bcrypt 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.| Name | Version | Size | License | Type | Vulnerabilities |
|---|---|---|---|---|---|
| @mapbox/node-pre-gyp | 1.0.11 | 1 B | BSD-3-Clause | prod | |
| node-addon-api | 5.1.0 | 56.81 kB | MIT | prod |
bcrypt is a robust and secure libary for NodeJS that is inherently designed to hash passwords. The bcrypt algorithm is incredibly secure and defends against rainbow table attacks by incorporating a salt, which is a random value unique to every hashed password. This unique attribute renders pre-computed hash attacks impractical by exponentially increasing the storage requirements of such mechanisms. It employs an adaptive hashing scheme, meaning that as computing power increases over time, the numberof iterations, or "rounds", of the algorithm can be increased to ensure your data remains secure.
One can use bcrypt to hash and verify passwords in Node.js applications. After installing bcrypt via npm using "npm install bcrypt", you can generate a password hash using the module’s "genSalt" and "hash" methods, or by simply calling "hash". Here's an example of how you can hash a password:
const bcrypt = require('bcrypt');
const saltRounds = 10;
const myPlaintextPassword = 's0/\/\P4$$w0rD';
bcrypt.genSalt(saltRounds, (err, salt) => {
bcrypt.hash(myPlaintextPassword, salt, (err, hash) => {
// At this point, store the hash value in your password DB
});
});
An alternative technique, which auto-generates a salt and hash, can also be used:
bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => {
// Store hash in your password DB.
});
To verify a password, compare the hash of the attempted password with the hash of the actual password using bcrypt’s "compare" function:
// Load hash from your password DB.
bcrypt.compare(myPlaintextPassword, hash, (err, result) => {
if (result) {
// If the password matches, result will be true.
}
});
Bcrypt also supports promises if you prefer not to use callbacks. Async/await syntax works as well:
async function checkUser(username, password) {
// Fetch user from a database, etc.
const match = await bcrypt.compare(password, user.passwordHash);
if (match) {
// Login the user
}
}
The comprehensive documentation, which includes thorough instructions and code samples, for the bcrypt library can be found at its GitHub repository, accessible via the following URL: https://github.com/kelektiv/node.bcrypt.js. The documentation will guide you through all aspects of using the library, including installation, usage, detailed API reference, and more.
