PHPackages effectix/passwordchecker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. effectix/passwordchecker ActiveLibrary[Validation & Sanitization](/categories/validation) effectix/passwordchecker ======================== A Laravel package for robust password strength validation. 1.2.3(10mo ago)04[4 PRs](https://github.com/EffectiX/passwordchecker/pulls)MITPHPPHP ^8.2 | ^8.3 | ^8.4CI passing Since Jan 24Pushed 1mo ago1 watchersCompare [ Source](https://github.com/EffectiX/passwordchecker)[ Packagist](https://packagist.org/packages/effectix/passwordchecker)[ Docs](https://github.com/Effectix/passwordchecker)[ GitHub Sponsors](https://github.com/EffectiX)[ RSS](/packages/effectix-passwordchecker/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (13)Versions (15)Used By (0) Password Checker ================ [](#password-checker) [![Latest Version on Packagist](https://camo.githubusercontent.com/25bd7bbcfff3cedc4e66f5141eb317a1cad60cc071f2638ba4e115d29267a283/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f65666665637469782f70617373776f7264636865636b65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/effectix/passwordchecker)[![Total Downloads](https://camo.githubusercontent.com/8a98347c9b4f16e4564d4e46ebc629032f7a818bd704b321c266fa4f149ef123/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f65666665637469782f70617373776f7264636865636b65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/effectix/passwordchecker) This is an opinionated strength check intended for password validation in registration forms. Take a look at [contributing.md](contributing.md) to see how to do so. Things taken into account for the scoring: - Common Patterns - Length - Character Variety - Entropy of the string (based on Shannon's Entropy formula) The common patterns verification uses a set of included .txt files with common plain text terms, words and phrases that have already been compromised on earlier breaches. This is the most penalizing factor in the scoring as if your string has a full match with any of these values, you get instant -100 on the score and go into negative territory. This is done on purpose to prevent users from creating accounts with already known weak passwords that have been distributed in a very common wordlist for pentesting purposes. The other factors add to the scoring based on their respective weights, so the higher the score, the stronger the password. ⚠ The scoring is still being tweaked and played with so future versions of this package will have a different scoring for sure, but for now, it works as intended. Installation ------------ [](#installation) Via Composer ``` composer require effectix/passwordchecker ``` #### Configuration [](#configuration) Run `artisan vendor:publish --provider="Effectix\PasswordChecker\PasswordCheckerServiceProvider"` to publish everything this package offers: - Password score Validation rule - Locale files for `es` and `en` - Config file Alternatively, you can publish the config file only: Run `artisan vendor:publish --tag=passwordchecker.config` to publish the config file. Usage ----- [](#usage) You can apply it as a validation rule like this: ``` //... $validated = $this->validate([ 'name' => ['required', 'string', 'max:255'], 'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class], 'password' => ['required', 'string', 'confirmed', new PasswordScoreRule(20)], ]); //... ``` On your validation logic, call the `Effectix\PasswordChecker\Rules\PasswordScoreRule` rule class and pass the score threshold you want to enforce on that validation. If you run `artisan vendor:publish --tag=passwordchecker.config` you will get a config file where you can manage a default score threshold for all your uses of this rule, without specifying it in each validation usage. ⚠ Explicit score threshold specification takes precedence over the configuration default. Included Password Strength Bar Livewire component ------------------------------------------------- [](#included-password-strength-bar-livewire-component) The livewire component has been tested so far to work with Livewire v3 on a site using a Volt registration form. More tests and use cases to come later. The score property is reactive, so it might cause some issues in some implementations. Maybe. I'm not totally certain. So long as you can pass the score to the component you should have no problems. Use it in your registration form like this: ``` ``` Your parent livewire component if you are using volt, should contain something like this: ``` public int $score = 0; public function updated($prop): void { if($prop === 'password') { $this->score = PasswordScorer::calculate($this->password); } } ``` This will evaluate the score everytime the debounced update to the password model is hit. The reactive property of the child component will pick up the new score and show the bar accordingly. Change log ---------- [](#change-log) Please see the [changelog](changelog.md) for more information on what has changed recently. Testing ------- [](#testing) ``` composer test ``` Contributing ------------ [](#contributing) Please see [contributing.md](contributing.md) for details and a todolist. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Jorge Morales](https://github.com/morales2k) - [All Contributors](../../contributors) License ------- [](#license) AGPL. Please see the [license file](license.md) for more information. ### Health Score 40 — FairBetter than 88% of packages Maintenance75 Regular maintenance activity Popularity3 Limited adoption so far Community10 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~25 days Recently: every ~43 days Total 8 Last Release 303d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/2d59de1c950132dbd69066a41f42abfe68ec9c71e1e0b2d38dfc33039be5d61e?d=identicon)[JLMorales](/maintainers/JLMorales) --- Top Contributors [![morales2k](https://avatars.githubusercontent.com/u/1074855?v=4)](https://github.com/morales2k "morales2k (45 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (33 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (32 commits)") --- Tags laravelPasswordChecker ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/effectix-passwordchecker/health.svg) ``` [![Health](https://phpackages.com/badges/effectix-passwordchecker/health.svg)](https://phpackages.com/packages/effectix-passwordchecker) ``` ### Alternatives [propaganistas/laravel-phone Adds phone number functionality to Laravel based on Google's libphonenumber API. 3.0k35.7M107](/packages/propaganistas-laravel-phone)[proengsoft/laravel-jsvalidation Validate forms transparently with Javascript reusing your Laravel Validation Rules, Messages, and FormRequest 1.1k2.3M49](/packages/proengsoft-laravel-jsvalidation)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[axlon/laravel-postal-code-validation Worldwide postal code validation for Laravel and Lumen 3853.3M1](/packages/axlon-laravel-postal-code-validation)[wendelladriel/laravel-validated-dto Data Transfer Objects with validation for Laravel applications 759569.4k13](/packages/wendelladriel-laravel-validated-dto)[sunspikes/clamav-validator Custom Laravel 5 anti-virus validator for file uploads. 3651.8M3](/packages/sunspikes-clamav-validator) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)