1.2.2 • Published 4 years ago

@jongleberry/passwords v1.2.2

Weekly downloads
161
License
MIT
Repository
github
Last release
4 years ago

Passwords

Node.js CI codecov

Personal library for managing passwords.

Features:

  • Hash and verify passwords with node.js-native scrypt
  • Checks passwords against the haveibeenpwned database and disallow pwned passwords
    • Provides a configurable timeout for hitting HIBP
    • Does not handle HIBP retries. Because its APIs are served by CloudFlare, retries are probably unnecessary.
  • Configurable minimum password length with a default of 8 characters
  • HTTP client-friendly errors with http-errors

API

const Passwords = require('@jongleberry/passwords')

const passwords = new Passwords({
  // options
})

const [key, salt] = await passwords.createPassword('some password')

const isValidPassword = await passwords.comparePassword('some password', key, salt)

Options

  • hibpTimeout = 1000 - timeout to hibp in milliseconds. If for some reason hibp takes longer than this timeout, the password will be assumed to be valid.
  • minimumPasswordLength = 8 - minimum password character length
  • saltLength = 16 - salt length in bytes
  • keyLength = 64 - derived key length in bytes
  • scryptOptions = {} - options passed directly to scrypt

NOTE: changing scryptOptions will change the derived key, so keep it consistent in your app or store it along with your password.

key, salt, scryptOptions = await createPassword(password)

Create a derived key and salt from a password.

isValidPassword = await comparePassword(password, key, salt , scryptOptions)

Validate the password with the derived key and salt. scryptOptions is only necessary if it's different than the currently set options.

1.2.2

4 years ago

1.2.1

4 years ago

1.2.0

4 years ago

1.1.2

4 years ago

1.1.1

4 years ago

1.1.0

4 years ago

1.0.0

4 years ago