PHPackages                             assisted-mindfulness/pwned-validator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. assisted-mindfulness/pwned-validator

AbandonedArchivedLibrary[Validation &amp; Sanitization](/categories/validation)

assisted-mindfulness/pwned-validator
====================================

Super simple Laravel Validator for checking password via the Pwned Passwords service of Have I Been Pwned

1.0.0(3y ago)0101.0k[1 PRs](https://github.com/Assisted-Mindfulness/pwned-validator/pulls)MITPHPPHP ^8.0

Since Jan 24Pushed 3y agoCompare

[ Source](https://github.com/Assisted-Mindfulness/pwned-validator)[ Packagist](https://packagist.org/packages/assisted-mindfulness/pwned-validator)[ RSS](/packages/assisted-mindfulness-pwned-validator/feed)WikiDiscussions master Synced yesterday

READMEChangelog (1)Dependencies (6)Versions (3)Used By (0)

Pwned Passwords Validator for Laravel
=====================================

[](#pwned-passwords-validator-for-laravel)

[![Tests](https://github.com/Assisted-Mindfulness/pwned-validator/actions/workflows/phpunit.yaml/badge.svg)](https://github.com/Assisted-Mindfulness/pwned-validator/actions/workflows/phpunit.yaml)

Introducing the Pwned Password validator - a simple and effective tool for ensuring the security of your users' passwords. This package checks the user's submitted password (during registration or password change) against the [HIBP Pwned Passwords](https://haveibeenpwned.com/Passwords) database, which contains over half a billion real-world passwords that have been exposed in data breaches.

If a password is found to be pwned, it will fail validation and the user will be prevented from using it in your app. This helps to protect your users from potential security breaches and ensures that they are using strong, unique passwords. With the Pwned Password validator, you can have peace of mind knowing that your users' data is secure. Try it out today and see the difference it makes in the security of your app.

Installation
------------

[](#installation)

Install the package using Composer:

```
composer require assisted-mindfulness/pwned-validator/pwned-validator
```

Add the validation message to your validation lang file `lang/en/validation.php` :

```
'pwned' => 'The :attribute is not secure enough',
```

or use `:min` in the message to indicate the minimum number of times found set on the validator:

```
'pwned' => 'Your password is insufficiently secure as it has been found at least :min times in known password breaches, please choose a new one.',
```

Using the `pwned` validator
---------------------------

[](#using-the-pwned-validator)

After installation, the `pwned` validator will be available for use directly in your validation rules.

```
return Validator::make($data, [
    'name'     => 'required|string|max:255',
    'email'    => 'required|string|email|max:255|unique:users',
    'password' => 'required|string|min:6|pwned|confirmed',
]);
```

Using the Rule Object
---------------------

[](#using-the-rule-object)

Alternatively, you can use the `AssistedMindfulness\Pwned\PwnedRule` [Validation Rule Object](https://laravel.com/docs/validation#using-rule-objects)instead of the `pwned` alias if you prefer:

```
return Validator::make($data, [
    'name'     => 'required|string|max:255',
    'email'    => 'required|string|email|max:255|unique:users',
    'password' => ['required', 'string', 'min:6', new \AssistedMindfulness\Pwned\PwnedRule, 'confirmed'],
]);
```

Limiting by the number of times the password was pwned
------------------------------------------------------

[](#limiting-by-the-number-of-times-the-password-was-pwned)

You can also limit rejected passwords to those that have been pwned a minimum number of times. For example, `password` has been pwned 3,303,003 times, however `P@ssword!` has only been pwned 118 times. If we wanted to block `password` but not `P@ssword!`, we can specify the minimum number as 150 like this:

```
'password' => 'required|string|min:6|pwned:150|confirmed',
```

or using the Rule object:

```
'password' => ['required', 'string', 'min:6', new \AssistedMindfulness\Pwned\PwnedRule(150), 'confirmed'],
```

License
-------

[](#license)

This package is a fork of

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

30

—

LowBetter than 62% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity23

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity52

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 52.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1255d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/3c47797b11041f37c2eec74b09bc6619c8997467d690797ebad0e6ab7cb232b7?d=identicon)[tabuna](/maintainers/tabuna)

---

Top Contributors

[![valorin](https://avatars.githubusercontent.com/u/897369?v=4)](https://github.com/valorin "valorin (27 commits)")[![tabuna](https://avatars.githubusercontent.com/u/5102591?v=4)](https://github.com/tabuna "tabuna (11 commits)")[![SadElephant](https://avatars.githubusercontent.com/u/7434276?v=4)](https://github.com/SadElephant "SadElephant (3 commits)")[![lsfiege](https://avatars.githubusercontent.com/u/13440507?v=4)](https://github.com/lsfiege "lsfiege (2 commits)")[![kanalumaddela](https://avatars.githubusercontent.com/u/14265751?v=4)](https://github.com/kanalumaddela "kanalumaddela (2 commits)")[![tehCh0nG](https://avatars.githubusercontent.com/u/7266357?v=4)](https://github.com/tehCh0nG "tehCh0nG (1 commits)")[![mralston](https://avatars.githubusercontent.com/u/248387?v=4)](https://github.com/mralston "mralston (1 commits)")[![jny986](https://avatars.githubusercontent.com/u/37679074?v=4)](https://github.com/jny986 "jny986 (1 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (1 commits)")[![CJDennis](https://avatars.githubusercontent.com/u/1551236?v=4)](https://github.com/CJDennis "CJDennis (1 commits)")[![SamuelNitsche](https://avatars.githubusercontent.com/u/24483576?v=4)](https://github.com/SamuelNitsche "SamuelNitsche (1 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPsalm

Code StyleLaravel Pint

Type Coverage Yes

### Embed Badge

![Health badge](/badges/assisted-mindfulness-pwned-validator/health.svg)

```
[![Health](https://phpackages.com/badges/assisted-mindfulness-pwned-validator/health.svg)](https://phpackages.com/packages/assisted-mindfulness-pwned-validator)
```

###  Alternatives

[backpack/crud

Quickly build admin interfaces using Laravel, Bootstrap and JavaScript.

3.4k3.7M223](/packages/backpack-crud)[statamic/cms

The Statamic CMS Core Package

4.8k3.6M986](/packages/statamic-cms)[unopim/unopim

UnoPim Laravel PIM

10.5k2.4k](/packages/unopim-unopim)[neuron-core/neuron-ai

The PHP Agentic Framework.

2.0k656.1k38](/packages/neuron-core-neuron-ai)[scriptdevelop/whatsapp-manager

Paquete para manejo de WhatsApp Business API en Laravel

783.8k](/packages/scriptdevelop-whatsapp-manager)[eslazarev/wildberries-sdk

Wildberries OpenAPI clients (generated).

273.0k](/packages/eslazarev-wildberries-sdk)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
