We built XposedOrNot to answer one question: has your email or password shown up in a data breach? Over time, it grew into a full platform with breach monitoring, alerts, and privacy tools, all backed by a community that cares about security awareness.
A couple of months ago, we shipped our first SDK packages on npm and PyPI. The response from developers was great, but we kept hearing the same thing: “Do you have one for Go?” or “We need this in Java.”
So we built six more. Because if you’re writing code that deals with user accounts, you should be able to check for breaches without switching languages or writing raw HTTP calls.
Why eight languages? Since we launched the npm and PyPI SDKs, developers have been using them to build breach alerts into signup forms, internal security dashboards, and compliance audit tools. But not everyone works in JavaScript or Python.
We heard from teams writing backend services in Go and Java, security tools in Rust, web apps in PHP and Ruby, and enterprise systems in C#. So we built SDKs for all of them. Same API, same features, same patterns: just pick your language and go.
Get Started in One Line:
Language | Install |
JavaScript | npm install xposedornot |
Python | pip install xposedornot |
Go | go get github.com/XposedOrNot/XposedOrNot-Go |
Ruby | gem install xposedornot |
PHP | composer require xposedornot/xposedornot-php |
Rust | cargo add xposedornot |
C# / .NET | dotnet add package XposedOrNot |
Java | implementation(“com.xposedornot:xposedornot:1.0.0”) |
What's new in these six?
All six new SDKs include everything from the original two, plus a couple of additions. Password exposure checking is built into every new SDK.
Your password gets hashed on your machine using Keccak-512 algorithm. We only send a tiny prefix of that hash to the API. The real password? It never goes anywhere. We also baked in xonPlus API support from the start. Just pass your API key when you set up the client, and you’ll get back detailed breach records instead of just names.
Same four endpoints, same error handling, same retry logic across all eight libraries.
Where to Find Everything
Language | GitHub | Package Registry |
JavaScript | ||
Python | ||
Go | ||
Ruby | ||
PHP | ||
Rust | ||
C# / .NET | ||
Java | https://central.sonatype.com/artifact/com.xposedornot/xposedornot |
Quick Start:
JavaScript
import { XposedOrNot } from ‘xposedornot’;
const xon = new XposedOrNot();
const result = await xon.checkEmail(‘test@example.com’);
console.log(result.breaches);
Python
from xposedornot import XposedOrNot
xon = XposedOrNot()
result = xon.check_email(“test@example.com”)
print(result.breaches)
Go
client, _ := xon.NewClient()
free, _, _ := client.CheckEmail(context.Background(), “test@example.com”)
fmt.Println(free.Breaches)
Ruby
client = XposedOrNot::Client.new
result = client.check_email(“test@example.com”)
puts result.breaches
Rust
let client = Client::builder().build()?;
let result = client.check_email(“test@example.com”).await?;
println!(“{:?}”, result);
PHP
$client = new XposedOrNot();
$result = $client->checkEmail(“test@example.com”);
print_r($result->breaches);
C# / .NET
using var client = new XposedOrNotClient();
var result = await client.Email.CheckEmailAsync(“test@example.com”);
var breaches = result.FreeResult?.Breaches.SelectMany(b => b).ToList();
breaches?.ForEach(Console.WriteLine);
Java
try (XposedOrNot xon = XposedOrNot.builder().build()) {
EmailBreachResponse result = xon.email().check(“test@example.com”);
System.out.println(result.getBreachNames());
}
What Every SDK Includes
All eight libraries share the same four endpoints and the same built-in safeguards. Four things you can do:
– Email Breach Check: look up any email against our database of 700+ known breaches
– Breach Analytics: get detailed breakdowns like risk scores, password strength, exposed data types, and timeline
– Breach Database: browse all known breaches or filter by domain
– Password Check: check if a password has been exposed. Your password never leaves your machine. It’s hashed locally with Keccak-512, and only a short prefix is sent to the API.
Things we took care of so you can skip the boilerplate:
– Rate limiting is built in. The free API is automatically throttled to 1 request per second.
– If the API comes back with a 429, the SDK waits and retries on its own. First after 1 second, then 2, then 4.
– Input validation before anything hits the network
– HTTPS on all traffic by default
Want the full deep-dive on analytics, error handling, and configuration? Check out our
https://blog.xposedornot.com/xposedornot-sdks-npm-pypi/. Everything there applies to all eight libraries.
Pick your language, install the SDK, and try a breach check. You can get a breach check running in about five lines. If it saves you some time, drop a star on the repo. That’s the best way to help other developers find these libraries. And if you need higher rate limits or detailed breach records, grab an API key at xonPlus.
