Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message

Zxcvbn Php Laravel Package

bjeavons/zxcvbn-php

PHP port of Dropbox’s zxcvbn password strength estimator. Uses pattern matching and conservative entropy to score passwords 0–4, detect common words/names/patterns (dates, repeats, sequences, keyboard runs), and return user-friendly warnings/suggestions.

View on GitHub
Deep Wiki
Context7

Realistic PHP password strength estimate library based on Zxcvbn JS

Frequently asked questions about Zxcvbn Php
How do I integrate zxcvbn-php into Laravel’s registration validation?
Use Laravel’s validation pipeline by creating a custom rule or middleware. Bind the `Zxcvbn` class to the container and validate passwords like this: `Validator::extend('zxcvbn', function ($attribute, $value, $parameters) { return (new Zxcvbn())->guessStrength($value)['score'] >= $parameters[0]; })`. Then apply it in your `User` model rules: `'password' => 'required|zxcvbn:3'`.
Does this package work with Laravel’s built-in `Hash` facade for password hashing?
Yes, zxcvbn-php only estimates strength from plaintext passwords—it doesn’t handle hashing. Use it before hashing (e.g., in `create` or `update` methods) to validate strength, then pass the plaintext to `Hash::make()`. Never store or re-use plaintext passwords elsewhere.
Can I use this for real-time password strength meters in a Laravel + Vue/React frontend?
For frontend integration, call the package via a Laravel API endpoint (e.g., `POST /api/check-password-strength`). Return the `guessStrength()` result as JSON, then use it in your frontend framework. Avoid exposing the raw library to the client for security. Pair it with the JS zxcvbn for client-side validation if needed.
What Laravel versions does zxcvbn-php support, and are there breaking changes?
The package supports Laravel 8+ and PHP 8.0+. No framework-specific code exists, so it’s compatible with newer Laravel versions. If you’re on Laravel 7.x, ensure PHP 8.0+ is used (named arguments are required). Check the [GitHub issues](https://github.com/bjeavons/zxcvbn-php/issues) for version-specific notes.
How do I enforce a minimum password score (e.g., 3/4) across all user creations?
Create a Laravel middleware (e.g., `app/Http/Middleware/EnforcePasswordStrength`) that checks `guessStrength()` on incoming `POST /register` or `PATCH /users/{id}` requests. Reject requests with scores below your threshold by throwing a `ValidationException`. Example: `if ($result['score'] < 3) abort(422, 'Password too weak');`.
Will this package slow down my auth endpoints under high traffic?
zxcvbn-php is lightweight (~100KB) and optimized for performance, with minimal CPU overhead. Benchmark your auth endpoints to confirm, but it’s designed for high-throughput systems. If using async PHP (e.g., Swoole), wrap the call in a synchronous context or offload validation to a queue worker.
How do I customize the feedback suggestions (e.g., add org-specific rules)?
The library provides structured feedback (e.g., `feedback.suggestions`), which you can extend in your UI. For org-specific rules, filter or append suggestions in your middleware/controller. Example: `if (str_contains($password, '123')) $result['feedback']['suggestions'][] = 'Avoid sequential numbers.'`
Does zxcvbn-php handle non-Latin scripts (e.g., Chinese, Arabic) well?
The package supports multibyte characters via PHP’s `mb_*` functions, but scoring accuracy for non-Latin scripts depends on zxcvbn’s default dictionaries. For better results, provide custom dictionaries or pre-process passwords (e.g., normalize Unicode). Test thoroughly with your target languages.
Are there alternatives to zxcvbn-php for Laravel, and when should I choose them?
Alternatives include `php-password-policy` (simpler regex-based rules) or `paragonie/password-validator` (more strict but less user-friendly). Choose zxcvbn-php if you need **realistic strength estimates** (e.g., crack-time feedback) and **user-friendly suggestions**. Use alternatives if you prioritize strict compliance over usability or need minimal dependencies.
How do I test password strength validation in Laravel’s PHPUnit tests?
Mock the `Zxcvbn` class in your tests to return predictable scores. Example: `$this->mock(Zxcvbn::class)->shouldReceive('guessStrength')->andReturn(['score' => 4]);`. Test both valid and invalid passwords by asserting exceptions or validation failures. For edge cases, include non-Latin scripts, short passwords, and common phrases to verify robustness.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
bugban/symfony
beyonder-capi/workflow-extensions-bundle
beyonder-capi/job-queue-bundle
capell-app/block-library
axium/identity
cetria/laravel-dummy-models
cetria/reflection-helper
agropredict/sso-auth-bundle
evolvestudio/spam-protection
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin