{"id":16446486,"url":"https://github.com/edoardottt/pwdsafety","last_synced_at":"2026-04-01T21:27:39.130Z","repository":{"id":54955911,"uuid":"247314051","full_name":"edoardottt/pwdsafety","owner":"edoardottt","description":"πŸ”’command line tool checking password safetyπŸ”’","archived":false,"fork":false,"pushed_at":"2026-03-21T07:20:32.000Z","size":40442,"stargazers_count":100,"open_issues_count":1,"forks_count":15,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-03-21T23:13:08.798Z","etag":null,"topics":["cli","command-line-tool","golang","golang-application","infosec","linux","password","password-entropy","password-generator","password-hash","password-safety","password-strength","passwords","pwd","pwd-safety","pwdhash","safety","security","security-scanner","security-tools"],"latest_commit_sha":null,"homepage":"https://edoardottt.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edoardottt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"edoardottt","liberapay":"edoardottt","patreon":"edoardottt","ko_fi":"edoardottt","open_collective":"edoardottt","custom":"https://www.paypal.me/edoardottt"}},"created_at":"2020-03-14T16:38:44.000Z","updated_at":"2026-03-21T07:13:50.000Z","dependencies_parsed_at":"2023-10-16T03:22:04.163Z","dependency_job_id":"c3688d89-4337-4582-b1c3-e1030ddb84a7","html_url":"https://github.com/edoardottt/pwdsafety","commit_stats":{"total_commits":391,"total_committers":4,"mean_commits":97.75,"dds":"0.11508951406649615","last_synced_commit":"a555bc113d3400e5acb6addbdb00cf39b130fadf"},"previous_names":["edoardottt/pwd-safety"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/edoardottt/pwdsafety","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fpwdsafety","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fpwdsafety/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fpwdsafety/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fpwdsafety/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edoardottt","download_url":"https://codeload.github.com/edoardottt/pwdsafety/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fpwdsafety/sbom","scorecard":{"id":366934,"data":{"date":"2025-08-11","repo":{"name":"github.com/edoardottt/pwdsafety","commit":"9a823da926033be5ba8d44b02879801aacd8ec85"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":1,"reason":"Found 1/9 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:10","Warn: no topLevel permission defined: .github/workflows/release-binary.yml:1","Warn: no topLevel permission defined: .github/workflows/release-test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binary.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-binary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binary.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-binary.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-binary.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-binary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/edoardottt/pwdsafety/release-test.yml/master?enable=pin","Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/edoardottt/pwdsafety/releases/151887044","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/edoardottt/pwdsafety/releases/151887044"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-test.yml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T12:02:14.692Z","repository_id":54955911,"created_at":"2025-08-18T12:02:14.692Z","updated_at":"2025-08-18T12:02:14.692Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292258,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","command-line-tool","golang","golang-application","infosec","linux","password","password-entropy","password-generator","password-hash","password-safety","password-strength","passwords","pwd","pwd-safety","pwdhash","safety","security","security-scanner","security-tools"],"created_at":"2024-10-11T09:47:45.041Z","updated_at":"2026-04-01T21:27:39.111Z","avatar_url":"https://github.com/edoardottt.png","language":"Go","funding_links":["https://github.com/sponsors/edoardottt","https://liberapay.com/edoardottt","https://patreon.com/edoardottt","https://ko-fi.com/edoardottt","https://opencollective.com/edoardottt","https://www.paypal.me/edoardottt"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003c!-- logo --\u003e\n \u003cimg src=\"https://github.com/edoardottt/images/blob/main/pwdsafety/logo.jpg\"\u003e\u003cbr\u003e\n \u003cb\u003eCommand line tool that checks how much a password is safe\u003c/b\u003e\u003cbr\u003e\n \u003csub\u003e\n Coded with πŸ’™ by edoardottt.\n \u003c/sub\u003e\n\u003c/p\u003e\n\n\u003c!-- badges --\u003e\n\u003cp align=\"center\"\u003e\n \u003c!-- mainteinance --\u003e\n \u003ca href=\"https://edoardottt.com/\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Maintained%3F-yes-green.svg\" alt=\"Mainteinance yes\" /\u003e\n \u003c/a\u003e\n \u003c!-- pr-welcome --\u003e\n \u003ca href=\"https://edoardottt.com/\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/READMENATOR/blob/master/images/pr-welcome.svg\" alt=\"pr-welcome\" /\u003e\n \u003c/a\u003e\n \u003c!-- ask-me-anything --\u003e\n \u003ca href=\"https://edoardottt.com/\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/READMENATOR/blob/master/images/ask-me-anything.svg\" alt=\"ask me anything\" /\u003e\n \u003c/a\u003e\n \u003c!-- go-report-card --\u003e\n \u003ca href=\"https://goreportcard.com/report/github.com/edoardottt/pwdsafety\"\u003e\n \u003cimg src=\"https://goreportcard.com/badge/github.com/edoardottt/pwdsafety\" alt=\"go-report-card\" /\u003e\n \u003c/a\u003e\n \u003cbr\u003e\n \u003c!-- workflows --\u003e\n \u003ca href=\"https://github.com/edoardottt/pwdsafety/actions\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/pwdsafety/actions/workflows/go.yml/badge.svg\" alt=\"workflows\" /\u003e\n \u003c/a\u003e\n \u003c!-- ubuntu-build --\u003e\n \u003ca href=\"https://edoardottt.com/\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/images/blob/main/pwdsafety/ubuntu-build.svg\" alt=\"ubuntu-build\" /\u003e\n \u003c/a\u003e\n \u003c!-- license GPLv3.0 --\u003e\n \u003ca href=\"https://github.com/edoardottt/READMENATOR/blob/master/LICENSE\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/READMENATOR/blob/master/images/license-GPL3.svg\" alt=\"license-GPL3\" /\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#get-started-\"\u003eGet Started\u003c/a\u003e β€’\n \u003ca href=\"#description-\"\u003eDescription\u003c/a\u003e β€’\n \u003ca href=\"#scoring-\"\u003eScoring\u003c/a\u003e β€’\n \u003ca href=\"#contributing-\"\u003eContributing\u003c/a\u003e β€’\n \u003ca href=\"#changelog-\"\u003eChangelog\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://github.com/edoardottt/images/blob/main/pwdsafety/pwdsafety.gif\"\u003e\n\u003c/p\u003e\n\n**This tool doesn't store any information!** \n**Never use personal information in your password!** \n\n- Use a password manager (I recommend [bitwarden](https://bitwarden.com/)) \n- Don't use the same password for different services \n- Enable 2FA wherever possible \n\n\u003c!-- [![asciicast](https://asciinema.org/a/406710.svg)](https://asciinema.org/a/406710) --\u003e\n\nGet Started πŸŽ‰\n----------\n\n### Snap\n\n```console\nsudo snap install pwdsafety\n```\n\n### Go1.17+\n\n```console\ngo install -v github.com/edoardottt/pwdsafety/cmd/pwdsafety@latest\n```\n\n### From source\n\n- First of all, clone the repo locally\n\n - `git clone https://github.com/edoardottt/pwdsafety.git`\n\n- pwdsafety has external dependencies, so they need to be pulled in:\n\n - `cd pwdsafety/cmd \u0026\u0026 go get \u0026\u0026 cd ..`\n\n- Linux (Requires high perms, run with sudo)\n\n - `make linux` (to install)\n\n - `make unlinux` (to uninstall)\n\n- Windows (executable works only in pwdsafety folder. Alias?)\n\n - `make windows` (to install)\n\n - `make unwindows` (to uninstall)\n\nDescription πŸ”¦\n----------\n\nIt reads from standard input the entered password. \nFirst, it searches if the password or the password reversed is a well known pwd. \nThen, just do little calculations, checking if the basic rules are respected, like if there are UPPERCASE CHARS, lowercase chars, numb3rs and symbols. \nIt stores the length of the password and the ratio [unique different chars / total chars]. \nIt calculates then the entropy of a password. \nPassword entropy is a measurement of how unpredictable a password is. \nThe formula for entropy is: \n ![formula](https://github.com/edoardottt/images/blob/main/pwdsafety/formula.png) \n\nWhere:\n\n- E = password entropy \n- R = pool of unique characters \n- L = number of characters in your password \n- Then R^L = the number of possible passwords \n\nWhen the score \u003c= 68(reasonable) it generates a random password. \n\nScoring πŸ’―\n----------\n\n**Max score: 100**\n\n**Scores:**\n\n- Very weak: 0 - 35\n- Weak: 36 - 59\n- Reasonable: 60 - 68\n- Strong: 69 - 80\n- Very strong: 81 -100\n \n**Scoring parameters:**\n\n- Found in known password\n- Found in known password reversed\n- Password composition:\n - numbers\n - symbols\n - uppercase\n - lowercase\n- Unique different characters\n- Length\n- Entropy\n\nContributing πŸ› \n-------\n\nJust open an [issue](https://github.com/edoardottt/pwdsafety/issues) / [pull request](https://github.com/edoardottt/pwdsafety/pulls).\n\nBefore opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run\n\n```console\ngolangci-lint run\n```\n\nIf there aren't errors, go ahead :)\n\nSee also [CONTRIBUTING.md](https://github.com/edoardottt/pwdsafety/blob/master/CONTRIBUTING.md) and [CODE OF CONDUCT.md](https://github.com/edoardottt/pwdsafety/blob/master/CODE_OF_CONDUCT.md)\n\nThanks to [fabaff](https://github.com/fabaff) and [ecnepsnai](https://github.com/ecnepsnai/pwnedpassword/blob/master/pwned.go).\n\nChangelog πŸ“Œ\n-------\n\nDetailed changes for each release are documented in the [release notes](https://github.com/edoardottt/pwdsafety/releases).\n\nLicense πŸ“\n-------\n\nThis repository is under [GNU General Public License v3.0](https://github.com/edoardottt/pwdsafety/blob/master/LICENSE). \n[edoardottt.com](https://edoardottt.com/) to contact me.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoardottt%2Fpwdsafety","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedoardottt%2Fpwdsafety","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoardottt%2Fpwdsafety/lists"}