It seems like the gem is not picking up the https_proxy set from the OS and we need to explicitly set it for every request. Is there a way to recognize the https_proxy environment variable set from the OS?

There is no code in the gem that attempts to pick up a proxy from the environment. You can add a proxy in the request options like this:

proxy = "https://username:password@example.com:12345"
Pwned::Password.new("password", proxy: proxy)

If you want it to automatically pick it up from the environment, I'm open to pull requests. It looks like URI::find_proxy is a useful method for that. But also, in a short search about this I've found other libraries that give an option to ignore the proxy from the environment, so that would be a good feature to include too (see the Faraday docs here for example).

This issue can be closed

Indeed! As of version 2.3.0 the gem will pick up the https_proxy from the environment.