bcryptjs
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/bcryptjs package

    1.1.0 • Public • Published

    bcrypt.js - bcrypt in plain JavaScript

    Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to the C++ bcrypt binding and also working in the browser.

    Features Build Status

    • CommonJS/node.js compatible (via crypto), also available via npm
    • Shim/browser compatible (via WebCryptoAPI)
    • RequireJS/AMD compatible
    • Zero production dependencies
    • Small footprint
    • Compiled with Closure Compiler using advanced optimizations, externs included

    Security considerations

    Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. (see)

    While bcrypt.js is compatible to the C++ bcrypt binding, it is written in pure JavaScript and thus slower, effectively reducing the number of iterations that can be processed in an equal time span.

    Usage

    node.js

    npm install bcryptjs

    var bcrypt = require('bcryptjs');
    ...

    RequireJS/AMD

    require.config({
        "paths": {
            "bcrypt": "/path/to/bcrypt.js"
        }
    });
    require(["bcrypt"], function(bcrypt) {
        ...
    });

    Shim/browser

    <script src="//raw.github.com/dcodeIO/bcrypt.js/master/bcrypt.min.js"></script>
    var bcrypt = dcodeIO.bcrypt;
    ...

    Usage - Sync

    To hash a password:

    var bcrypt = require('bcryptjs');
    var salt = bcrypt.genSaltSync(10);
    var hash = bcrypt.hashSync("B4c0/\/", salt);
    // Store hash in your password DB.

    To check a password:

    // Load hash from your password DB.
    bcrypt.compareSync("B4c0/\/", hash); // true
    bcrypt.compareSync("not_bacon", hash); // false

    Auto-gen a salt and hash:

    var hash = bcrypt.hashSync('bacon', 8);

    Usage - Async

    To hash a password:

    var bcrypt = require('bcryptjs');
    bcrypt.genSalt(10, function(err, salt) {
        bcrypt.hash("B4c0/\/", salt, function(err, hash) {
            // Store hash in your password DB.
        });
    });

    To check a password:

    // Load hash from your password DB.
    bcrypt.compare("B4c0/\/", hash, function(err, res) {
        // res == true
    });
    bcrypt.compare("not_bacon", hash, function(err, res) {
        // res = false
    });

    Auto-gen a salt and hash:

    bcrypt.hash('bacon', 8, function(err, hash) {
    });

    API

    bcrypt

    bcrypt namespace.

    bcrypt.genSaltSync(rounds=, seed_length=)

    Synchronously generates a salt.

    Name Type Description
    rounds number Number of rounds to use, defaults to 10 if omitted
    seed_length number Not supported.
    returns string Resulting salt

    bcrypt.genSalt(rounds=, seed_length=, callback)

    Asynchronously generates a salt.

    Name Type Description
    rounds (number ¦ function(Error, ?string)) Number of rounds to use, defaults to 10 if omitted
    seed_length (number ¦ function(Error, ?string)) Not supported.
    callback function(Error, ?string) Callback receiving the error, if any, and the resulting salt

    bcrypt.hashSync(s, salt=)

    Synchronously generates a hash for the given string.

    Name Type Description
    s string String to hash
    salt (number ¦ string) Salt length to generate or salt to use, default to 10
    returns ?string Resulting hash, actually never null

    bcrypt.hash(s, salt, callback, progressCallback=)

    Asynchronously generates a hash for the given string.

    Name Type Description
    s string String to hash
    salt number ¦ string Salt length to generate or salt to use
    callback function(Error, ?string) Callback receiving the error, if any, and the resulting hash
    progressCallback function(number) Callback successively called with the percentage of rounds completed (0.0 - 1.0), maximally once per MAX_EXECUTION_TIME = 100 ms.

    bcrypt.compareSync(s, hash)

    Synchronously tests a string against a hash.

    Name Type Description
    s string String to compare
    hash string Hash to test against
    returns boolean true if matching, otherwise false
    throws Error If an argument is illegal

    bcrypt.compare(s, hash, callback, progressCallback=)

    Asynchronously compares the given data against the given hash.

    Name Type Description
    s string Data to compare
    hash string Data to be compared to
    callback function(Error, boolean) Callback receiving the error, if any, otherwise the result
    progressCallback function(number) Callback successively called with the percentage of rounds completed (0.0 - 1.0), maximally once per MAX_EXECUTION_TIME = 100 ms.
    throws Error If the callback argument is invalid

    bcrypt.getRounds(hash)

    Gets the number of rounds used to encrypt the specified hash.

    Name Type Description
    hash string Hash to extract the used number of rounds from
    returns number Number of rounds used
    throws Error If hash is not a string

    bcrypt.getSalt(hash)

    Gets the salt portion from a hash.

    Name Type Description
    hash string Hash to extract the salt from
    returns string Extracted salt part portion
    throws Error If hash is not a string or otherwise invalid

    Command line

    Usage: bcrypt <input> [salt]

    If the input has spaces inside, simply surround it with quotes.

    Downloads

    Credits

    Based on work started by Shane Girish at bcrypt-nodejs (MIT-licensed), which is itself based on javascript-bcrypt (New BSD-licensed).

    License

    Apache License, Version 2.0 if not stated otherwise

    Install

    npm i bcryptjs@1.1.0

    Version

    1.1.0

    License

    Apache-2.0

    Last publish

    Collaborators

    • dcode