npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

bcrypt-ts

v6.0.0

Published

bcrypt written in typescript

Downloads

118,930

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mister-hopemister-hope

Keywords

bcryptbcryptjs

Readme

bcrypt-ts

npm npm downloads types

Test DeepScan grade codecov

Optimized bcrypt in TypeSCript with zero dependencies. Compatible to the C++ bcrypt binding on Node.js and also working in the browser.

Why bcrypt-ts instead of bycrypt.js

  • Bcrypt-ts is fully written in TypeScript
  • Bcrypt-ts provide dual ESM/cjs mode for both node and browser env, and you can directly
  • Minified output
  • Tree shakable

Security considerations

Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. (see)

While bcrypt-ts is compatible to the C++ bcrypt binding, it is built by pure JavaScript and thus slower (about 30%), effectively reducing the number of iterations that can be processed in an equal time span.

The maximum input length is 72 bytes (note that UTF-8 encoded characters use up to 4 bytes) and the length of generated hashes is 60 characters. Note that maximum input length is not implicitly checked by the library for compatibility with the C++ binding on Node.js, but should be checked with truncates(password) where necessary.

Install

Node.js

Install the package:

npm install bcrypt-ts

CDN

jsDelivr:

  • https://cdn.jsdelivr.net/npm/bcrypt-ts/dist/browser.mjs (ESM)
  • https://cdn.jsdelivr.net/npm/bcrypt-ts/dist/browser.umd.js (UMD)

unpkg:

  • https://unpkg.com/bcrypt-ts/dist/browser.mjs (ESM)
  • https://unpkg.com/n/bcrypt-ts/dist/browser.umd.js (UMD)

Usage

On Node.js, the inbuilt crypto module's randomBytes interface is used to obtain secure random numbers.

Browser

In the browser, bcrypt.js relies on Web Crypto API's getRandomValues interface to obtain secure random numbers. If no cryptographically secure source of randomness is available, the package will throw an error.

How to choose between them

  • If you are using this package in pure Node.js environment, then you will probably use the node bundle.

  • If you are using bundler like webpack and vite, then you will probably use the browser bundle.

  • If you meet any issues that a incorrect bundle is used, you can use bcrypt-ts/node and bcrypt-ts/browser to force the correct bundle.

Usage - Sync

To hash a password:

import { genSaltSync, hashSync } from "bcrypt-ts";

const salt = genSaltSync(10);
const result = hashSync("B4c0//", salt);
// Store hash in your password DB

To check a password:

import { compareSync } from "bcrypt-ts";

// Load hash from your password DB
const hash = "xxx";

compareSync("B4c0//", hash); // true
compareSync("not_bacon", hash); // false

Auto-gen a salt and hash at the same time:

import { hashSync } from "bcrypt-ts";

const result = hashSync("bacon", 8);

Usage - Async

To hash a password:

import { genSalt, hash } from "bcrypt-ts";

const salt = await genSalt(10);
const result = await hash("B4c0//", salt);
// Store hash in your password DB

To check a password:

import { compare } from "bcrypt-ts";

// Load hash from your password DB
const hash = "xxxxxx";

await bcrypt.compare("B4c0//", hash); // true
await bcrypt.compare("not_bacon", hash); // false

Auto-gen a salt and hash:

import { hash } from "bcrypt-ts";

const result = await bcrypt.hash("B4c0//", 10);
// Store hash in your password DB

Note: Under the hood, asynchronous APIs split an operation into small chunks. After the completion of a chunk, the execution of the next chunk is placed on the back of the JS event queue, efficiently yielding for other computation to execute.

Usage - Command Line


Usage: bcrypt <input> [rounds|salt]

API

/**
 * Synchronously tests a string against a hash.
 *
 * @param content String to compare
 * @param hash Hash to test against
 */
export const compareSync: (content: string, hash: string) => boolean;
/**
 * Asynchronously compares the given data against the given hash.
 *
 * @param content Data to compare
 * @param hash Data to be compared to
 * @param progressCallback Callback successively called with the percentage of rounds completed
 *  (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms.
 */
export const compare: (
  content: string,
  hash: string,
  progressCallback?: ((percent: number) => void) | undefined,
) => Promise<boolean>;

/**
 * Synchronously generates a hash for the given string.
 *
 * @param contentString String to hash
 * @param salt Salt length to generate or salt to use, default to 10
 * @returns Resulting hash
 */
export const hashSync: (
  contentString: string,
  salt?: string | number,
) => string;
/**
 * Asynchronously generates a hash for the given string.
 *
 * @param contentString String to hash
 * @param salt Salt length to generate or salt to use
 * @param progressCallback Callback successively called with the percentage of rounds completed
 *  (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms.
 */
export const hash: (
  contentString: string,
  salt: number | string,
  progressCallback?: ((progress: number) => void) | undefined,
) => Promise<string>;

/**
 * Gets the number of rounds used to encrypt the specified hash.
 *
 * @param hash Hash to extract the used number of rounds from
 * @returns Number of rounds used
 * @throws {Error} If `hash` is not a string
 */
export const getRounds: (hash: string) => number;
/**
 * Gets the salt portion from a hash. Does not validate the hash.
 *
 * @param hash Hash to extract the salt from
 * @returns Extracted salt part
 * @throws {Error} If `hash` is not a string or otherwise invalid
 */
export const getSalt: (hash: string) => string;

/**
 * Synchronously generates a salt.
 *
 * @param rounds Number of rounds to use, defaults to 10 if omitted
 * @returns Resulting salt
 * @throws {Error} If a random fallback is required but not set
 */
export const genSaltSync: (rounds?: number) => string;
/**
 * Asynchronously generates a salt.
 *
 * @param rounds Number of rounds to use, defaults to 10 if omitted
 */
export const genSalt: (rounds?: number) => Promise<string>;

Credits