Universal NodeJS Passwords Crypto
π Password hashing and verification library providing single interface forSHA256
,SCrypt
,BCrypt
,Argon2
andPBKDF2
algorithms
π¬ Why use this lib?
- Secure. Library has only 2 dependencies and is constantly being scanned by Snyk & Code QL for vulnerabilities.
- Simple. Standardized api allows to do hashing, salting, peppering and verification with just 2 methods
- Modular. Every supported hashing algorithm is a simple class, that can be imported and used independently.
π¦ Installation
- Using
npm
:npm i unpc
- Using
Yarn
:yarn add unpc
- Using
pnpm
:pnpm add unpc
π Additional libraries
To support best hashing algorithms unpc
needs third party libraries
with C bindings
Argon2
If you want to add support for argon2
algorithm
and argon2i
, argon2d
and argon2id
adapters, you need to install package argon2
npm i argon2
BCrypt
If you want to add support for bcrypt
algorithm
and bcrypt
adapter, you need to install package bcrypt
npm i bcrypt
π οΈ Examples
Basic
import { Crypt } from "unpc";
import { Argon2iHashingAdapter } from "unpc/argon2i";
const crypt = new Crypt({
default: "argon2i",
adapters: [Argon2iHashingAdapter],
options: { encoding: "hex" }
});
const secret = "Hello world!";
const hash = await crypt.hash(secret);
console.log(hash);
//
const isCorrect = await crypt.verify(hash, secret);
console.log(isCorrect); // true
Full examples
Adapters
Path | Adapter class name | Algorithm | Requirements |
---|---|---|---|
unpc/argon2 |
Argon2HashingAdapter |
Argon2-i | Package argon2
|
unpc/argon2d |
Argon2dHashingAdapter |
Argon2-d | Package argon2
|
unpc/argon2i |
Argon2iHashingAdapter |
Argon2-i | Package argon2
|
unpc/argon2id |
Argon2idHashingAdapter |
Argon2-id | Package argon2
|
unpc/bcrypt |
BCryptHashingAdapter |
Bcrypt | Package bcrypt
|
unpc/pbkdf2 |
PBKDF2HashingAdapter |
PBKDF2 | Node > v0.5.5
|
unpc/scrypt |
SCryptHashingAdapter |
Scrypt | Node > v10.5.0
|
unpc/sha256 |
Sha256HashingAdapter |
SHA-256 | Being brave enough to use it. Insecure |
unpc/sha512 |
Sha512HashingAdapter |
SHA-512 | Being brave enough to use it. Insecure |
License
Distributed under the MIT License. See LICENSE.txt for more information.