Is devise-pwned_password safe to use?

devise-pwned_password has no known vulnerabilities on the latest version (0.2.0). DepScope rates its health at 68/100 (moderate risk).

What is the latest version of devise-pwned_password?

The latest version of devise-pwned_password is 0.2.0, released 2026-02-21.

Does devise-pwned_password have known vulnerabilities?

No known vulnerabilities on the latest version of devise-pwned_password.

Is devise-pwned_password deprecated?

No, devise-pwned_password is actively maintained. Latest release: 0.2.0 (2026-02-21).

What are alternatives to devise-pwned_password?

Popular alternatives to devise-pwned_password in RubyGems include: jmespath, netrc, thread_safe, crass, tzinfo.

What license does devise-pwned_password use?

devise-pwned_password is licensed under MIT.

devise-pwned_password

rubygemsv0.2.0

Devise extension that checks user passwords against the PwnedPasswords dataset https://haveibeenpwned.com/Passwords.

License MITpermissive14 versions2 deps131,419 weekly dl

michaelbanfield/devise-pwned_password

/ 100

Health

use with caution

[email protected] low health (68/100) — consider alternatives

Moderate health score (68/100) — verify manually

Health breakdown0 – 100

20/25

maintenance

14/20

popularity

25/25

security

9/15

maturity

0/15

community

Vulnerabilities

none known

Health History

Dependency Tree

License Audit

Dependencies (2)

devise pwned

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/rubygems/devise-pwned_password