Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
argon2-pass
Advanced tools
State of the art password hashing and one time password reset token generation module written in TypeScript for nodejs.
SecurePass (argon2-pass) is a module for the creation of hashes from passwords, allowing you to store passwords securely. The module also provides a facility for the generation and verification of one time authentication tokens for use in your own password reset flows. This module is a wrapper for libsodium's implementation of the Argon2ID password hashing algorithm and Poly1305.
Install argon2-pass using yarn
:
yarn add argon2-pass
Or via npm
:
npm install argon2-pass
Basic Usage Information:
import { SecurePass, VerificationResult } from 'argon2-pass';
async function main() {
// Create a new instance of SecurePass. Optional difficulty configurations can be passed in here.
const sp = new SecurePass();
// Passwords and Hashes are stored as buffers internally.
const password = Buffer.from('SamplePassword');
const hash = await sp.hashPassword(password);
// Hash Verification returns an enumerator for easy validation of passwords against hashes.
const result = await sp.verifyHash(password, hash);
if (result == VerificationResult.InvalidOrUnrecognised) {
console.log('Hash not created by SecurePass or invalid');
} else if (result == VerificationResult.Invalid) {
console.log('Password not valid when compared with supplied hash');
} else if (result == VerificationResult.Valid) {
console.log('Password and Hash are a match');
} else if (result == VerificationResult.ValidNeedsRehash) {
console.log('Password and Hash are a match, but the security of the hash could be improved by rehashing.');
}
}
// Call the async function defined above to run the example.
main();
For full documentation, please refer to the full documentation site. The documentation was generated automaticaly with TypeDoc.
This package is configured with jest tests, these tests ensure that the module is working correctly and as specified as well as generating code coverage reports to ensure every line of code is covered by a unit test.
To run the jest tests manualy run the test script defined in package.json:
yarn test
This module also has the following automated testing:
Licensed under MIT.
Copyright (C) 2018 DrBarnabus
[0.2.0] - 2018-09-08
hashPasswordSync()
and verifyHashSync()
.MemLimit()
and MemLimit(newValue)
.OpsLimit()
and OpsLimit(newValue)
.static readonly
configuration default values are now set to their value manually. Previously they were just "re-exports" of sodium-native's constants.getMemLimit()
and getOpsLimit()
functions, replaced with getters and setters as detailed above.FAQs
State of the art password hashing and one time password reset token generation module written in TypeScript for nodejs.
The npm package argon2-pass receives a total of 7 weekly downloads. As such, argon2-pass popularity was classified as not popular.
We found that argon2-pass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.