bcryptjs
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|
bcryptjs
is a potent npm package that allows developers to hash passwords effectively. It applies the bcrypt algorithm in plain JavaScript with zero dependencies. This library is primarily applied in password hashing, a crucial step in storing user passwords securely, as it provides protection against rainbow table attacks and remains resistant to brute-force search attacks. bcryptjs
is compatible with C++ bcrypt binding on node.js and works just as effectively in a browser. However, it's noteworthy that being written in pure JavaScript, it is generally slower than its C++ counterpart, reducing the number of iterations processed in an equal time span.
bcryptjs
offers a straightforward utilization process. To employ it in a node.js environment, install it using the recommended npm command, npm install bcryptjs
, and later require the bcryptjs
library in your JavaScript file.
After that, use it like this:
var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("B4c0/\/", salt);
Above, we've generated a password hash. To validate a password, load the hash from your password database and use it in comparison like this:
// Load hash from your password DB.
bcrypt.compareSync("B4c0/\/", hash); // returns true if passwords match
bcrypt.compareSync("not_bacon", hash); // returns false if passwords do not match
For automatic salt generation and hashing:
var hash = bcrypt.hashSync('bacon', 8);
The library also provides an asynchronous way of hashing and checking passwords:
var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash("B4c0/\/", salt, function(err, hash) {
// Store hash in your password DB.
});
});
Verifying password:
// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
// res === true if passwords match
});
bcrypt.compare("not_bacon", hash, function(err, res) {
// res === false if passwords do not match
});
The detailed documentation on bcryptjs
, encompassing its methods, parameters, and functionalities, is available directly on the bcryptjs GitHub page at https://github.com/dcodeIO/bcrypt.js. It provides a thorough walkthrough on both synchronous and asynchronous usage, including real-time examples and method explanations. For instance, globalfunctions such as genSaltSync()
, hashSync()
, and compareSync()
are given broad explanations on the docs page. Plus, the bcryptjs
GitHub page is continuously updated, meaning developers can stay updated on any new changes and usage instructions.