PHPackages                             mxrxdxn/pwned-passwords - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. mxrxdxn/pwned-passwords

ActiveLibrary[Security](/categories/security)

mxrxdxn/pwned-passwords
=======================

A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

v2.1.0(4y ago)3381.8k↓33.5%5[1 PRs](https://github.com/mxrxdxn/pwned-passwords/pulls)2MITPHPPHP ^7.3 | ^8.0

Since Feb 22Pushed 3mo ago2 watchersCompare

[ Source](https://github.com/mxrxdxn/pwned-passwords)[ Packagist](https://packagist.org/packages/mxrxdxn/pwned-passwords)[ RSS](/packages/mxrxdxn-pwned-passwords/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (4)Dependencies (3)Versions (8)Used By (2)

PwnedPasswords
==============

[](#pwnedpasswords)

A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

Requirements
============

[](#requirements)

- PHP &gt;= 7.2

Installation
============

[](#installation)

Installing PwnedPasswords is made easy via Composer. Just require the package using the command below, and you are ready to go.

```
composer require mxrxdxn/pwned-passwords

```

Usage
=====

[](#usage)

To use the library, you can do something along the lines of the following.

```
require_once('vendor/autoload.php');

$pp = new PwnedPasswords\PwnedPasswords;

$password = '123456789';

$insecure = $pp->isPwned($password); //returns true or false
```

The `isPwned` method will return true if the password has been found in the PwnedPasswords API, and false if not.

If you want to build your own thresholds (Ex. display a warning if the password has been found more than once and an error if more than 5x) you can call the `isPwned` method like below.

```
$pp = new PwnedPasswords\PwnedPasswords;

$password = '123456789';

$insecure = $pp->isPwned($password, true);

if ($insecure) {
    echo 'Oh no — pwned!' . "\n";
    echo sprintf('This password has been seen %d time%s before.', $insecure, ($insecure > 1 ? 's' : ''));
} else {
    echo 'All good!';
}
```

Issues
======

[](#issues)

Please feel free to use the Github issue tracker to post any issues you have with this library.

###  Health Score

52

—

FairBetter than 96% of packages

Maintenance53

Moderate activity, may be stable

Popularity43

Moderate usage in the ecosystem

Community23

Small or concentrated contributor base

Maturity73

Established project with proven stability

 Bus Factor1

Top contributor holds 87.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~255 days

Recently: every ~319 days

Total

6

Last Release

1775d ago

Major Versions

v1.2.0 → v2.0.02019-03-15

PHP version history (5 changes)v1.0.0PHP &gt;=5.0.0

v1.1.0PHP &gt;=7.0.0

v1.2.0PHP &gt;=7.1.3

v2.0.0PHP &gt;=7.2

v2.1.0PHP ^7.3 | ^8.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/23401787?v=4)[Ron](/maintainers/mxrxdxn)[@mxrxdxn](https://github.com/mxrxdxn)

---

Top Contributors

[![azjezz](https://avatars.githubusercontent.com/u/29315886?v=4)](https://github.com/azjezz "azjezz (27 commits)")[![mxrxdxn](https://avatars.githubusercontent.com/u/23401787?v=4)](https://github.com/mxrxdxn "mxrxdxn (1 commits)")[![pocketarc](https://avatars.githubusercontent.com/u/5393?v=4)](https://github.com/pocketarc "pocketarc (1 commits)")[![ramiror](https://avatars.githubusercontent.com/u/372955?v=4)](https://github.com/ramiror "ramiror (1 commits)")[![sapphyrus](https://avatars.githubusercontent.com/u/22681389?v=4)](https://github.com/sapphyrus "sapphyrus (1 commits)")

---

Tags

breachpasswordpassword-strengthpasswordsphpphp7pwnedpasswordssecuritysecuritypasswordpasswords

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/mxrxdxn-pwned-passwords/health.svg)

```
[![Health](https://phpackages.com/badges/mxrxdxn-pwned-passwords/health.svg)](https://phpackages.com/packages/mxrxdxn-pwned-passwords)
```

###  Alternatives

[aws/aws-sdk-php

AWS SDK for PHP - Use Amazon Web Services in your PHP project

6.3k543.5M2.6k](/packages/aws-aws-sdk-php)[neuron-core/neuron-ai

The PHP Agentic Framework.

2.0k656.1k39](/packages/neuron-core-neuron-ai)[tencentcloud/tencentcloud-sdk-php

TencentCloudApi php sdk

3741.3M46](/packages/tencentcloud-tencentcloud-sdk-php)[unicodeveloper/laravel-password

Protect your users from entering dumb and common passwords

4251.5M6](/packages/unicodeveloper-laravel-password)[jorijn/laravel-security-checker

Added Laravel functionality to the Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

2111.9M1](/packages/jorijn-laravel-security-checker)[jeremykendall/password-validator

Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords.

14470.7k3](/packages/jeremykendall-password-validator)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
