PHPackages oldas/pwned-passwords - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. oldas/pwned-passwords ActiveLibrary[Security](/categories/security) oldas/pwned-passwords ===================== A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach. v1.0.1(1y ago)11MITPHPPHP >=8.2CI passing Since Jan 10Pushed 1y ago1 watchersCompare [ Source](https://github.com/mzk/pwned-passwords)[ Packagist](https://packagist.org/packages/oldas/pwned-passwords)[ RSS](/packages/oldas-pwned-passwords/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (7)Versions (3)Used By (0) PwnedPasswords ============== [](#pwnedpasswords) **PwnedPasswords** is a library that allows you to query [Troy Hunt's Pwned Passwords API](https://haveibeenpwned.com/Passwords) to determine if a password has been compromised in a public data breach. --- Requirements ------------ [](#requirements) - PHP **>= 8.2** --- Installation ------------ [](#installation) Install PwnedPasswords easily with Composer by running the following command in your project directory: ``` composer require oldas/pwned-passwords ``` --- Usage ----- [](#usage) First, include the Composer `autoload.php` to load the library: ``` require_once('vendor/autoload.php'); ``` Then, use the core service class `HaveIBeenPwnedService` to interact with the Pwned Passwords API: ``` use Oldas\PwnedPasswords\HaveIBeenPwnedService; // Create a service instance $haveIBeenPwnedService = new HaveIBeenPwnedService(); $plainTextPassword = 'password'; // leaked password // Check if the password has been compromised $result = $haveIBeenPwnedService->isPwned($plainTextPassword); // Returns: true (if compromised), false (if safe), or null (in case of API timeout) // Validate the password (throws exceptions for invalid input) $haveIBeenPwnedService->validatePassword($plainTextPassword); // Throws InvalidPasswordInputException, otherwise returns void ``` ### Methods Explained [](#methods-explained) #### `isPwned(string $plainTextPassword): ?bool` [](#ispwnedstring-plaintextpassword-bool) This method checks whether the given password has been exposed in a public data breach by querying the **Pwned Passwords API**. - **Returns:** - `true`: The password was found in a breach. - `false`: The password was not found in a breach. - `null`: The API call timed out or failed. #### `validatePassword(string $plainTextPassword): void` [](#validatepasswordstring-plaintextpassword-void) This method ensures the password meets the library's input criteria. If the password is invalid, it throws an exception before performing any further operations. - **Throws:** `InvalidPasswordInputException` --- Notes ----- [](#notes) - The library uses the **[k-anonymity](https://en.wikipedia.org/wiki/K-anonymity)** technique to query the API securely without revealing the full password to external services. - Ensure proper validation and exception handling in your implementation to cover cases such as API timeout or invalid input. --- License ------- [](#license) This project is released under the [MIT License](https://opensource.org/licenses/MIT). --- Resources --------- [](#resources) - [Troy Hunt's PwnedPasswords API Documentation](https://haveibeenpwned.com/API/v3) - [PHP Composer Documentation](https://getcomposer.org) ### Health Score 28 — LowBetter than 54% of packages Maintenance41 Moderate activity, may be stable Popularity3 Limited adoption so far Community7 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 486d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/b76e964d2466cdb95f618f1b3898bf2ec6d031c8d7a1d216bb8e9c8e89f7e7bd?d=identicon)[mzk](/maintainers/mzk) --- Top Contributors [![mzk](https://avatars.githubusercontent.com/u/382475?v=4)](https://github.com/mzk "mzk (12 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/oldas-pwned-passwords/health.svg) ``` [![Health](https://phpackages.com/badges/oldas-pwned-passwords/health.svg)](https://phpackages.com/packages/oldas-pwned-passwords) ``` ### Alternatives [matomo/matomo Matomo is the leading Free/Libre open analytics platform 21.4k37.3k](/packages/matomo-matomo)[acmephp/core Raw implementation of the ACME protocol in PHP 38973.7k7](/packages/acmephp-core)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[perimeterx/php-sdk PerimeterX SDK for PHP 1885.2k](/packages/perimeterx-php-sdk)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[nickurt/laravel-pwned-passwords PwnedPasswords for Laravel 11.x/12.x/13.x 187.5k](/packages/nickurt-laravel-pwned-passwords) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)