1.0.3 • Published 5 months ago

saltpepperpass-node v1.0.3

Weekly downloads
-
License
MIT
Repository
github
Last release
5 months ago

🧂🔑 saltpepperpass-node

npm version License: MIT

A Node.js package that securely hashes passwords using bcrypt with customizable salt length, pepper text, and hashing rounds. It enhances password security by salting and peppering before hashing, making it ideal for backend applications.

Features

  • Custom salt length configuration
  • Configurable pepper text
  • Adjustable hashing rounds
  • Built on top of battle-tested bcrypt
  • TypeScript support
  • Environment-based configuration
  • Simple API with just two main functions

Installation

npm install saltpepperpass-node

Setup

  1. Create a .env file in your project root with the following variables:
SALTING_TEXT_LENGTH=5  # Length of the random salt string

PEPPER_TEXT=your_pepper_key  # Your secret pepper text

HASHING_ROUNDS=10  # Number of hashing rounds
  1. Import the package:
// Named imports (recommended)
import { generateHash, verifyHash } from "saltpepperpass-node";

// Or using default import
import saltAndPepperPass from "saltpepperpass-node";

// Using CommonJS
const saltAndPepperPass = require("saltpepperpass-node");

Usage

Using Named Imports (Recommended)

import { generateHash, verifyHash } from "saltpepperpass-node";

// Generate hash
const { hash, saltingText } = generateHash("myPassword");

// Verify password
const isValid = verifyHash("myPassword", saltingText, hash);

Using Default Import

import saltAndPepperPass from "saltpepperpass-node";

// Generate a hash
const password = "mySecurePassword123";
const { hash, saltingText } = saltAndPepperPass.generateHash(password);

// Verify a password using stored hash and salt
const isValid = saltAndPepperPass.verifyHash(password, saltingText, hash);

if (isValid) {
  console.log("Password is correct!");
} else {
  console.log("Password is incorrect!");
}

API Reference

generateHash(password: string): HashResult

Generates a hash for the given password using salt and pepper.

Parameters:

  • password (string): The password to hash

Returns:

  • Object with:
    • hash (string): The generated hash
    • saltingText (string): The generated salt

verifyHash(password: string, salt: string, hash: string): boolean

Verifies a password against a stored hash and salt.

Parameters:

  • password (string): The password to verify
  • salt (string): The stored salt
  • hash (string): The stored hash

Returns:

  • boolean: True if the password matches, false otherwise

Types

type TGenerateHashResult = {
  hash: string;
  saltingText: string;
};

type TVerifyHashResult = boolean;

Environment Variables

VariableDescriptionDefault
SALTING_TEXT_LENGTHLength of the random salt string5
PEPPER_TEXTSecret pepper text used in hashingRequired
HASHING_ROUNDSNumber of bcrypt hashing rounds10

Security Considerations

  • Store both the hash and salt securely in your database
  • Keep your PEPPER_TEXT secret and never expose it
  • Choose an appropriate HASHING_ROUNDS value (higher is more secure but slower)
  • Use environment variables for configuration in production

License

MIT

passwordhashingbcrypthashingsaltingpepperingbcrypt
bcryptdotenv
1.0.3

5 months ago

1.0.2

5 months ago

1.0.0

5 months ago