password-scrypt
v1.0.0
Published
A password hashing/verifying wrapper around the native Node.js crypto module, no external dependencies/c++ addons.
Downloads
3
Maintainers
Readme
password-scrypt
A simple, promise-aware password hashing and verification library wrapping over the scrypt
implementation available in the Node.js crypto module.
It is an alternative to the bcrypt
and argon2
libraries both of which require native dependencies.
Suitable for web apps.
Features
Zero dependencies.
Written in Typescript.
No optional parameters, just a simple API, with sensible options chosen for you.
No reinvention of the wheel. Node.js APIs are directly used, so it is fast and secure.
- Salts are generated using the cryptographically secure
crypto.randomBytes
function. - Timing attacks are prevented by using the
crypto.timingSafeEqual
function for comparing hashes.
- Salts are generated using the cryptographically secure
Installation
npm install password-scrypt
API
hash: (password: string) => Promise<string>;
verify: (plaintext: string, ciphertext: string) => Promise<boolean>;
Usage
// Typescript
import * as Password from "password-scrypt";
// Javascript
const Password = require("password-scrypt");
const sample = "elephant-whale-zebra-1-2-3";
const hashed = await Password.hash(sample);
const isMatch = await Password.verify(sample, hashed); // true
const isNotMatch = await Password.verify("whale-dolphin-shark-1-2-3", hashed); // false