componenta/password

Password hashing contract and default implementation

Maintainers

Package info

github.com/componenta/password

pkg:composer/componenta/password

Statistics

Installs: 2

Dependents: 1

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-06-15 11:04 UTC

Requires

  • php: ^8.4

Requires (Dev)

MIT 69f5e3504a06f9af8aa52f4780f035c138919d2d

This package is auto-updated.

Last update: 2026-06-15 12:06:50 UTC

README

Password hashing contract and default implementation backed by PHP's native password API.

Use this package when application code should depend on a small password-hashing abstraction instead of calling password_hash() and password_verify() directly.

Installation

composer require componenta/password

Related Packages

Package Why it matters here
componenta/auth Uses PasswordHasherInterface in password-login strategies.
componenta/validation Validates password length/complexity before hashing.
componenta/di Can bind PasswordHasherInterface in the application container.

Usage

use Componenta\Stdlib\PasswordHasher;

$hasher = new PasswordHasher(options: ['cost' => 12]);

$hash = $hasher->hash('secret');

$hasher->verify('secret', $hash); // true
$hasher->needsRehash($hash);      // false when algorithm/options still match

Contract

PasswordHasherInterface exposes:

  • hash(string $password): string
  • verify(string $password, string $hash): bool

The default PasswordHasher additionally exposes needsRehash(string $hash): bool so applications can migrate stored hashes when algorithm options change.

Configuration

The constructor accepts:

  • algorithm: passed to PHP's password API
  • options: passed to password_hash() and password_needs_rehash()

Keep policy decisions such as minimum password length and breach checks in validation/application code. This package only hashes and verifies already accepted password strings.