PHPackages                             lukasjankowski/laravel-safepass - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. lukasjankowski/laravel-safepass

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

lukasjankowski/laravel-safepass
===============================

A laravel 5 password validation package for checking if passwords are really secure

1.0.1(8y ago)17.0k↑51.2%1MITPHP

Since Aug 16Pushed 6y agoCompare

[ Source](https://github.com/LukasJankowski/laravel-safepass)[ Packagist](https://packagist.org/packages/lukasjankowski/laravel-safepass)[ RSS](/packages/lukasjankowski-laravel-safepass/feed)WikiDiscussions master Synced 2d ago

READMEChangelogDependencies (1)Versions (3)Used By (0)

Unmaintained
============

[](#unmaintained)

Laravel-Safepass for Laravel 5
==============================

[](#laravel-safepass-for-laravel-5)

This package allows you to check the given password based on [Zxcvbn](https://github.com/bjeavons/zxcvbn-php/) and use it to validate its strength / entropy.

> Note: Depending on how heavy the load on your application is, it might be wiser to use something else as the checks can be quite expensive on computing time.

The why
-------

[](#the-why)

I got tired of solutions using some arbitrary regex to validate that the password contains at least one uppercase character, lowercase character, digit etc. Those requirements are **not** safe, not to mention that they advocate the exact opposite of what you were trying to accomplish.

See: [xkcd](https://xkcd.com/936/) or [codinghorror](https://blog.codinghorror.com/password-rules-are-bullshit/)for explanations.

This package uses - as mentioned above - as a means to calculate the passwords entropy and estimated cracking time. It will then go ahead and convert that value to a percentage in order to make writing rules more convenient.

The percentage is based off 10^8 seconds.

- So 100% is ~ 3 years,
- 50% would be ~ 1.5 years,
- 10% would be ~ 115 days etc.

The default value is 50%.

Installation
------------

[](#installation)

Require via composer:

```
composer require lukasjankowski/laravel-safepass

```

Include the service provider within your `config/app.php`.

```
'providers' => [
    // ...
    LukasJankowski\SafePass\SafePassServiceProvider::class
];
```

Usage
-----

[](#usage)

Simply add the `safepass` as a rule to your request validation.

Examples:

```
 public function create(Request $request)
    {
        $this->validate(
            $request,
            [
                'name' => 'required|min:4',
                'password' => 'required|safepass',
            ]
        );

        return 'Created.';
    }
```

If you want to override the standard of 50% you can add a parameter to the rule:

```
 public function create(Request $request)
    {
        $this->validate(
            $request,
            [
                'name' => 'required|min:4',
                'password' => 'required|safepass:100', // In percent
            ]
        );

        return 'Created.';
    }
```

The default error message is:

```
    'safepass' => 'The password you entered is easily guessable. Please use a more complex one.'
```

which you can override just like you would with other rules.

TODO
----

[](#todo)

- Unit tests

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity25

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

3244d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/23305995?v=4)[Lukas Jankowski](/maintainers/LukasJankowski)[@LukasJankowski](https://github.com/LukasJankowski)

---

Top Contributors

[![LukasJankowski](https://avatars.githubusercontent.com/u/23305995?v=4)](https://github.com/LukasJankowski "LukasJankowski (3 commits)")

### Embed Badge

![Health badge](/badges/lukasjankowski-laravel-safepass/health.svg)

```
[![Health](https://phpackages.com/badges/lukasjankowski-laravel-safepass/health.svg)](https://phpackages.com/packages/lukasjankowski-laravel-safepass)
```

###  Alternatives

[prestashop/prestashop

PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.

9.1k17.8k](/packages/prestashop-prestashop)[olssonm/l5-zxcvbn

Implementation of the zxcvbn project by @dropbox for Laravel. Uses zxcvbn-php by @bjeavons.

29333.3k1](/packages/olssonm-l5-zxcvbn)[ziming/laravel-zxcvbn

Zxcvbn Password validation rule for Laravel

3167.8k](/packages/ziming-laravel-zxcvbn)[altis/security

Security module for Altis

10225.2k3](/packages/altis-security)[rebelinblue/laravel-zxcvbn

Service provider to use the zxcvbn project by @dropbox in Laravel 5.4 and above

1165.3k](/packages/rebelinblue-laravel-zxcvbn)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
