PHPackages northrook/password-validator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. northrook/password-validator ActiveLibrary northrook/password-validator ============================ A zxcvbn-based password validator. 039PHP Since Jun 22Pushed 1y agoCompare [ Source](https://github.com/northrook/password-validator)[ Packagist](https://packagist.org/packages/northrook/password-validator)[ RSS](/packages/northrook-password-validator/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Password Validator ================== [](#password-validator) A wrapper for the [zxcvbn-php](https://github.com/bjeavons/zxcvbn-php) library. This package offers a simple class for validating passwords against a zxcvbn-based strength score. Important This package is still in development. While it is considered MVP and stable, it may still undergo breaking changes. Slated features: - Validate passwords using [zxcvbn-php](https://github.com/bjeavons/zxcvbn-php). - Simple `timeToCrack` method - Optional hard limit on passed string, see [issue#74](https://github.com/bjeavons/zxcvbn-php/issues/74#issue-1655751842). - Integration with the [UI Component Library](https://github.com/northrook/ui) - Optional validation for the `` component. - JavaScript version for real-time validation. - Optional validation for the `<field:password ... Installation ------------ [](#installation) ``` composer require northrook/password-validator ``` Usage ----- [](#usage) Initialize the `PasswordValidator` class, with an optional global `$context` array. Use the `validate()` method to validate a given password, returning a `Result` object. Caution The [zxcvbn](https://github.com/dropbox/zxcvbn) library is used under the hood, and while it does provide decent insight, it is definite not perfect. In the example below, we get a score of `3`, despite several matches in the `$context`. ``` use Northrook\PasswordValidator; // Optional context for all validations. $globalContext = [ 'sitename' => 'Example Site', ]; $validator = new PasswordValidator( $globalContext ); $password = 'example-01-user'; $context = [ 'username' => 'Example User', 'email' => 'user@example.com', 'birthdate' => '1980-01-01', ]; $result = $validator->validate( $password, $context ) : Result ``` The `Result` object validates the password using the `zxcvbn-php` library, and sets the following read-only properties: ``` $pass:bool // `true` if the password is strong enough, else `false`. $strength:int // The strength score of the password. $label:string // A human-readable label for the strength score. $guesses:int // The number of guesses required to crack the password. $warning:?string // A warning message if the password is not strong enough, else `null`. $suggestions:[] // A list of suggestions to improve the password. ``` The `Result` object also has twh methods: ``` // Validate the password against a given strength score. $result->validate( int $strength ):bool // Get the time to crack the password, in seconds by default. $time = $result->timeToCrack( ?string $scenario = 'online_throttling', // The zxcvbn-php scenario to use. string $return = 'RETURN_SECONDS', // RETURN_SECONDS, RETURN_LABEL, RETURN_BOTH as object{seconds:int, label:string}. ):int|string|obj $time->seconds; // 173052000000 $time->label; // "centuries" ``` License ------- [](#license) [MIT](https://github.com/northrook/password-validator/blob/master/LICENSE) ### Health Score 15 — LowBetter than 3% of packages Maintenance27 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community6 Small or concentrated contributor base Maturity18 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/6ea0cb455f9912f9649c15f87435485f0e5ee9197e8cd767680689bb75cd2888?d=identicon)[martinlikescoffee](/maintainers/martinlikescoffee) --- Top Contributors [![martinlikescoffee](https://avatars.githubusercontent.com/u/60818044?v=4)](https://github.com/martinlikescoffee "martinlikescoffee (8 commits)") ### Embed Badge ![Health badge](/badges/northrook-password-validator/health.svg) ``` [![Health](https://phpackages.com/badges/northrook-password-validator/health.svg)](https://phpackages.com/packages/northrook-password-validator) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)