PHPackages mxrxdxn/pwned-passwords - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mxrxdxn/pwned-passwords ActiveLibrary[Security](/categories/security) mxrxdxn/pwned-passwords ======================= A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach. v2.1.0(4y ago)3270.9k↓25.8%5[1 PRs](https://github.com/mxrxdxn/pwned-passwords/pulls)2MITPHPPHP ^7.3 | ^8.0 Since Feb 22Pushed 2mo ago2 watchersCompare [ Source](https://github.com/mxrxdxn/pwned-passwords)[ Packagist](https://packagist.org/packages/mxrxdxn/pwned-passwords)[ RSS](/packages/mxrxdxn-pwned-passwords/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (3)Versions (8)Used By (2) PwnedPasswords ============== [](#pwnedpasswords) A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach. Requirements ============ [](#requirements) - PHP >= 7.2 Installation ============ [](#installation) Installing PwnedPasswords is made easy via Composer. Just require the package using the command below, and you are ready to go. ``` composer require mxrxdxn/pwned-passwords ``` Usage ===== [](#usage) To use the library, you can do something along the lines of the following. ``` require_once('vendor/autoload.php'); $pp = new PwnedPasswords\PwnedPasswords; $password = '123456789'; $insecure = $pp->isPwned($password); //returns true or false ``` The `isPwned` method will return true if the password has been found in the PwnedPasswords API, and false if not. If you want to build your own thresholds (Ex. display a warning if the password has been found more than once and an error if more than 5x) you can call the `isPwned` method like below. ``` $pp = new PwnedPasswords\PwnedPasswords; $password = '123456789'; $insecure = $pp->isPwned($password, true); if ($insecure) { echo 'Oh no — pwned!' . "\n"; echo sprintf('This password has been seen %d time%s before.', $insecure, ($insecure > 1 ? 's' : '')); } else { echo 'All good!'; } ``` Issues ====== [](#issues) Please feel free to use the Github issue tracker to post any issues you have with this library. ### Health Score 52 — FairBetter than 96% of packages Maintenance58 Moderate activity, may be stable Popularity42 Moderate usage in the ecosystem Community20 Small or concentrated contributor base Maturity73 Established project with proven stability Bus Factor1 Top contributor holds 87.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~255 days Recently: every ~319 days Total 6 Last Release 1728d ago Major Versions v1.2.0 → v2.0.02019-03-15 PHP version history (5 changes)v1.0.0PHP >=5.0.0 v1.1.0PHP >=7.0.0 v1.2.0PHP >=7.1.3 v2.0.0PHP >=7.2 v2.1.0PHP ^7.3 | ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/3b8693ec4ec2b6ea80c111befbf872c80a8c9ac2550c9ea43c661c38e64880e3?d=identicon)[mxrxdxn](/maintainers/mxrxdxn) --- Top Contributors [![azjezz](https://avatars.githubusercontent.com/u/29315886?v=4)](https://github.com/azjezz "azjezz (27 commits)")[![mxrxdxn](https://avatars.githubusercontent.com/u/23401787?v=4)](https://github.com/mxrxdxn "mxrxdxn (1 commits)")[![pocketarc](https://avatars.githubusercontent.com/u/5393?v=4)](https://github.com/pocketarc "pocketarc (1 commits)")[![ramiror](https://avatars.githubusercontent.com/u/372955?v=4)](https://github.com/ramiror "ramiror (1 commits)")[![sapphyrus](https://avatars.githubusercontent.com/u/22681389?v=4)](https://github.com/sapphyrus "sapphyrus (1 commits)") --- Tags breachpasswordpassword-strengthpasswordsphpphp7pwnedpasswordssecuritysecuritypasswordpasswords ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/mxrxdxn-pwned-passwords/health.svg) ``` [![Health](https://phpackages.com/badges/mxrxdxn-pwned-passwords/health.svg)](https://phpackages.com/packages/mxrxdxn-pwned-passwords) ``` ### Alternatives [unicodeveloper/laravel-password Protect your users from entering dumb and common passwords 4261.4M2](/packages/unicodeveloper-laravel-password)[jeremykendall/password-validator Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords. 14469.9k3](/packages/jeremykendall-password-validator)[rych/phpass PHP Password Library: Easy, secure password management for PHP 248801.7k4](/packages/rych-phpass)[bordoni/phpass Portable PHP password hashing framework 244.4M26](/packages/bordoni-phpass)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[spooner-web/be_secure_pw You can set password conventions to force secure passwords for BE users. 10461.3k](/packages/spooner-web-be-secure-pw) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)