npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hashy

v0.11.1

Published

Hash passwords the right way (Argon2 & bcrypt support)

Downloads

2,843

Readme

Hashy

Node compatibility License PackagePhobia

Package Version Build Status Latest Commit

Hash passwords the right way (Argon2 & bcrypt support)

Hashy is small Node.js library which aims to do passwords hashing the correct way.

It has been heavily inspired by the new PHP password hashing API but, following the Node.js philosophy, hashing is done asynchronously.

Furthermore, to make the interfaces as easy to use as possible, async functions can either be used with callbacks or they return promises which will make them super easy to work with async functions!

Supported algorithms:

Why a new library?

The other ones I found were too complicated and/or were missing important features.

The main missing feature is the needRehash() function: cryptography is a fast-moving science and algorithms can quickly become obsolete or their parameters needs to be adjusted to compensate the performance increase of recent computers (e.g. bcrypt cost factor).

This is exactly what this function is for: checking whether a hash uses the correct algorithm (and options) to see if we need to compute a new hash for this password.

Install

Installation of the npm package:

> npm install --save hashy

Hashy requires promises support, for Node versions prior to 0.12 see this page to enable them.

How to use it?

First, you may take a look at examples: using callbacks, promises or async functions (requires Node >= 7.6).

Creating a hash

hashy.hash(password, function (error, hash) {
  if (error) {
    return console.log(error);
  }

  console.log("generated hash: ", hash);
});

hash() handles additionaly two parameters which may be passed before the callback:

  1. algo: which algorithm to use, it defaults to 'bcrypt';
  2. options: additional options for the current algorithm, for bcrypt it defaults to {cost: 10}..

Checking a password against a hash

hashy.verify(password, hash, function (error, success) {
  if (error) {
    return console.error(err);
  }

  if (success) {
    console.log("you are now authenticated!");
  } else {
    console.warn("invalid password!");
  }
});

Getting information about a hash

const info = hashy.getInfo(hash);

Checking whether a hash is up to date

As I said earlier, we must be able to check whether the hash is up to date, i.e. if it has been generated by the last algorithm available with the last set of options.

if (hashy.needsRehash(hash)) {
  // Rehash.
}

It handles the optional algo and options parameters like hash().

Changing default options.

The default options for a given algorithm is available at hashy.options[>algo<].

// Sets the default cost for bcrypt to 12.
hashy.options.bcrypt.cost = 12;

Using promises

Same interface as above but without the callbacks!

// Hashing.
hashy.hash(password).then(function (hash) {
  console.log('generated hash:' hash)
})

// Checking.
hashy.verify(password, hash).then(function (success) {
  if (success) {
    console.log('you are now authenticated!')
  } else {
    console.warn('invalid password!')
  }
})

As you can see, you don't even have to handle errors if you don't want to!

Using async functions

Note: only available since Node.js 7.6.

Same interface as promises but much more similar to a synchronous code!

// Hashing.
(async function () {
  const hash = await hashy.hash(password);
  console.log("generated hash:", hash);
})()(
  // Checking.
  async function () {
    if (await hashy.verify(password, hash)) {
      console.log("you are now authenticated!");
    } else {
      console.warn("invalid password!");
    }
  }
)();

Contributing

Contributions are very welcome, either on the documentation or on the code.

You may:

  • report any issue you've encountered;
  • fork and create a pull request.

License

Hashy is released under the MIT license.