@jongleberry/passwords
v1.2.2
Published
Password creation and validation
Downloads
6
Maintainers
Readme
Passwords
Personal library for managing passwords.
Features:
- Hash and verify passwords with node.js-native scrypt
- Checks passwords against the haveibeenpwned database and disallow pwned passwords
- Provides a configurable timeout for hitting HIBP
- Does not handle HIBP retries. Because its APIs are served by CloudFlare, retries are probably unnecessary.
- Configurable minimum password length with a default of 8 characters
- HTTP client-friendly errors with http-errors
API
const Passwords = require('@jongleberry/passwords')
const passwords = new Passwords({
// options
})
const [key, salt] = await passwords.createPassword('some password')
const isValidPassword = await passwords.comparePassword('some password', key, salt)
Options
hibpTimeout = 1000
- timeout to hibp in milliseconds. If for some reason hibp takes longer than this timeout, the password will be assumed to be valid.minimumPasswordLength = 8
- minimum password character lengthsaltLength = 16
- salt length in byteskeyLength = 64
- derived key length in bytesscryptOptions = {}
- options passed directly to scrypt
NOTE: changing scryptOptions
will change the derived key, so keep it consistent in your app or store it along with your password.
[key, salt, scryptOptions] = await createPassword(password)
Create a derived key and salt from a password.
isValidPassword = await comparePassword(password, key, salt [, scryptOptions])
Validate the password with the derived key and salt. scryptOptions
is only necessary if it's different than the currently set options.