PHPackages lukasjankowski/laravel-safepass - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. lukasjankowski/laravel-safepass ActiveLibrary[Validation & Sanitization](/categories/validation) lukasjankowski/laravel-safepass =============================== A laravel 5 password validation package for checking if passwords are really secure 1.0.1(8y ago)16.5k↓50%1MITPHP Since Aug 16Pushed 5y agoCompare [ Source](https://github.com/LukasJankowski/laravel-safepass)[ Packagist](https://packagist.org/packages/lukasjankowski/laravel-safepass)[ RSS](/packages/lukasjankowski-laravel-safepass/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (3)Used By (0) Unmaintained ============ [](#unmaintained) Laravel-Safepass for Laravel 5 ============================== [](#laravel-safepass-for-laravel-5) This package allows you to check the given password based on [Zxcvbn](https://github.com/bjeavons/zxcvbn-php/) and use it to validate its strength / entropy. > Note: Depending on how heavy the load on your application is, it might be wiser to use something else as the checks can be quite expensive on computing time. The why ------- [](#the-why) I got tired of solutions using some arbitrary regex to validate that the password contains at least one uppercase character, lowercase character, digit etc. Those requirements are **not** safe, not to mention that they advocate the exact opposite of what you were trying to accomplish. See: [xkcd](https://xkcd.com/936/) or [codinghorror](https://blog.codinghorror.com/password-rules-are-bullshit/)for explanations. This package uses - as mentioned above - as a means to calculate the passwords entropy and estimated cracking time. It will then go ahead and convert that value to a percentage in order to make writing rules more convenient. The percentage is based off 10^8 seconds. - So 100% is ~ 3 years, - 50% would be ~ 1.5 years, - 10% would be ~ 115 days etc. The default value is 50%. Installation ------------ [](#installation) Require via composer: ``` composer require lukasjankowski/laravel-safepass ``` Include the service provider within your `config/app.php`. ``` 'providers' => [ // ... LukasJankowski\SafePass\SafePassServiceProvider::class ]; ``` Usage ----- [](#usage) Simply add the `safepass` as a rule to your request validation. Examples: ``` public function create(Request $request) { $this->validate( $request, [ 'name' => 'required|min:4', 'password' => 'required|safepass', ] ); return 'Created.'; } ``` If you want to override the standard of 50% you can add a parameter to the rule: ``` public function create(Request $request) { $this->validate( $request, [ 'name' => 'required|min:4', 'password' => 'required|safepass:100', // In percent ] ); return 'Created.'; } ``` The default error message is: ``` 'safepass' => 'The password you entered is easily guessable. Please use a more complex one.' ``` which you can override just like you would with other rules. TODO ---- [](#todo) - Unit tests ### Health Score 33 — LowBetter than 75% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity25 Limited adoption so far Community7 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 3191d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a94d1fb0a4a1c5a6485c6099a5d49d57d39afb4256e10dc7f4886654e7e6531c?d=identicon)[LukasJankowski](/maintainers/LukasJankowski) --- Top Contributors [![LukasJankowski](https://avatars.githubusercontent.com/u/23305995?v=4)](https://github.com/LukasJankowski "LukasJankowski (3 commits)") ### Embed Badge ![Health badge](/badges/lukasjankowski-laravel-safepass/health.svg) ``` [![Health](https://phpackages.com/badges/lukasjankowski-laravel-safepass/health.svg)](https://phpackages.com/packages/lukasjankowski-laravel-safepass) ``` ### Alternatives [webmozart/assert Assertions to validate method input/output with nice error messages. 7.6k894.0M1.2k](/packages/webmozart-assert)[swaggest/json-schema High definition PHP structures with JSON-schema based validation 48612.5M73](/packages/swaggest-json-schema)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[ashallendesign/laravel-config-validator A package for validating your Laravel app's config. 217905.3k5](/packages/ashallendesign-laravel-config-validator)[crazybooot/base64-validation Laravel validators for base64 encoded files 1341.9M8](/packages/crazybooot-base64-validation)[xemlock/htmlpurifier-html5 HTML5 support for HTML Purifier 1052.9M11](/packages/xemlock-htmlpurifier-html5) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)