npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

s-salt-pepper

v3.0.4

Published

Password hashing (via pbkdf2) with salt and pepper

Downloads

44

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

seabassseabass

Keywords

passwordhashsaltpepperrandomiterationspbkdf2javascriptnode

Readme

s-salt-pepper

NPM version Dependencies build status NPM license Stability

About

This dependency-free module provides password hashing and comparison with salt and variable iterations of pbkdf2. An additional "pepper" (optional) is concatenated to the salt before hashing. The salts are kept in your database, the pepper is saved on your server. Works with node versions 8 and above.

Installation

npm install s-salt-pepper

Usage

  1. Generate a password hash with a salt (for example, when a user signs up) using password.hash()
  2. Whenever the user logs in or needs to verify their password, compare the provided login password with the user's saved salt and hash using password.compare()
const password = require('s-salt-pepper');

// configure once
password.iterations(75000); // optionally set number of pbkdf2 iterations
password.pepper('your random string goes here');

// hash a string and save returned salt and hash to (fake) user
const user = {
  password: {
    hash: null,
    salt: null
  }
};

async () => {
  // set the user's password to { hash: String, salt: String }
  user.password = await password.hash('foo');

  // ...later, verify that a given string matches the user's password data
  await password.compare('bar', user.password); // false
  await password.compare('foo', user.password); // true
}

API

async password.hash(String)

Accepts a string password argument, returns a promise that resolves to an object of the shape:

{
  hash: String,
  salt: String
}

async password.compare(String, { hash: String, salt: String })

Accepts a string password as the first argument and an object like the one given by password.hash() as the second argument. Returns a promise that resolves to true if the password is a match, false otherwise.

password.saltLength(Number?)

Returns the salt length if called without any arguments. Sets the salt length (in bytes, before base64 conversion) if called with one argument.

password.iterations(Number?)

Returns the number of pbkdf2 iterations to run if called without any arguments. Sets the number of pbkdf2 iterations if called with one argument.

password.keyLength(Number?)

Returns the pbkdf2 key length if called without any arguments. Sets the key length (in bytes, before base64 conversion) if called with one argument.

password.digest(String?)

Returns the pbkdf2 digest algorithm if called without any arguments. Sets the digest algorithm if called with one argument.

password.pepper(String?)

Returns the pepper if called without any arguments. Sets the pepper if called with one argument.

Config options

The following can be configured (defaults displayed below):

password.saltLength(32);
password.iterations(100000); // ~200ms to compute with current key/salt lengths
password.keyLength(128);
password.digest('sha512');
password.pepper('');

Calling those functions without any arguments returns their current value.

password.saltLength(); // => 32