PHPackages kisscool/simple-haveibeenpwned - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. kisscool/simple-haveibeenpwned ActiveLibrary[Security](/categories/security) kisscool/simple-haveibeenpwned ============================== A very simple class to check your password safety against 'Have I Been Pwned' API. v1.0.4(6y ago)2258MITPHPPHP ^7.1 Since Feb 21Pushed 6y ago1 watchersCompare [ Source](https://github.com/kisscool-fr/simple-haveibeenpwned)[ Packagist](https://packagist.org/packages/kisscool/simple-haveibeenpwned)[ Docs](https://github.com/kisscool-fr/simple-haveibeenpwned)[ RSS](/packages/kisscool-simple-haveibeenpwned/feed)WikiDiscussions master Synced yesterday READMEChangelogDependencies (6)Versions (7)Used By (0) [![Build Status](https://camo.githubusercontent.com/0288a1396e0a926845353f4470b480033f25ecee1754115cab52ee2ac6b44d22/68747470733a2f2f7472617669732d63692e6f72672f6b697373636f6f6c2d66722f73696d706c652d68617665696265656e70776e65642e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/kisscool-fr/simple-haveibeenpwned) SimpleHIBP ========== [](#simplehibp) SimpleHIBP is a very simple way to check your password safety against Troy Hunt's [Have I Been Pwned](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) range password API. Usage ----- [](#usage) As the idea of this is to ***keep it simple***, you'll just need to call `isPasswordSafe()` static method, passing it the password you want to test as the only argument, and get a boolean value as the return: - `true` if the submited password hasn't been seen in a leak - `false` if has been seen Example ------- [](#example) ``` use HIBP\SimpleHIBP; $password = "someth1ng"; if (SimpleHIBP::isPasswordSafe($password)) { echo "My password is safe :)"; } else { echo "My password is unsafe :("; } ``` Security -------- [](#security) - It's obvious, but your data (password, hashed password) are never stored - So, there is no cache at all (see [Limitation](#Limitation)) Limitation ---------- [](#limitation) To ***keep it simple***, there is no caching at all. If you plan to integrate it on a high loaded website, please add some form of caching. Something like that should do the job (for security reason, I highly recommend you not to use the password as a data for the cache key): ``` use HIBP\SimpleHIBP; $password = "someth1ng"; $key = "someUniqueUserData"; if (false === ($result = $cache->get($key))) { $result = SimpleHIBP::isPasswordSafe($password); $cache->set($key, $result); } ``` Credits ------- [](#credits) Big thanks to [Troy Hunt](https://www.troyhunt.com/) for his amazing work on [Have I Been Pwned](https://haveibeenpwned.com). ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~30 days Total 6 Last Release 2487d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/607be1b6a5bb1f949c16ef28d0f5714ff5f3d0c48c5da0e003bb5d00c9357a64?d=identicon)[kisscool](/maintainers/kisscool) --- Top Contributors [![kisscool-fr](https://avatars.githubusercontent.com/u/797858?v=4)](https://github.com/kisscool-fr "kisscool-fr (9 commits)") --- Tags api-clienteasyeasy-to-usehave-i-been-pwnedhaveibeenpwnedpasswordsecuritysimpletroyhunt ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/kisscool-simple-haveibeenpwned/health.svg) ``` [![Health](https://phpackages.com/badges/kisscool-simple-haveibeenpwned/health.svg)](https://phpackages.com/packages/kisscool-simple-haveibeenpwned) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[paragonie/certainty Up-to-date, verifiable repository for Certificate Authorities 2642.4M20](/packages/paragonie-certainty)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[acmephp/core Raw implementation of the ACME protocol in PHP 38973.7k7](/packages/acmephp-core)[nickurt/laravel-pwned-passwords PwnedPasswords for Laravel 11.x/12.x/13.x 187.5k](/packages/nickurt-laravel-pwned-passwords) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)