Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
argon2-pass
Advanced tools
State of the art password hashing and one time password reset token generation module written in TypeScript for nodejs.
SecurePass is a module for the creation of hashes from passwords, allowing you to store passwords securely. The module also provides a facility for the generation and verification of one time use password reset tokens for use in your own password reset flows. This module is a wrapper for libsodium's implementation of the Argon2ID password hashing algorithm.
Buffer
's for safer memory management.To install the package you need to use a package manager such as npm or yarn.
yarn add secure-pass
npm install secure-pass
Coming Soon
This package is configured with [jest] tests, these tests ensure that the module is working correctly and as specified as well as generating code coverage reports.
yarn test
or
npm test
Licensed under MIT.
Copyright (C) 2018 DrBarnabus
0.1.0 - 2018-09-06
SecurePassOptionsError
that is thrown if an error occurs during options validation.hashPassword()
function, the function takes a password in as a buffer and provides the hashed output. The function can work with any of the following return methods; async/await, promise or callback.VerificationResult
enumeration to serve as the response to the hash verification function.verifyHash()
function, the function takes a password and a hash as buffers and provides a VerificationResult
as an output. The function can work with any of the following return methods; async/await, promise or callback.FAQs
State of the art password hashing and one time password reset token generation module written in TypeScript for nodejs.
The npm package argon2-pass receives a total of 7 weekly downloads. As such, argon2-pass popularity was classified as not popular.
We found that argon2-pass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.