matcher-pwned requests about zxcvbn HOT 5 CLOSED

Hey, as stated in the documentation it is recommended to use the provided debounce function or a debounce function from somewhere else.
There is even a example for the debounce function https://zxcvbn-ts.github.io/zxcvbn/guide/examples/#debounce

from zxcvbn.

I'am using the debounce function.
But the repeat-matcher executes the pwnd matcher for every repeat I guess.

So when I enter the password "testaa", two requests are sent to the pwnd api:
"testaa" = "1F390" in SHA1
"a" = "86F7E" in SHA1

When I enter "testaabb" I get 3 requests:
"testaabb" = "C4DCC" in SHA1
"a" = "86F7E" in SHA1
"b" = "E9D71" in SHA1

from zxcvbn.

Ah now i understand. This should not be the case i will look into it thanks for the report 👍

Edit:
I kind of revert this answer. Because the repeat matcher gets a base guess count for all other matchers. This doesn't seem to make sense for something like Testaabb but if you would have something like P4$$w0rdP4$$w0rd which is a common used password and in the pwned api it will get a pretty bad base guess count from it.
This basically means that for every part in the repeat matcher it will use all matchers to create a base guess count.
Does this answer your question?

from zxcvbn.

I don't really know, im not that deep into your library. 😅
It just seemed odd to me, that there are multiple requests happening.
For your example there are 6 requests being sent to the pwnd api (P4$$w0rdP4$$w0rd).
But I guess there is no other way, if you want to partially match a password.

from zxcvbn.

Just to get my example straight, there are actually 3 real requests and 3 preflight options requests :D Which means they belong together.
Those requests should be the whole example P4$$w0rdP4$$w0rd, a part of it for the repeat P4$$w0rd and $ because it repeats twice, too

from zxcvbn.