+
   const config = Object.assign(
     {},
     userAgent ? { headers: { 'User-Agent': userAgent } } : {},

src/breach.ts

@@ -51,7 +51,10 @@ import { fetchFromApi } from './api/haveibeenpwned/fetch-from-api.js';
  */
 export function breach(
   breachName: string,
-  options: { baseUrl?: string; userAgent?: string } = {},
+  options: {
+    baseUrl?: string;
+    userAgent?: string;
+  } = {},
 ): Promise<Breach | null> {
   return fetchFromApi(
     `/breach/${encodeURIComponent(breachName)}`,

src/breached-account.ts

@@ -81,25 +81,34 @@ export function breachedAccount(
     truncate?: boolean;
     baseUrl?: string;
     userAgent?: string;
-  } = {
-    includeUnverified: true,
-    truncate: true,
-  },
+  } = {},
 ): Promise<Breach[] | null> {
+  const {
+    apiKey,
+    domain,
+    includeUnverified = true,
+    truncate = true,
+    baseUrl,
+    userAgent,
+  } = options;
   const endpoint = `/breachedaccount/${encodeURIComponent(account)}?`;
   const params: string[] = [];
-  if (options.domain) {
-    params.push(`domain=${encodeURIComponent(options.domain)}`);
+
+  if (domain) {
+    params.push(`domain=${encodeURIComponent(domain)}`);
   }
-  if (options.includeUnverified === false) {
+
+  if (!includeUnverified) {
     params.push('includeUnverified=false');
   }
-  if (options.truncate === false) {
+
+  if (!truncate) {
     params.push('truncateResponse=false');
   }
+
   return fetchFromApi(`${endpoint}${params.join('&')}`, {
-    apiKey: options.apiKey,
-    baseUrl: options.baseUrl,
-    userAgent: options.userAgent,
+    apiKey,
+    baseUrl,
+    userAgent,
   }) as Promise<Breach[] | null>;
 }

src/breaches.ts

@@ -44,13 +44,16 @@ export function breaches(
     userAgent?: string;
   } = {},
 ): Promise<Breach[]> {
+  const { domain, baseUrl, userAgent } = options;
   const endpoint = '/breaches?';
   const params: string[] = [];
-  if (options.domain) {
-    params.push(`domain=${encodeURIComponent(options.domain)}`);
+
+  if (domain) {
+    params.push(`domain=${encodeURIComponent(domain)}`);
   }
+
   return fetchFromApi(`${endpoint}${params.join('&')}`, {
-    baseUrl: options.baseUrl,
-    userAgent: options.userAgent,
+    baseUrl,
+    userAgent,
   }) as Promise<Breach[]>;
 }

src/data-classes.ts

@@ -25,7 +25,10 @@ import { fetchFromApi } from './api/haveibeenpwned/fetch-from-api.js';
  * }
  */
 export function dataClasses(
-  options: { baseUrl?: string; userAgent?: string } = {},
+  options: {
+    baseUrl?: string;
+    userAgent?: string;
+  } = {},
 ): Promise<string[] | null> {
   return fetchFromApi('/dataclasses', options) as Promise<string[] | null>;
 }

src/paste-account.ts

@@ -49,11 +49,14 @@ import { fetchFromApi } from './api/haveibeenpwned/fetch-from-api.js';
  */
 export function pasteAccount(
   email: string,
-  options: { apiKey?: string; baseUrl?: string; userAgent?: string } = {},
+  options: {
+    apiKey?: string;
+    baseUrl?: string;
+    userAgent?: string;
+  } = {},
 ): Promise<Paste[] | null> {
-  return fetchFromApi(`/pasteaccount/${encodeURIComponent(email)}`, {
-    apiKey: options.apiKey,
-    baseUrl: options.baseUrl,
-    userAgent: options.userAgent,
-  }) as Promise<Paste[] | null>;
+  return fetchFromApi(
+    `/pasteaccount/${encodeURIComponent(email)}`,
+    options,
+  ) as Promise<Paste[] | null>;
 }