Is devise-pwned_password safe to use?

devise-pwned_password has no known vulnerabilities on the latest version (0.2.0). DepScope rates its health at 68/100 (moderate risk).

What is the latest version of devise-pwned_password?

The latest version of devise-pwned_password is 0.2.0, released 2026-02-21.

No known vulnerabilities on the latest version of devise-pwned_password.

No, devise-pwned_password is actively maintained. Latest release: 0.2.0 (2026-02-21).

Popular alternatives to devise-pwned_password in RubyGems include: jmespath, netrc, thread_safe, crass, tzinfo.

devise-pwned_password is licensed under MIT.

rubygemsv0.2.0

Devise extension that checks user passwords against the PwnedPasswords dataset https://haveibeenpwned.com/Passwords.

License MITpermissive14 versions2 deps128,121 weekly dl

/ 100

Health

safe to use

[email protected] is safe to use (health: 68/100)

Health breakdown0 – 100

20/25

maintenance

14/20

popularity

25/25

security

9/15

maturity

0/15

community

Vulnerabilities

none known

Dependencies (2)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/rubygems/devise-pwned_password