npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cfcrypt

v1.0.0

Published

cloudflare workers module for hashing and salting passwords

Downloads

2

Readme

Cloudflare Workers crypt

A module built with javascript crypto api to hash passwords and generating salt without node modules.

How to install

npm install cfcrypt

General knowledge

Saving passwords in the database in their raw format make them vulnerable to hack if someone had access to the database so the best alternative is to hash the password and save the hash in the database and when user signs in you take his password hash it and compare it to the saved hash. But there is a catch , what if someone accessed your database and tried random passwords and then hashed them this will make you vulnerable to what is called rainbow tables attack so the best practice is to combine every password with a random bytes which are called salt and save them with the password so when a user enters the password you get the salt from the database and hash it with the password and then compare the result with the hashed password you saved. This package makes everything easier for you and the best part is it works on cloudflare workers or any other runtime that uses the native javascript crypto api.

How to use

When you install this package you get access to :

  • createSalt
  • hashPassword
  • vaildatePassword

You can import them like this :

import {createSalt , hashPassword , vaildatePassword } from "cfcrypt"

Generating a salt

let salt = createSalt()

Will return a random base64 string that can be used as a salt and should be saved in the database with the user credentials

Hashing passwords

let hashedPassword = hashPassword({salt: generatedSalt, password: passwordString})

Will return a base64 string encoding the hashed password bytes.

Validating passwords

You can export the current file by clicking Export to disk in the menu. You can choose to export the file as plain Markdown, as HTML using a Handlebars template or as a PDF.

let isValid = vaildatePassword({salt: saltFromDB, password: passwordString, hashedPassword: hashedPasswordFromDB})

Will return a boolen indicating whether the password and salt are valid compared to the hashed string and according to it you will give access to the user

Best practices

You should create a new salt for every user and every password for example when a user changes his password you should generate a new salt and save it in the database along with the new password hash . You can securely save the hashed password along the salt in your database and you can be creative on how you save them you can combine them in one string and separate them with ( - ) like "salt-hashedPassword" and split them when validating the users credentials or you can save each one in a separate field {hashedPassword , salt} .