Find Similar Packages for bcryptjs
Search packages..
1 Year
bcryptjsSimilar Packages:
Package Weekly Downloads Trend
Stat Detail
Package
Downloads
Stars
Size
Issues
Publish
License
bcryptjs2,541,3433,601112 kB283 days agoBSD-3-Clause
Similar Npm Packages to bcryptjs

bcryptjs is a popular library for hashing passwords in JavaScript applications. It is a pure JavaScript implementation of the bcrypt hashing algorithm, which is widely used for securely storing passwords. bcryptjs allows developers to easily hash and compare passwords, providing a robust solution for user authentication. While bcryptjs is a solid choice for password hashing, there are several alternatives available in the ecosystem. Here are a few notable ones:

  • argon2 is a modern password hashing algorithm that is designed to be secure against various types of attacks, including GPU-based attacks. It is the winner of the Password Hashing Competition and offers features such as configurable memory and time cost, making it a highly adaptable option for different security needs. If you are looking for a cutting-edge solution for password hashing that prioritizes security and performance, argon2 is an excellent choice.
  • bcrypt is the original C implementation of the bcrypt hashing algorithm. It is widely used in many applications and offers a strong level of security for password storage. While it requires native bindings, it is known for its efficiency and performance. If you are comfortable with native modules and want to leverage the original implementation of bcrypt, this library is a great option.
  • bcrypt-nodejs is another JavaScript implementation of the bcrypt hashing algorithm. It is similar to bcryptjs but is designed to work without native bindings, making it easier to install and use in environments where native modules may pose challenges. While it may not be as actively maintained as other options, it can still serve as a viable alternative for password hashing in JavaScript applications.

For a comprehensive comparison of these libraries, check out the following link: Comparing argon2 vs bcrypt vs bcrypt-nodejs vs bcryptjs.

README for bcryptjs

bcrypt.js

Optimized bcrypt in JavaScript with zero dependencies, with TypeScript support. Compatible to the C++ bcrypt binding on Node.js and also working in the browser.

Build Status Publish Status npm

Security considerations

Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. (see)

While bcrypt.js is compatible to the C++ bcrypt binding, it is written in pure JavaScript and thus slower (about 30%), effectively reducing the number of iterations that can be processed in an equal time span.

The maximum input length is 72 bytes (note that UTF-8 encoded characters use up to 4 bytes) and the length of generated hashes is 60 characters. Note that maximum input length is not implicitly checked by the library for compatibility with the C++ binding on Node.js, but should be checked with bcrypt.truncates(password) where necessary.

Usage

The package exports an ECMAScript module with an UMD fallback.

$> npm install bcryptjs

import bcrypt from "bcryptjs";

Usage with a CDN

  • From GitHub via jsDelivr:
    https://cdn.jsdelivr.net/gh/dcodeIO/bcrypt.js@TAG/index.js (ESM)
  • From npm via jsDelivr:
    https://cdn.jsdelivr.net/npm/bcryptjs@VERSION/index.js (ESM)
    https://cdn.jsdelivr.net/npm/bcryptjs@VERSION/umd/index.js (UMD)
  • From npm via unpkg:
    https://unpkg.com/bcryptjs@VERSION/index.js (ESM)
    https://unpkg.com/bcryptjs@VERSION/umd/index.js (UMD)

Replace TAG respectively VERSION with a specific version or omit it (not recommended in production) to use latest.

When using the ESM variant in a browser, the crypto import needs to be stubbed out, for example using an import map. Bundlers should omit it automatically.

Usage - Sync

To hash a password:

const salt = bcrypt.genSaltSync(10);
const hash = bcrypt.hashSync("B4c0/\/", salt);
// Store hash in your password DB

To check a password:

// Load hash from your password DB
bcrypt.compareSync("B4c0/\/", hash); // true
bcrypt.compareSync("not_bacon", hash); // false

Auto-gen a salt and hash:

const hash = bcrypt.hashSync("bacon", 10);

Usage - Async

To hash a password:

const salt = await bcrypt.genSalt(10);
const hash = await bcrypt.hash("B4c0/\/", salt);
// Store hash in your password DB

bcrypt.genSalt(10, (err, salt) => {
  bcrypt.hash("B4c0/\/", salt, function (err, hash) {
    // Store hash in your password DB
  });
});

To check a password:

// Load hash from your password DB
await bcrypt.compare("B4c0/\/", hash); // true
await bcrypt.compare("not_bacon", hash); // false

// Load hash from your password DB
bcrypt.compare("B4c0/\/", hash, (err, res) => {
  // res === true
});
bcrypt.compare("not_bacon", hash, (err, res) => {
  // res === false
});

Auto-gen a salt and hash:

await bcrypt.hash("B4c0/\/", 10);
// Store hash in your password DB

bcrypt.hash("B4c0/\/", 10, (err, hash) => {
  // Store hash in your password DB
});

Note: Under the hood, asynchronous APIs split an operation into small chunks. After the completion of a chunk, the execution of the next chunk is placed on the back of the JS event queue, efficiently yielding for other computation to execute.

Usage - Command Line

Usage: bcrypt <input> [rounds|salt]

API

Callback types

  • Callback<T>: (err: Error | null, result?: T) => void
    Called with an error on failure or a value of type T upon success.

  • ProgressCallback: (percentage: number) => void
    Called with the percentage of rounds completed (0.0 - 1.0), maximally once per MAX_EXECUTION_TIME = 100 ms.

  • RandomFallback: (length: number) => number[]
    Called to obtain random bytes when both Web Crypto API and Node.js crypto are not available.

Functions

  • bcrypt.genSaltSync(rounds?: number): string
    Synchronously generates a salt. Number of rounds defaults to 10 when omitted.

  • bcrypt.genSalt(rounds?: number): Promise<string>
    Asynchronously generates a salt. Number of rounds defaults to 10 when omitted.

  • bcrypt.genSalt([rounds: number, ]callback: Callback<string>): void
    Asynchronously generates a salt. Number of rounds defaults to 10 when omitted.

  • bcrypt.truncates(password: string): boolean
    Tests if a password will be truncated when hashed, that is its length is greater than 72 bytes when converted to UTF-8.

  • bcrypt.hashSync(password: string, salt?: number | string): string Synchronously generates a hash for the given password. Number of rounds defaults to 10 when omitted.

  • bcrypt.hash(password: string, salt: number | string): Promise<string>
    Asynchronously generates a hash for the given password.

  • bcrypt.hash(password: string, salt: number | string, callback: Callback<string>, progressCallback?: ProgressCallback): void
    Asynchronously generates a hash for the given password.

  • bcrypt.compareSync(password: string, hash: string): boolean
    Synchronously tests a password against a hash.

  • bcrypt.compare(password: string, hash: string): Promise<boolean>
    Asynchronously compares a password against a hash.

  • bcrypt.compare(password: string, hash: string, callback: Callback<boolean>, progressCallback?: ProgressCallback)
    Asynchronously compares a password against a hash.

  • bcrypt.getRounds(hash: string): number
    Gets the number of rounds used to encrypt the specified hash.

  • bcrypt.getSalt(hash: string): string
    Gets the salt portion from a hash. Does not validate the hash.

  • bcrypt.setRandomFallback(random: RandomFallback): void
    Sets the pseudo random number generator to use as a fallback if neither Web Crypto API nor Node.js crypto are available. Please note: It is highly important that the PRNG used is cryptographically secure and that it is seeded properly!

Building

Building the UMD fallback:

$> npm run build

Running the tests:

$> npm test

Credits

Based on work started by Shane Girish at bcrypt-nodejs, which is itself based on javascript-bcrypt (New BSD-licensed).

npm-compare.com is an independent website designed to help developers choose the most suitable npm packages. We are not affiliated with npm, Inc or npmjs.com, the official website for the npm registry. Please note that npm is a registered trademark of npm, Inc. For more details, please refer to our Terms & Privacy.