Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@node-rs/bcrypt
Advanced tools
@node-rs/bcrypt is a high-performance bcrypt library for Node.js, written in Rust. It provides functionalities for hashing passwords and verifying password hashes, leveraging the speed and safety of Rust.
Hashing Passwords
This feature allows you to hash a password using bcrypt. The `hash` function takes a password and the number of salt rounds as arguments and returns a hashed password.
const bcrypt = require('@node-rs/bcrypt');
async function hashPassword(password) {
const saltRounds = 10;
const hashedPassword = await bcrypt.hash(password, saltRounds);
console.log(hashedPassword);
}
hashPassword('myPassword123');
Verifying Passwords
This feature allows you to verify a password against a hashed password. The `verify` function takes a password and a hashed password as arguments and returns a boolean indicating whether the password matches the hash.
const bcrypt = require('@node-rs/bcrypt');
async function verifyPassword(password, hashedPassword) {
const isMatch = await bcrypt.verify(password, hashedPassword);
console.log(isMatch);
}
const hashedPassword = '$2b$10$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36Fjs1l4iZ7z6Z9p6x7XKmi';
verifyPassword('myPassword123', hashedPassword);
The `bcrypt` package is a widely-used library for hashing passwords in Node.js. It is written in C++ and provides similar functionalities to @node-rs/bcrypt, such as hashing and verifying passwords. However, it may not be as performant as @node-rs/bcrypt due to the differences in underlying implementation languages (C++ vs. Rust).
The `bcryptjs` package is a pure JavaScript implementation of bcrypt for Node.js. It offers the same functionalities as @node-rs/bcrypt, including password hashing and verification. While it is more portable due to being written in JavaScript, it is generally slower compared to native implementations like @node-rs/bcrypt.
The `argon2` package provides password hashing using the Argon2 algorithm, which is considered more secure and modern compared to bcrypt. It offers functionalities for hashing and verifying passwords, similar to @node-rs/bcrypt. However, it uses a different algorithm and may have different performance characteristics.
@node-rs/bcrypt
🚀 Fastest bcrypt in Node.js
node12 | node14 | node16 | node18 | |
---|---|---|---|---|
Windows x64 | ✓ | ✓ | ✓ | ✓ |
Windows x32 | ✓ | ✓ | ✓ | ✓ |
Windows arm64 | ✓ | ✓ | ✓ | ✓ |
macOS x64 | ✓ | ✓ | ✓ | ✓ |
macOS arm64 | ✓ | ✓ | ✓ | ✓ |
Linux x64 gnu | ✓ | ✓ | ✓ | ✓ |
Linux x64 musl | ✓ | ✓ | ✓ | ✓ |
Linux arm gnu | ✓ | ✓ | ✓ | ✓ |
Linux arm64 gnu | ✓ | ✓ | ✓ | ✓ |
Linux arm64 musl | ✓ | ✓ | ✓ | ✓ |
Android arm64 | ✓ | ✓ | ✓ | ✓ |
Android armv7 | ✓ | ✓ | ✓ | ✓ |
FreeBSD x64 | ✓ | ✓ | ✓ | ✓ |
export const DEFAULT_COST: 12
export function hashSync(password: string | Buffer, round?: number): string
export function hash(password: string | Buffer, round?: number): Promise<string>
export function verifySync(password: string | Buffer, hash: string | Buffer): boolean
export function verify(password: string | Buffer, hash: string | Buffer): Promise<boolean>
/**
* The same with `verifySync`
*/
export function compareSync(password: string | Buffer, hash: string | Buffer): boolean
/**
* The same with `verify`
*/
export function compare(password: string | Buffer, hash: string | Buffer): Promise<boolean>
export type Version = '2a' | '2x' | '2y' | '2b'
/**
* @param version default '2b'
*/
export function genSaltSync(round: number, version?: Version): string
/**
* @param version default '2b'
*/
export function genSalt(round: number, version?: Version): Promise<string>
Model Name: MacBook Pro
Model Identifier: MacBookPro15,1
Processor Name: Intel Core i7
Processor Speed: 2.6 GHz
Number of Processors: 1
Total Number of Cores: 6
L2 Cache (per Core): 256 KB
L3 Cache: 12 MB
Hyper-Threading Technology: Enabled
Memory: 16 GB
@node-rs/bcrypt x 18.55 ops/sec ±1.51% (12 runs sampled)
node bcrypt x 16.37 ops/sec ±2.94% (11 runs sampled)
bcryptjs x 3.61 ops/sec ±4.86% (6 runs sampled)
Async hash round 12 bench suite: Fastest is @node-rs/bcrypt
@node-rs/bcrypt x 18.51 ops/sec ±1.60% (12 runs sampled)
node bcrypt x 16.51 ops/sec ±1.51% (11 runs sampled)
bcryptjs x 3.71 ops/sec ±2.23% (6 runs sampled)
Async verify bench suite: Fastest is @node-rs/bcrypt
@node-rs/bcrypt x 4.68 ops/sec ±4.69% (16 runs sampled)
node bcrypt x 3.94 ops/sec ±6.56% (14 runs sampled)
bcryptjs x 3.56 ops/sec ±2.04% (13 runs sampled)
Hash round 12 bench suite: Fastest is @node-rs/bcrypt
@node-rs/bcrypt x 521,917 ops/sec ±2.27% (82 runs sampled)
node bcrypt x 252,333 ops/sec ±2.05% (82 runs sampled)
bcryptjs x 110,578 ops/sec ±2.37% (82 runs sampled)
genSaltSync bench suite: Fastest is @node-rs/bcrypt
FAQs
Rust bcrypt binding
The npm package @node-rs/bcrypt receives a total of 77,130 weekly downloads. As such, @node-rs/bcrypt popularity was classified as popular.
We found that @node-rs/bcrypt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.