Automic VaultAutomic Vault

brew

Install checkpwn with Homebrew, Nix

Check Have I Been Pwned and see if it's time for you to change passwords. Version 0.6.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install checkpwn

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#checkpwn

nixpkgs package indexes · pkgs/by-name/ch/checkpwn/package.nix · source: api.github.com

overview

Package summary

Check Have I Been Pwned and see if it's time for you to change passwords

Commands and aliases

  • checkpwn

history

Project history and usage

checkpwn is a Rust CLI for querying Have I Been Pwned account, paste, and password-breach data. It is small, but source-backed enough to document as a package-manager convenience wrapper around a security API.

Project history

The brycx/checkpwn repository was created in May 2018. The README describes checkpwn as a tool to check Have I Been Pwned and determine whether passwords need changing.

The Cargo metadata identifies it as a command-line utility with password, security, and HIBP keywords. The project continued to receive releases through 0.6.0 in March 2026, when it moved to Rust Edition 2024 and updated dependencies.

Adoption history

The README documents installation through Cargo and Homebrew, while the batch metadata also lists Nix. This is typical adoption for a focused Rust CLI: cargo install first, then package-manager formulas for repeatable workstation setup.

Adoption appears niche rather than ecosystem-defining, with modest GitHub star counts, but the tool solves a clear packageable task: local HIBP checks without writing API glue.

How it is used

Users register a Have I Been Pwned API key with checkpwn register, which writes checkpwn.yml in the user's configuration directory, then use checkpwn acc for accounts or lists and checkpwn pass for passwords.

For account checks, the README says checkpwn queries both the HIBP paste and account databases. Password checking is separated from account checking, matching the common operational distinction between exposed accounts and compromised password material.

Why package nerds care

checkpwn is package-nerd interesting as a compact Rust security CLI with Cargo, Homebrew, and Nix distribution. It shows the pattern of wrapping a popular web security service in a local command that stores minimal configuration and can be scripted.

Its config-path behavior also matters to packagers because API keys are user state, not package state.

Timeline

  • 2018: brycx/checkpwn repository created.
  • 2020: 0.5.1 release published.
  • 2022: 0.5.4 release published.
  • 2026: 0.6.0 released with Rust Edition 2024.

Related projects

  • Have I Been Pwned is the upstream breach-data service that checkpwn queries.
  • checkpwn_lib is the Rust library dependency used by the CLI according to Cargo metadata.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Linux
$XDG_CONFIG_HOME/checkpwn/checkpwn.yml~/.config/checkpwn/checkpwn.yml
macOS
~/Library/Application Support/checkpwn/checkpwn.yml
Windows
%APPDATA%\checkpwn\checkpwn.yml

Credential files

Credential-bearing paths to review before unattended agent runs.

Linux
$XDG_CONFIG_HOME/checkpwn/checkpwn.yml~/.config/checkpwn/checkpwn.yml
macOS
~/Library/Application Support/checkpwn/checkpwn.yml
Windows
%APPDATA%\checkpwn\checkpwn.yml

executables

Installed executables

CommandKindExposureNote
checkpwncliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.6.0
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/brycx/checkpwn

  • infoNo package-manager update timestamp was available.low confidence
  • infoNo cached GitHub release or tag data was available.https://github.com/brycx/checkpwnnone confidence

install metadata

Package metadata

Package keybrew:checkpwn
Version0.6.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/checkpwn
Homepagehttps://github.com/brycx/checkpwn
Repositoryhttps://github.com/brycx/checkpwn
Upstream docshttps://github.com/brycx/checkpwn#readme
LicenseMIT
Source archivehttps://static.crates.io/crates/checkpwn/checkpwn-0.6.0.crate
Build dependenciesrust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecheckpwn
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

checkpwn

nix profile install nixpkgs#checkpwn
  • normalized package name match
  • Matched by: Checkpwn
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ch/checkpwn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment