PHPackages                             elliotjreed/haveibeenpwned - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. elliotjreed/haveibeenpwned

ActiveLibrary[Security](/categories/security)

elliotjreed/haveibeenpwned
==========================

PHP

3.0.0(1y ago)569.2k↓48%2[2 PRs](https://github.com/elliotjreed/haveibeenpwned/pulls)MITPHPPHP ^8.2CI failing

Since Apr 22Pushed 1y ago1 watchersCompare

[ Source](https://github.com/elliotjreed/haveibeenpwned)[ Packagist](https://packagist.org/packages/elliotjreed/haveibeenpwned)[ Docs](https://github.com/elliotjreed/haveibeenpwned)[ RSS](/packages/elliotjreed-haveibeenpwned/feed)WikiDiscussions master Synced 3d ago

READMEChangelogDependencies (5)Versions (9)Used By (0)

[![Contributor Covenant](https://camo.githubusercontent.com/2757a9db291c5ceda172e31d4fa5f3c4048a6e6257ee0b7113f80de277074b91/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f6e7472696275746f72253230436f76656e616e742d76322e3025323061646f707465642d6666363962342e737667)](code-of-conduct.md)

Have I Been Pwned PHP
=====================

[](#have-i-been-pwned-php)

PHP 8.4 or above is required. For PHP 8.1 please use 2.0.0. For PHP 7.4 to 8.0 please use version 1.2.0.

Usage
-----

[](#usage)

A Have I Been Pwned API key is required. This can be obtained on a monthly subscription basis, or a one-off monthly access charge.

### Installation

[](#installation)

To install this package via [Composer](https://getcomposer.org/):

```
composer require elliotjreed/haveibeenpwned
```

### Count of breaches by email address

[](#count-of-breaches-by-email-address)

Return a count of all breaches for a specified email address (`int`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$count = (new \ElliotJReed\HaveIBeenPwned\BreachedAccount($guzzle, $apiKey))->count('email@example.com');
```

### Breaches by email address

[](#breaches-by-email-address)

Return details of all breaches for a specified email address (`ElliotJReed\HaveIBeenPwned\Entity\Breach[]`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$breaches = (new \ElliotJReed\HaveIBeenPwned\BreachedAccount($guzzle, $apiKey))->breaches('email@example.com');
```

### Breach names by email address

[](#breach-names-by-email-address)

Return the names of the breaches for a specified email address (`string[]`);

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$breachNames = (new \ElliotJReed\HaveIBeenPwned\BreachedAccount($guzzle, $apiKey))->breachNames('email@example.com');
```

### Count of exposed passwords by password

[](#count-of-exposed-passwords-by-password)

Return a count of exposed passwords for a specified password (`int`).

Note: This API call DOES NOT send the actual password to the Have I Been Pwned API, see: .

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$count = (new \ElliotJReed\HaveIBeenPwned\Password($guzzle, $apiKey))->count('password123');
```

### Pastes by email address

[](#pastes-by-email-address)

Return details of a specified email address appearing on "pastes" online (`\ElliotJReed\HaveIBeenPwned\Builder\Paste[]`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$pastes = (new \ElliotJReed\HaveIBeenPwned\PastedAccount($guzzle, $apiKey))->pastes('email@example.com');
```

### Breach sources

[](#breach-sources)

Return all breach sources recorded by Have I Been Pwned (`\ElliotJReed\HaveIBeenPwned\Entity\Breach[]`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$allBreaches = (new \ElliotJReed\HaveIBeenPwned\Breaches($guzzle, $apiKey))->allSources();
```

### Breach source by name

[](#breach-source-by-name)

Return breach details by source name (`\ElliotJReed\HaveIBeenPwned\Entity\Breach`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$breachesBySource = (new \ElliotJReed\HaveIBeenPwned\Breaches($guzzle, $apiKey))->bySourceName('Adobe');
```

### Breach source by domain

[](#breach-source-by-domain)

Return breach details by domain name (`\ElliotJReed\HaveIBeenPwned\Entity\Breach`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$breachesBySource = (new \ElliotJReed\HaveIBeenPwned\Breaches($guzzle, $apiKey))->byDomain('adobe.com');
```

### Data classes

[](#data-classes)

Return the data classes used by Have I Been Pwned (`string[]`).

```
$guzzle = new \GuzzleHttp\Client();
$apiKey = 'HIBP-API-KEY';

$haveIBeenPwnedDataClasses = (new \ElliotJReed\HaveIBeenPwned\DataClasses($guzzle, $apiKey))->all();
```

Development
-----------

[](#development)

PHP 7.4 or 8.0 and Composer is expected to be installed.

### Installing Composer

[](#installing-composer)

For instructions on how to install Composer visit [getcomposer.org](https://getcomposer.org/download/).

### Installing

[](#installing)

After cloning this repository, change into the newly created directory and run:

```
composer install
```

or if you have installed Composer locally in your current directory:

```
php composer.phar install
```

This will install all dependencies needed for the project.

Henceforth, the rest of this README will assume `composer` is installed globally (ie. if you are using `composer.phar` you will need to use `composer.phar` instead of `composer` in your terminal / command-line).

Running the Tests
-----------------

[](#running-the-tests)

### Unit tests

[](#unit-tests)

Unit testing in this project is via [PHPUnit](https://phpunit.de/).

All unit tests can be run by executing:

```
composer phpunit
```

#### Debugging

[](#debugging)

To have PHPUnit stop and report on the first failing test encountered, run:

```
composer phpunit:debug
```

### Static analysis

[](#static-analysis)

Static analysis tools can point to potential "weak spots" in your code, and can be useful in identifying unexpected side-effects.

[Psalm](https://psalm.dev/) is configured at it's highest levels, meaning false positives are quite likely.

All static analysis tests can be run by executing:

```
composer static-analysis
```

Code formatting
---------------

[](#code-formatting)

A standard for code style can be important when working in teams, as it means that less time is spent by developers processing what they are reading (as everything will be consistent).

Code format checking (via [PHP Code Sniffer](https://github.com/squizlabs/PHP_CodeSniffer)) can be run by executing:

```
composer phpcs
```

### Running everything

[](#running-everything)

All of the tests can be run by executing:

```
composer test
```

### Outdated dependencies

[](#outdated-dependencies)

Checking for outdated Composer dependencies can be performed by executing:

```
composer outdated
```

### Validating Composer configuration

[](#validating-composer-configuration)

Checking that the [composer.json](composer.json) is valid can be performed by executing:

```
composer validate --no-check-publish
```

### Running via GNU Make

[](#running-via-gnu-make)

If GNU [Make](https://www.gnu.org/software/make/) is installed, you can replace the above `composer` command prefixes with `make`.

All of the tests can be run by executing:

```
make test
```

### Running the tests on a Continuous Integration platform (eg. Travis)

[](#running-the-tests-on-a-continuous-integration-platform-eg-travis)

To run all the tests and report code coverage in Clover XML format (which many CI platforms can read, including Travis CI), add the following to your CI config (eg. [.travis.yml](.travis.yml)):

```
  script:
    - composer ci
```

Coding standards
----------------

[](#coding-standards)

PHP coding standards are quite strict and are defined in [ruleset.xml](ruleset.xml).

The rules are PSR-2 and PSR-12 standards with additionally defined rules.

The code formatting checks can be run by executing:

```
composer phpcs
```

To automatically fix any issues where possible, run:

```
composer phpcs:fix
```

Built With
----------

[](#built-with)

- [PHP](https://secure.php.net/)
- [Composer](https://getcomposer.org/)
- [PHPUnit](https://phpunit.de/)
- [Psalm](https://psalm.dev/)
- [PHP Code Sniffer](https://github.com/squizlabs/PHP_CodeSniffer)
- [GNU Make](https://www.gnu.org/software/make/)

License
-------

[](#license)

This project is licensed under the MIT License - see the [LICENCE.md](LICENCE.md) file for details.

###  Health Score

42

—

FairBetter than 88% of packages

Maintenance37

Infrequent updates — may be unmaintained

Popularity36

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity70

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~222 days

Recently: every ~306 days

Total

7

Last Release

567d ago

Major Versions

1.2.0 → 2.0.02023-12-16

2.0.0 → 3.0.02024-12-15

PHP version history (3 changes)1.0.3PHP ^7.4|^8.0

2.0.0PHP ^8.1

3.0.0PHP ^8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/add28ef6e6aa69ae94393ab9e7ef7c5e63ca77384c7c41cccca5a678c4c2b53e?d=identicon)[elliotjreed](/maintainers/elliotjreed)

---

Top Contributors

[![elliotjreed](https://avatars.githubusercontent.com/u/5665859?v=4)](https://github.com/elliotjreed "elliotjreed (35 commits)")

---

Tags

composerhacktoberfesthaveibeenpwnedpassword-safetypassword-strengthphphaveibeenpwnedelliotjreed

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/elliotjreed-haveibeenpwned/health.svg)

```
[![Health](https://phpackages.com/badges/elliotjreed-haveibeenpwned/health.svg)](https://phpackages.com/packages/elliotjreed-haveibeenpwned)
```

###  Alternatives

[aws/aws-sdk-php

AWS SDK for PHP - Use Amazon Web Services in your PHP project

6.3k543.5M2.6k](/packages/aws-aws-sdk-php)[neuron-core/neuron-ai

The PHP Agentic Framework.

2.0k656.1k38](/packages/neuron-core-neuron-ai)[tencentcloud/tencentcloud-sdk-php

TencentCloudApi php sdk

3741.3M46](/packages/tencentcloud-tencentcloud-sdk-php)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[eslazarev/wildberries-sdk

Wildberries OpenAPI clients (generated).

273.0k](/packages/eslazarev-wildberries-sdk)[files.com/files-php-sdk

Files.com PHP SDK

2481.1k](/packages/filescom-files-php-sdk)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
