{"id":21236743,"url":"https://github.com/dragonbe/hibp","last_synced_at":"2025-04-06T10:14:03.785Z","repository":{"id":32562001,"uuid":"136289102","full_name":"DragonBe/hibp","owner":"DragonBe","description":"A composer package to verify if a password was previously used in a breach using Have I Been Pwned API.","archived":false,"fork":false,"pushed_at":"2023-04-19T18:36:18.000Z","size":254,"stargazers_count":128,"open_issues_count":3,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-30T09:07:46.931Z","etag":null,"topics":["breach","composer-package","haveibeenpwned","hibp","password","php","security","verify"],"latest_commit_sha":null,"homepage":"https://packagist.org/packages/dragonbe/hibp","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DragonBe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-06T07:19:42.000Z","updated_at":"2024-04-22T10:15:38.000Z","dependencies_parsed_at":"2024-06-19T15:00:01.520Z","dependency_job_id":"53ae58ee-6ee4-42bf-9b64-c3ec8aab82d4","html_url":"https://github.com/DragonBe/hibp","commit_stats":{"total_commits":52,"total_committers":4,"mean_commits":13.0,"dds":0.07692307692307687,"last_synced_commit":"cfb2161da43b756791a4d2d72f8a86c0140fe6a5"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DragonBe%2Fhibp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DragonBe%2Fhibp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DragonBe%2Fhibp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DragonBe%2Fhibp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DragonBe","download_url":"https://codeload.github.com/DragonBe/hibp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247464225,"owners_count":20942970,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["breach","composer-package","haveibeenpwned","hibp","password","php","security","verify"],"created_at":"2024-11-21T00:13:43.509Z","updated_at":"2025-04-06T10:14:03.756Z","avatar_url":"https://github.com/DragonBe.png","language":"PHP","readme":"[![PHP 7.2+](https://img.shields.io/packagist/php-v/dragonbe/hibp.svg)](https://secure.php.net/downloads.php)\n[![Packagist version](https://img.shields.io/packagist/v/dragonbe/hibp.svg)](https://packagist.org/packages/dragonbe/hibp)\n[![Packagist daily downloads](https://img.shields.io/packagist/dt/dragonbe/hibp.svg)](https://packagist.org/packages/dragonbe/hibp)\n[![CircleCI status](https://img.shields.io/circleci/project/github/DragonBe/hibp.svg)](https://circleci.com/gh/DragonBe/hibp)\n[![Infection MSI](https://badge.stryker-mutator.io/github.com/DragonBe/hibp/master)](https://github.com/DragonBe/hibp)\n\n# Have I been pwned Composer package\n\nTo increase security of users on your system, I started building a client for [@TroyHunt](https://twitter.com/troyhunt)'s [Have I Been Pwned?](https://haveibeenpwned.com/) API v2 that will check if a given password was already used in a breach. Many thanks to Mr. Troy Hunt for providing us this service.\n\n## Project scope\n\nThe goal of this project is to have a [composer package](https://packagist.org) that will allow you to quickly verify if a given password (from a registration or password reset form) was found in a data breach so you can inform your users to change their password and thus improving overal security.\n\nThis project was also the subject of my talk [Mutation Testing with Infection](https://www.meetup.com/PHP-Leuven-Web-Innovation-Group/events/sctxfnyxjbkb/) where the code base was not only covered by unit tests, but also was subjected to **Mutation Testing** using [Infection](https://infection.github.io/) to ensure no coding mistakes could slip into the codebase.\n\n## Getting started\n\nFirst of all you need to add this library to your project. The easiest way is to use [Composer](https://getcomposer.org).\n\n```\ncomposer require dragonbe/hibp\n```\n\nIf you want to quickly test the functionality, copy/paste the following code in a file named `hibp.php`.\n\n```php\n\u003c?php\n\nrequire_once __DIR__ . '/vendor/autoload.php';\n\n$hibp = \\Dragonbe\\Hibp\\HibpFactory::create();\necho 'Password \"password\": ' . ($hibp-\u003eisPwnedPassword('password') ? 'Pwned' : 'OK') . PHP_EOL;\necho 'Password \"NVt3MpvQ\": ' . ($hibp-\u003eisPwnedPassword('NVt3MpvQ') ? 'Pwned' : 'OK') . PHP_EOL;\n\n```\n\nNow run this file to make sure all is working fine.\n\n```\nphp hibp.php\n```\n\nIf all works well, you should see the following result:\n\n```\nPassword \"password\": Pwned\nPassword \"NVt3MpvQ\": OK\n```\n\n### Getting number of hits found in HIBP\n\nSometimes you want to display a number of hits found for a given password. Just call `count()` on your `$hibp` instance or call `$hibp-\u003ecount()` directly.\n\n```php\n\u003c?php\n\nrequire_once __DIR__ . '/vendor/autoload.php';\n\n$hibp = \\Dragonbe\\Hibp\\HibpFactory::create();\n$passwords = ['password', 'NVt3MpvQ'];\nforeach ($passwords as $password) {\n    $found = $hibp-\u003eisPwnedPassword($password);\n    $count = count($hibp);\n\n    echo sprintf(\n        'Password \"%s\": %s',\n        $password,\n        $found ? ('Pwned (' . $count . ' times)') : 'OK'\n    ) . PHP_EOL;\n}\n\n```\n\nThis will give you a more detailed view on how many times a password has been used that was found in breaches collected in [Have I Been Pwned?](https://haveibeenpwned.com).\n\n```\nPassword \"password\": Pwned (3311463 times)\nPassword \"NVt3MpvQ\": OK\n```\n\nFor more details please check out the unit test directory `tests/` to understand what exceptions can occur and what other options there are to use this library.\n\n## Roadmap\n\nEven though this is the beginning of the project, I want to make full use of HIBP API by searching on usernames and email addresses to see if they were discovered in breaches. This might be convenient to alert users that they might want to use a more secure password or change all their passwords for the provided credential.\n\nIn short, these are the goals I want to accomplish in the near future:\n\n- check for existence of credential (username/email address) in HIBP Sites\n- check for existence of credential (username/email address) in HIBP Pastes\n\nAnd who knows, maybe when people are using this library more ideas will be provided\n\n## Acknowledgement\n\nThis library wasn't possible if [Mr. Troy Hunt](https://twitter.com/TroyHunt) didn't spend his valuable time in feeding breached data in his database and providing his site [haveibeenpwned.com](https://haveibeenpwned.com). So thank you good sir for putting such great efforts in HIBP.\n\n## License\n\nI've provided this project \"as-is\" and I licensed it with an [MIT license](LICENSE) so you can use it freely in your projects.\n\n## Questions, suggestions, feedback of issues\n\nPlease use [this project's issue feature](https://github.com/DragonBe/hibp/issues) to reach out to me with your suggestions. I love your feedback and also interested in the use cases where you have used this library in.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdragonbe%2Fhibp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdragonbe%2Fhibp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdragonbe%2Fhibp/lists"}