# Install checkpwn with Homebrew, Nix

Check Have I Been Pwned and see if it's time for you to change passwords. Version 0.6.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:checkpwn
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install checkpwn
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#checkpwn
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ch/checkpwn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:checkpwn
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/checkpwn>
- **Version:** 0.6.0
- **Source summary:** Check Have I Been Pwned and see if it's time for you to change passwords
- **Homepage:** <https://github.com/brycx/checkpwn>
- **Repository:** <https://github.com/brycx/checkpwn>
- **Upstream docs:** <https://github.com/brycx/checkpwn#readme>
- **License:** MIT
- **Source archive:** <https://static.crates.io/crates/checkpwn/checkpwn-0.6.0.crate>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- checkpwn (cli)
- checkpwn (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.6.0
- Local data: ok
- Upstream repository: https://github.com/brycx/checkpwn
- info: No package-manager update timestamp was available.
- info: No cached GitHub release or tag data was available.
## Project history and usage

checkpwn is a Rust CLI for querying Have I Been Pwned account, paste, and password-breach data. It is small, but source-backed enough to document as a package-manager convenience wrapper around a security API.

### Project history

The brycx/checkpwn repository was created in May 2018. The README describes checkpwn as a tool to check Have I Been Pwned and determine whether passwords need changing.

The Cargo metadata identifies it as a command-line utility with password, security, and HIBP keywords. The project continued to receive releases through 0.6.0 in March 2026, when it moved to Rust Edition 2024 and updated dependencies.

### Adoption history

The README documents installation through Cargo and Homebrew, while the batch metadata also lists Nix. This is typical adoption for a focused Rust CLI: cargo install first, then package-manager formulas for repeatable workstation setup.

Adoption appears niche rather than ecosystem-defining, with modest GitHub star counts, but the tool solves a clear packageable task: local HIBP checks without writing API glue.

### How it is used

Users register a Have I Been Pwned API key with checkpwn register, which writes checkpwn.yml in the user's configuration directory, then use checkpwn acc for accounts or lists and checkpwn pass for passwords.

For account checks, the README says checkpwn queries both the HIBP paste and account databases. Password checking is separated from account checking, matching the common operational distinction between exposed accounts and compromised password material.

### Why package nerds care

checkpwn is package-nerd interesting as a compact Rust security CLI with Cargo, Homebrew, and Nix distribution. It shows the pattern of wrapping a popular web security service in a local command that stores minimal configuration and can be scripted.

Its config-path behavior also matters to packagers because API keys are user state, not package state.

### Timeline

- 2018: brycx/checkpwn repository created.
- 2020: 0.5.1 release published.
- 2022: 0.5.4 release published.
- 2026: 0.6.0 released with Rust Edition 2024.

### Related projects

- Have I Been Pwned is the upstream breach-data service that checkpwn queries.
- checkpwn_lib is the Rust library dependency used by the CLI according to Cargo metadata.

### Sources

- <https://github.com/brycx/checkpwn>
- <https://github.com/brycx/checkpwn/releases>
- <https://github.com/brycx/checkpwn/blob/master/Cargo.toml>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Linux: $XDG_CONFIG_HOME/checkpwn/checkpwn.yml, ~/.config/checkpwn/checkpwn.yml
- macOS: ~/Library/Application Support/checkpwn/checkpwn.yml
- Windows: %APPDATA%\checkpwn\checkpwn.yml

## Credential files

- Linux: $XDG_CONFIG_HOME/checkpwn/checkpwn.yml, ~/.config/checkpwn/checkpwn.yml
- macOS: ~/Library/Application Support/checkpwn/checkpwn.yml
- Windows: %APPDATA%\checkpwn\checkpwn.yml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** checkpwn
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - checkpwn: normalized package name match | nixpkgs package indexes: pkgs/by-name/ch/checkpwn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [name-that-hash](https://www.automicvault.com/pkg/brew/name-that-hash/) - Shares av.db curated category or tags: cli, passwords, security.
- [passwdqc](https://www.automicvault.com/pkg/brew/passwdqc/) - Shares av.db curated category or tags: cli, passwords, security.
- [cracklib](https://www.automicvault.com/pkg/brew/cracklib/) - Shares av.db curated category or tags: cli, passwords, security.
- [crunch](https://www.automicvault.com/pkg/brew/crunch/) - Shares av.db curated category or tags: cli, passwords, security.
- [diceware](https://www.automicvault.com/pkg/brew/diceware/) - Shares av.db curated category or tags: cli, passwords, security.
- [pwgen](https://www.automicvault.com/pkg/brew/pwgen/) - Shares av.db curated category or tags: cli, passwords, security.
- [search-that-hash](https://www.automicvault.com/pkg/brew/search-that-hash/) - Shares av.db curated category or tags: cli, passwords, security.
- [wifi-password](https://www.automicvault.com/pkg/brew/wifi-password/) - Shares av.db curated category or tags: cli, passwords, security.
- [pwned](https://www.automicvault.com/pkg/brew/pwned/) - Security-sensitive metadata or terminology overlaps. Shared terms: been, breach, breach-checking, checking, cli.

## Combined YAML source

View the package source record on GitHub. [combined/checkpwn.yml](https://github.com/automic-vault/db/blob/main/combined/checkpwn.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
