PHPackages tigron/password-strength - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. tigron/password-strength ActiveLibrary[Validation & Sanitization](/categories/validation) tigron/password-strength ======================== Validates a given password for its strength v1.0.1(8mo ago)01.4k↓45%MITPHP Since Feb 13Pushed 8mo ago2 watchersCompare [ Source](https://github.com/tigron/password-strength)[ Packagist](https://packagist.org/packages/tigron/password-strength)[ RSS](/packages/tigron-password-strength/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (1)Versions (3)Used By (0) Password Strength ================= [](#password-strength) This library can calculate the strength of the password based on a given password ruleset. Installation ------------ [](#installation) ``` composer require tigron/password-strength ``` Define a ruleset ---------------- [](#define-a-ruleset) In order to calculate a password strength, you must first define a ruleset. A ruleset is a list of rules which you would like to implement for your application. ``` $ruleset = new \Password\Ruleset(); // Matches any password. Sets a base score of 'INSECURE'. $rule = new \Password\Rule(); $rule->add_condition(new Condition\Length\Min(0)); $rule->set_strength(\Password\Strength::VULNERABLE); $ruleset->add_rule($rule); // More complex passwords can receive a higher score $rule = new \Password\Rule(); $rule->add_condition(new Condition\Length\Min(5)); $rule->set_strength(\Password\Strength::INSECURE); $ruleset->add_rule($rule); $rule = new \Password\Rule(); $rule->add_condition(new Condition\Length\Min(5)); $rule->add_condition(new Condition\Lowercase(true)); $rule->add_condition(new Condition\Uppercase(true)); $rule->set_strength(\Password\Strength::ACCEPTABLE); $ruleset->add_rule($rule); ``` Test a password --------------- [](#test-a-password) In order to test the password against the defined ruleset, use the following code ``` $ruleset->set_password($password); $strength = $ruleset->get_strength(); ``` Strengths --------- [](#strengths) This library implements 5 levels of strength, all expressed as a score from 0 to 5. ``` \Password\Strength::NONE // Score 0 \Password\Strength::VULNERABLE // Score 1 \Password\Strength::INSECURE // Score 2 \Password\Strength::ACCEPTABLE // Score 3 \Password\Strength::GOOD // Score 4 \Password\Strength::STRONG // Score 5 ``` If the password did not match any rule, it will receive score 0. This indicates that a wider base rule needs to be implemented. Conditions ---------- [](#conditions) The following conditions are implemented and can be used in any rule. ``` /** * Put a condition on the presence of an uppercase letter in the password */ new \Password\Condition\Uppercase(bool $requested_value) /** * Put a condition on the presence of an lowercase letter in the password */ new \Password\Condition\Lowercase(bool $requested_value) /** * Put a condition on the presence of a number */ new \Password\Condition\Number(bool $requested_value) /** * Put a condition on the presence of a symbol */ new \Password\Condition\Symbol(bool $requested_value) /** * Put a condition on minimum length of the password */ new \Password\Condition\Length\Min(int $length) /** * Put a condition on maximum length of the password */ new \Password\Condition\Length\Max(int $length) /** * Put a condition on the amount of occurences in haveibeenpwned.com */ new \Password\Condition\Pwned(?int $occurences) /** * Put a condition on the score of Zxcvbn * https://lowe.github.io/tryzxcvbn/ */ new \Password\Condition\Zxcvbn(int $score) /** * Put a condition on the score of the entropy calculation * https://gitlab.com/garybell/password-validation/ */ new \Password\Condition\Entropy(int $score) ``` Preset ------ [](#preset) This library has built-in presets of rules that you can include in your project ``` /** * Hive 2024 password table * https://www.hivesystems.com/blog/are-your-passwords-in-the-green */ $ruleset->import_rules(\Password\Preset\Hive2024::export()); /** * Zxcvbn password strength estimator using pattern matching and * minimum entropy calculation * https://github.com/bjeavons/zxcvbn-php/tree/master */ $ruleset->import_rules(\Password\Preset\Zxcvbn::export()); /** * entropy password strength calculator * https://gitlab.com/garybell/password-validation */ $ruleset->import_rules(\Password\Preset\Entropy::export()); /** * Tigron company policy rule. It includes: * - Hive 2024 * - Zxcvbn * - entropy */ $ruleset->import_rules(\Password\Preset\Tigron::export()); ``` ### Health Score 34 — LowBetter than 77% of packages Maintenance58 Moderate activity, may be stable Popularity20 Limited adoption so far Community10 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 90.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~193 days Total 2 Last Release 266d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8bff1383483dacb0c3f89d2d3856ae03d4cf3e80de26a2998248dd1175317285?d=identicon)[tigron](/maintainers/tigron) --- Top Contributors [![christopheg](https://avatars.githubusercontent.com/u/199087?v=4)](https://github.com/christopheg "christopheg (10 commits)")[![gerryd](https://avatars.githubusercontent.com/u/3003371?v=4)](https://github.com/gerryd "gerryd (1 commits)") ### Embed Badge ![Health badge](/badges/tigron-password-strength/health.svg) ``` [![Health](https://phpackages.com/badges/tigron-password-strength/health.svg)](https://phpackages.com/packages/tigron-password-strength) ``` ### Alternatives [webmozart/assert Assertions to validate method input/output with nice error messages. 7.6k894.0M1.2k](/packages/webmozart-assert)[swaggest/json-schema High definition PHP structures with JSON-schema based validation 48612.5M73](/packages/swaggest-json-schema)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[ashallendesign/laravel-config-validator A package for validating your Laravel app's config. 217905.3k5](/packages/ashallendesign-laravel-config-validator)[crazybooot/base64-validation Laravel validators for base64 encoded files 1341.9M8](/packages/crazybooot-base64-validation)[xemlock/htmlpurifier-html5 HTML5 support for HTML Purifier 1052.9M11](/packages/xemlock-htmlpurifier-html5) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)