1.0.0 • Published 3 years ago

password-scrypt v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

password-scrypt

A simple, promise-aware password hashing and verification library wrapping over the scrypt implementation available in the Node.js crypto module.

It is an alternative to the bcrypt and argon2 libraries both of which require native dependencies.

Suitable for web apps.

Features

  • Zero dependencies.

  • Written in Typescript.

  • No optional parameters, just a simple API, with sensible options chosen for you.

  • No reinvention of the wheel. Node.js APIs are directly used, so it is fast and secure.

    • Salts are generated using the cryptographically secure crypto.randomBytes function.
    • Timing attacks are prevented by using the crypto.timingSafeEqual function for comparing hashes.

Installation

npm install password-scrypt

API

hash: (password: string) => Promise<string>;

verify: (plaintext: string, ciphertext: string) => Promise<boolean>;

Usage

// Typescript
import * as Password from "password-scrypt";
// Javascript
const Password = require("password-scrypt");

const sample = "elephant-whale-zebra-1-2-3";

const hashed = await Password.hash(sample);

const isMatch = await Password.verify(sample, hashed); // true

const isNotMatch = await Password.verify("whale-dolphin-shark-1-2-3", hashed); // false
passwordhashingverificationauthnativescrypt
@infinitebrahmanuniverse/nolb-passw@everything-registry/sub-chunk-2415
1.0.0

3 years ago