effectix/passwordchecker
Composer 安装命令:
composer require effectix/passwordchecker
包简介
A Laravel package for robust password strength validation.
关键字:
README 文档
README
This is an opinionated strength check intended for password validation in registration forms. Take a look at contributing.md to see how to do so.
Things taken into account for the scoring:
- Common Patterns
- Length
- Character Variety
- Entropy of the string (based on Shannon's Entropy formula)
The common patterns verification uses a set of included .txt files with common plain text terms, words and phrases that have already been compromised on earlier breaches. This is the most penalizing factor in the scoring as if your string has a full match with any of these values, you get instant -100 on the score and go into negative territory.
This is done on purpose to prevent users from creating accounts with already known weak passwords that have been distributed in a very common wordlist for pentesting purposes.
The other factors add to the scoring based on their respective weights, so the higher the score, the stronger the password.
⚠ The scoring is still being tweaked and played with so future versions of this package will have a different scoring for sure, but for now, it works as intended.
Installation
Via Composer
composer require effectix/passwordchecker
Configuration
Run artisan vendor:publish --provider="Effectix\PasswordChecker\PasswordCheckerServiceProvider" to publish everything this package offers:
- Password score Validation rule
- Locale files for
esanden - Config file
Alternatively, you can publish the config file only:
Run artisan vendor:publish --tag=passwordchecker.config to publish the config file.
Usage
You can apply it as a validation rule like this:
//... $validated = $this->validate([ 'name' => ['required', 'string', 'max:255'], 'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class], 'password' => ['required', 'string', 'confirmed', new PasswordScoreRule(20)], ]); //...
On your validation logic, call the Effectix\PasswordChecker\Rules\PasswordScoreRule rule class and pass the score threshold you want to enforce on that validation.
If you run artisan vendor:publish --tag=passwordchecker.config you will get a config file where you can manage a default score threshold for all your uses of this rule, without specifying it in each validation usage.
⚠ Explicit score threshold specification takes precedence over the configuration default.
Included Password Strength Bar Livewire component
The livewire component has been tested so far to work with Livewire v3 on a site using a Volt registration form. More tests and use cases to come later.
The score property is reactive, so it might cause some issues in some implementations. Maybe. I'm not totally certain.
So long as you can pass the score to the component you should have no problems. Use it in your registration form like this:
<div class="mt-4">
<x-input-label for="password" :value="__('Password')"/>
<input id="password"
class="border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 rounded-md shadow-sm block mt-1 w-full"
type="password"
name="password"
required
autocomplete="new-password"
wire:model.live.debounce.500ms="password"
/>
<livewire:EffectixPasswordCheckerPasswordStrengthBar :score="$score" />
<x-input-error :messages="$errors->get('password')" class="mt-2"/>
</div>
Your parent livewire component if you are using volt, should contain something like this:
public int $score = 0; public function updated($prop): void { if($prop === 'password') { $this->score = PasswordScorer::calculate($this->password); } }
This will evaluate the score everytime the debounced update to the password model is hit. The reactive property of the child component will pick up the new score and show the bar accordingly.
Change log
Please see the changelog for more information on what has changed recently.
Testing
composer test
Contributing
Please see contributing.md for details and a todolist.
Security
If you discover any security related issues, please email jlm@effectix.net instead of using the issue tracker.
Credits
License
AGPL. Please see the license file for more information.
effectix/passwordchecker 适用场景与选型建议
effectix/passwordchecker 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 01 月 24 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「PasswordChecker」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 effectix/passwordchecker 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 effectix/passwordchecker 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 effectix/passwordchecker 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Alfabank REST API integration
Laravel package for Accurate Online API integration.
Shared RCX Laravel DataTables UI and configuration helpers.
Boot a Laravel project on any machine with one command: app:serve installs missing tools (PHP, Node, Composer, Herd, Docker), creates .env, sets up the database, runs migrations, builds assets, starts a queue worker and serves via Herd, Sail or artisan serve; app:down cleanly stops everything it sta
Branded, diagnostic error pages (500, 403, 404, 419, 503) for Filament — native Filament UI, dark mode and translations out of the box.
Turn any PDF into a Pingen-ready A4 letter (generated address cover page + A4 normalisation + safe margins) and send it through the Pingen print & mail API. Laravel-first.
统计信息
- 总下载量: 4
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 18
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-01-24