PHPackages kylemass/haveibeenpwned - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. kylemass/haveibeenpwned ActiveLibrary kylemass/haveibeenpwned ======================= A plugin to check if your users passwords have been pwned by a known data breach via https://haveibeenpwned.com 19PHP Since Aug 9Pushed 8y ago1 watchersCompare [ Source](https://github.com/KyleMassacre/haveibeenpwned)[ Packagist](https://packagist.org/packages/kylemass/haveibeenpwned)[ RSS](/packages/kylemass-haveibeenpwned/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Have I been pwned ========================= [](#laravel-have-i-been-pwned) Introduction ------------ [](#introduction) > A plugin to check if your users passwords have been pwned by a known data breach via Installation ------------ [](#installation) Run: ``` composer require kylemass/haveibeenpwned:dev-master ``` Add the provider to your config file ``` KyleMass\Hibp\Providers\HibpServiceProvider::class ``` Add the Facade ``` 'Hibp' => KyleMass\Hibp\Facades\Hibp::class ``` Next, publish the config file using: ``` php artisan vendor:publish --provider="KyleMass\Hibp\Providers\HibpServiceProvider" --tag=config ``` To Use: ------- [](#to-use) Inside your validation just add the: `beenpwned` validation rule.: ``` Validator::make($data, [ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users|beenpwned:false', 'password' => 'required|string|min:6|confirmed|beenpwned', ]); ``` **Please take note:** that there is a boolean parameter. By default this checks for passwords. By leaving the parameter off or setting it to `true` it will check the password against the Have I been pwned API. If you set it to false, this will check their account login name or password. Also note that by using the validation on an email and/or username, you potentially wont pass validation for the registering user. Only use this if this is what you truly desire. TODO: ----- [](#todo) 1. Make it framework agnostic 2. Add validating to a local storage of pwned accounts ### Health Score 20 — LowBetter than 14% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/3505b1543af3501aa97b403ae3c1e4e7f2d6437221b927323de229ab3b3dc822?d=identicon)[KyleMassacre](/maintainers/KyleMassacre) --- Top Contributors [![KyleMassacre](https://avatars.githubusercontent.com/u/4021612?v=4)](https://github.com/KyleMassacre "KyleMassacre (2 commits)") ### Embed Badge ![Health badge](/badges/kylemass-haveibeenpwned/health.svg) ``` [![Health](https://phpackages.com/badges/kylemass-haveibeenpwned/health.svg)](https://phpackages.com/packages/kylemass-haveibeenpwned) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)