PHPackages equalent/password-policy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. equalent/password-policy ActiveLibrary[Security](/categories/security) equalent/password-policy ======================== A tool for managing password policies v1.0.0(9y ago)113MITPHPPHP >=5.3.0 Since Sep 7Pushed 7y ago1 watchersCompare [ Source](https://github.com/equalent/password-policy)[ Packagist](https://packagist.org/packages/equalent/password-policy)[ RSS](/packages/equalent-password-policy/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (3)Versions (3)Used By (0) PasswordPolicy ============== [](#passwordpolicy) A tool for checking and creating password policies in PHP and JS. Installation ------------ [](#installation) Use composer to setup an autoloader ``` php composer.phar install ``` Require the composer autoload file: ``` require_once 'vendor/autoload.php'; ``` Usage: ------ [](#usage) To use, first instantiate the core policy object: ``` $policy = new \PasswordPolicy\Policy; ``` Then, add rules: ``` $policy->contains('lowercase', $policy->atLeast(2)); ``` ### Supported rule helper methods are: [](#supported-rule-helper-methods-are) - `contains($class, $constraint = null, $description = '')`: Checks to see if a password contains a class of chars Supported Short-Cut classes: - `letter` - `a-zA-Z` - `lowercase` - `a-z` - `uppercase` - `A-Z` - `digit` - `0-9` - `symbol` - `^a-zA-Z0-9` (in other words, non-alpha-numeric) - `null` - `\0` - `alnum` - `a-zA-Z0-9` The second param is a constraint (optional) - `length($constraint)`: Checks the length of the password matches a constraint - `endsWith($class, $description = '')`: Checks to see if the password ends with a character class. - `startsWith($class, $description = '')`: Checks to see if the password starts with a character class. - `notMatch($regex, $description)`: Checks if the password does not match a regex. - `match($regex, $description)`: Checks if the password matches the regex. ### Supported Constraints: [](#supported-constraints) The policy also has short-cut helpers for creating constraints: - `atLeast($n)`: At least the param matches Equivalent to `between($n, PHP_INT_MAX)` - `atMost($n)`: At most the param matches Equivalent to `between(0, $n)` - `between($min, $max)`: Between $min and $max number of matches - `never()`: No matches Equivalent to `between(0, 0)` Testing the policy ------------------ [](#testing-the-policy) Once you setup the policy, you can then test it in PHP using the `test($password)` method. ``` $result = $policy->test($password); ``` The result return is a stdclass object with two members, result and messages. - `$result->result` - A boolean if the password is valid. - `$result->messages` - An array of messages Each message is an object of two members: - `$message->result` - A boolean indicating if the rule passed - `$message->message` - A textual description of the rule Using JavaScript ---------------- [](#using-javascript) Once you've built the policy, you can call `toJavaScript()` to generate a JS anonymous function for injecting into JS code. ``` $js = $policy->toJavaScript(); echo "var policy = $js;"; ``` Then, the policy object in JS is basically a wrapper for `$policy->test($password)`, and behaves the same (same return values). ``` var result = policy(password); if (!result.result) { /* Process Messages To Display Failure To User */ } ``` One note for the JavaScript, any regular expressions that you write need to be deliminated by `/` and be valid JS regexes (no PREG specific functionality is allowed). ### Health Score 26 — LowBetter than 41% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community10 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 80% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 3576d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/6237485?v=4)[Andrei Tsurkan](/maintainers/equalent)[@equalent](https://github.com/equalent) --- Top Contributors [![ircmaxell](https://avatars.githubusercontent.com/u/660654?v=4)](https://github.com/ircmaxell "ircmaxell (8 commits)")[![equalent](https://avatars.githubusercontent.com/u/6237485?v=4)](https://github.com/equalent "equalent (1 commits)")[![radmen](https://avatars.githubusercontent.com/u/1190255?v=4)](https://github.com/radmen "radmen (1 commits)") --- Tags passwordPolicy ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/equalent-password-policy/health.svg) ``` [![Health](https://phpackages.com/badges/equalent-password-policy/health.svg)](https://phpackages.com/packages/equalent-password-policy) ``` ### Alternatives [ircmaxell/password-compat A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password\_hash 2.1k57.7M126](/packages/ircmaxell-password-compat)[symfony/password-hasher Provides password hashing utilities 812146.2M148](/packages/symfony-password-hasher)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87118.6M76](/packages/bjeavons-zxcvbn-php)[rych/phpass PHP Password Library: Easy, secure password management for PHP 248837.5k4](/packages/rych-phpass)[mikemclin/laravel-wp-password Laravel package that checks and creates WordPress password hashes 863.5M2](/packages/mikemclin-laravel-wp-password)[bordoni/phpass Portable PHP password hashing framework 244.6M28](/packages/bordoni-phpass) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)