npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

himalayan-salt

v1.0.10

Published

Cryptographically strong password salting and hashing library for Node.js

Downloads

38

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

burntsugarburntsugar

Keywords

hashingsaltingencryptionTypeScriptJavaScriptES6JestAuthentication

Readme

himalayan-salt

Cryptographically strong password salting and hashing library for Node.js

Photo by Autri Taheri https://unsplash.com/@ataheri?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText

Status: Alpha

I maintain this library for use in my own projects. It is built upon Node.js Crypto which is easy to integrate. You may like to look though this himalayan-salt integration in order to make your own - or install it and use it :)

What's next...

Features in this version

+ generate(passphrase)

Returns cryptographically strong, unique 64 character hex encoded salt, and SHA-256 hash for a given passphrase. Returned in an instance of Hashes.

Usage:

  • generateSHA256PassphraseHash( 'passphrase') => Hashes instance containing generated salt and hash

Error handling:

  • generateSHA256PassphraseHash( 'passwor') => RangeError for string length < 8
  • generateSHA256PassphraseHash( 123) => TypeError when argument is other than string
  • generateSHA256PassphraseHash() => TypeError when argument is falsey (null, undefined)

Generated strings are returned in a Hashes instance. You can choose to return them separately or combined, depending on your requirements.

  • getSalt() => 64 character hex encoded salt result
  • getHash() => 64 character hex encoded hash result
  • getCombined() => 128 character hex encoded result where the first 64 characters are the salt and the remaining 64 characters are the hash.

+ verify(passphrase, salt, hash)

Verifies a given passphrase against a given salt and hash.

Usage:

  • verify( 'passphrase', 64 character hex encoded salt, 64 character hex encoded hash) => true/false

Error handling:

  • verify() => TypeError when any argument is not provided
  • verify( 'passphrase', 123, 123) => RangeError when salt or hash is not a 64 character string.

Overview

  • Built upon Crypto.
  • SHA-256 unique 32 byte salt generated for each call
  • SHA-256 salted passphrase hash
  • Salt and hash returned as 64 character hex encoded strings - separate or combined.
// demo.js

// ES6 import
import {himalayanSalt} from './himalayan-salt.js';
// or require
// const hs = require('./himalayan-salt.js');
// const himalayanSalt = hs.himalayanSalt;

const passphrase1 = 'testY9O/<2uWguEU';
console.log(`passphrase is: ${passphrase1}`);
const result1 = himalayanSalt.generate(passphrase1);
console.log(`SALT >>>  ${result1.getSalt()}`);
console.log(`HASH >>>  ${result1.getHash()}`);
console.log(`COMBINED >>>  ${result1.getCombined()}`);
console.log(`VERIFICATION >>>  ${himalayanSalt.verify(passphrase1, result1.getSalt(), result1.getHash())}`);

const passphrase2 = 'testY9O/<2uWguEU'; // same passphrase
console.log(`passphrase is: ${passphrase2}`);
const result2 = himalayanSalt.generate(passphrase2);
console.log(`SALT >>>  ${result2.getSalt()}`); // unique salt,
console.log(`HASH >>>  ${result2.getHash()}`); // and hash
console.log(`COMBINED >>>  ${result2.getCombined()}`);
console.log(`VERIFICATION >>>  ${himalayanSalt.verify(passphrase2, result2.getSalt(), result2.getHash())}`);

Output...

passphrase is: testY9O/<2uWguEU
SALT >>>  e4f4b47ac78e90c647cb78f30dff5f07517a6a9a11ff896dcf8b3c9946039f1f
HASH >>>  1f2b189c0991287baa5ac597229aa6626d79c6f4201d8fb869697fd30f1f2f89
COMBINED >>>  e4f4b47ac78e90c647cb78f30dff5f07517a6a9a11ff896dcf8b3c9946039f1f1f2b189c0991287baa5ac597229aa6626d79c6f4201d8fb869697fd30f1f2f89
VERIFICATION >>>  true

passphrase is: testY9O/<2uWguEU
SALT >>>  1450c8044a9334b83bbe77dbfe858c455051f709162275c107519d573e9210d0
HASH >>>  42a6e24e481fdc100b6447d3ae1a935ea455f578f43ad7be2b6cf059233be0f8
COMBINED >>>  1450c8044a9334b83bbe77dbfe858c455051f709162275c107519d573e9210d042a6e24e481fdc100b6447d3ae1a935ea455f578f43ad7be2b6cf059233be0f8
VERIFICATION >>>  true

Download

Prerequisite: Node.js 13.5x installation.

user $ git clone [email protected]:burntsugar/himalayan-salt.git
user $ cd himalayan-salt
user/himalayan-salt $ npm install

Compile TypeScript

Compile .ts to .js in ./out

user/himalayan-salt $ npm run tsc

Test

(compile first!)

Run Jest test suites.

user/himalayan-salt $ npm test

Run demo

(compile first!)

user/himalayan-salt $ npm run demo

Install into your own project

npm install --save himalayan-salt
// your.js

// ES6 import
import {himalayanSalt} from 'himalayan-salt';

...or...

// your.js

// require
const hs = require('himalayan-salt');

Standalone

Start with -v | -verify followed by passphrase, salt and hash.

Start with -g | -generate followed by passphrase.

Docker

docker pull burntsugar/himalayan-salt

Demo

docker run --rm himalayan-salt demo

Generate salt and hash

docker run --rm himalayan-salt -generate <passphrase>

Verify passphrase

docker run --rm himalayan-salt -verify <passphrase> <salt> <hash>

See dockerhub repository

Modern password security for system designers

This project is guided by Modern password security for system designers.

Passwords...

Allow the largest character set possible, such as UTF-8, including emoji.

Have a long minimum length and allow very long passwords.

What's inside

rrr@burntsugar.rocks