npm
Sign UpSign In

saltpepperpass-node
TypeScript icon, indicating that this package has built-in type declarations

1.0.3 • Public • Published

🧂🔑 saltpepperpass-node

npm version License: MIT

A Node.js package that securely hashes passwords using bcrypt with customizable salt length, pepper text, and hashing rounds. It enhances password security by salting and peppering before hashing, making it ideal for backend applications.

Features

  • Custom salt length configuration
  • Configurable pepper text
  • Adjustable hashing rounds
  • Built on top of battle-tested bcrypt
  • TypeScript support
  • Environment-based configuration
  • Simple API with just two main functions

Installation

npm install saltpepperpass-node

Setup

  1. Create a .env file in your project root with the following variables:
SALTING_TEXT_LENGTH=5  # Length of the random salt string

PEPPER_TEXT=your_pepper_key  # Your secret pepper text

HASHING_ROUNDS=10  # Number of hashing rounds
  1. Import the package:
// Named imports (recommended)
import { generateHash, verifyHash } from "saltpepperpass-node";

// Or using default import
import saltAndPepperPass from "saltpepperpass-node";

// Using CommonJS
const saltAndPepperPass = require("saltpepperpass-node");

Usage

Using Named Imports (Recommended)

import { generateHash, verifyHash } from "saltpepperpass-node";

// Generate hash
const { hash, saltingText } = generateHash("myPassword");

// Verify password
const isValid = verifyHash("myPassword", saltingText, hash);

Using Default Import

import saltAndPepperPass from "saltpepperpass-node";

// Generate a hash
const password = "mySecurePassword123";
const { hash, saltingText } = saltAndPepperPass.generateHash(password);

// Verify a password using stored hash and salt
const isValid = saltAndPepperPass.verifyHash(password, saltingText, hash);

if (isValid) {
  console.log("Password is correct!");
} else {
  console.log("Password is incorrect!");
}

API Reference

generateHash(password: string): HashResult

Generates a hash for the given password using salt and pepper.

Parameters:

  • password (string): The password to hash

Returns:

  • Object with:
    • hash (string): The generated hash
    • saltingText (string): The generated salt

verifyHash(password: string, salt: string, hash: string): boolean

Verifies a password against a stored hash and salt.

Parameters:

  • password (string): The password to verify
  • salt (string): The stored salt
  • hash (string): The stored hash

Returns:

  • boolean: True if the password matches, false otherwise

Types

type TGenerateHashResult = {
  hash: string;
  saltingText: string;
};

type TVerifyHashResult = boolean;

Environment Variables

Variable Description Default
SALTING_TEXT_LENGTH Length of the random salt string 5
PEPPER_TEXT Secret pepper text used in hashing Required
HASHING_ROUNDS Number of bcrypt hashing rounds 10

Security Considerations

  • Store both the hash and salt securely in your database
  • Keep your PEPPER_TEXT secret and never expose it
  • Choose an appropriate HASHING_ROUNDS value (higher is more secure but slower)
  • Use environment variables for configuration in production

License

MIT

Readme

Keywords

Package Sidebar

Install

npm i saltpepperpass-node

Repository

github.com/Dewruwan95/saltpepperpass-node

Homepage

github.com/Dewruwan95/saltpepperpass-node#readme

Weekly Downloads

0

Version

1.0.3

License

MIT

Unpacked Size

12.5 kB

Total Files

7

Last publish

Collaborators

  • ideagraphix
Try on RunKit
Report malware