PHPackages skyzyx/bad-passwords - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. skyzyx/bad-passwords ActiveLibrary[Security](/categories/security) skyzyx/bad-passwords ==================== A list of the top 10,000 most-used passwords from hacked password lists. 39110.9k↑52.6%23[2 issues](https://github.com/skyzyx/bad-passwords/issues)PHP Since Sep 16Pushed 8y ago3 watchersCompare [ Source](https://github.com/skyzyx/bad-passwords)[ Packagist](https://packagist.org/packages/skyzyx/bad-passwords)[ RSS](/packages/skyzyx-bad-passwords/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) [Bad Passwords](http://github.com/skyzyx/bad-passwords) ======================================================= [](#bad-passwords) A list of the top 10,000 most-used passwords from hacked password lists. Mutated list was generated by installing [John the Ripper](http://www.openwall.com/john/) and running: ``` john --wordlist=raw.txt --rules --stdout > raw-mutated.txt ``` This produces a list which starts with the top 10,000 and makes commonplace alterations to that list. This increases the size of the list from 10,000 → over 422,000. See Also… --------- [](#see-also) > **NOTE:** This is a list of known-bad clear text passwords. For a list of known-bad password SHA-1 hashes, see . Requirements ------------ [](#requirements) ### Required [](#required) The following software is **required** for Bad Passwords to run: - [PHP](http://php.net) 5.3.0+ Installation ------------ [](#installation) ### Bundle with Composer (recommended!) [](#bundle-with-composer-recommended) To add Bad Passwords as a [Composer](https://getcomposer.org) dependency in your `composer.json` file: ``` { "require": { "skyzyx/bad-passwords": ">=1.0" } } ``` And include it in your scripts: ``` require_once 'vendor/autoload.php'; ``` Contributing ------------ [](#contributing) To view the list of existing [contributors](/skyzyx/bad-passwords/graphs/contributors), run the following command from the Terminal: ``` git shortlog -sne --no-merges ``` ### How? [](#how) Here's the process for contributing: 1. Fork Bad Passwords to your GitHub account. 2. Clone your GitHub copy of the repository into your local workspace. 3. Write code, fix bugs, and add tests with 100% code coverage. 4. Commit your changes to your local workspace and push them up to your GitHub copy. 5. You submit a GitHub pull request with a description of what the change is. 6. The contribution is reviewed. Maybe there will be some banter back-and-forth in the comments. 7. If all goes well, your pull request will be accepted and your changes are merged in. Authors, Copyright & Licensing ---------------------------------- [](#authors-copyright--licensing) My intention is to release all rights to this documentation and make it available under the Public Domain. Unfortunately, in the U.S. it's not quite that cut-and-dry. So, I am dual-licensing this work under [CC0](LICENSE-CC0) and the [Unlicense](LICENSE-UNLICENSE). You can choose whichever license you would prefer to adhere to. [ ![CC0](https://camo.githubusercontent.com/42a392c9ce97407913c025e81b79bb27bd1fc94e80bd88b73a6b2271219e13dc/687474703a2f2f692e6372656174697665636f6d6d6f6e732e6f72672f702f7a65726f2f312e302f38387833312e706e67) ](http://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [ Ryan Parman](https://github.com/skyzyx/php-coding-standards) has waived all copyright and related or neighboring rights to "Bad Passwords". This work is published from: United States. ### Health Score 33 — LowBetter than 75% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity46 Moderate usage in the ecosystem Community13 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/39447?v=4)[Ryan Parman](/maintainers/skyzyx)[@skyzyx](https://github.com/skyzyx) --- Top Contributors [![skyzyx](https://avatars.githubusercontent.com/u/39447?v=4)](https://github.com/skyzyx "skyzyx (9 commits)") --- Tags passwordsphpsecurity ### Embed Badge ![Health badge](/badges/skyzyx-bad-passwords/health.svg) ``` [![Health](https://phpackages.com/badges/skyzyx-bad-passwords/health.svg)](https://phpackages.com/packages/skyzyx-bad-passwords) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)