argon2 - npm Package Compare versions

Comparing version 0.20.0 to 0.20.1

package-lock.json

argon2.js

		'use strict'
		const { randomBytes } = require('crypto')
		const { randomBytes, timingSafeEqual } = require('crypto')
		const { promisify } = require('util')
		@@ -69,5 +69,5 @@ const bindings = require('bindings')('argon2')
		})
		return expected.equals(hash)
		return timingSafeEqual(expected, hash)
		}

		module.exports = { defaults, limits, hash, needsRehash, verify, ...types }

package.json

		{
		"name": "argon2",
		"version": "0.20.0",
		"version": "0.20.1",
		"description": "An Argon2 library for Node",
		@@ -5,0 +5,0 @@ "main": "argon2.js",

110

README.md

		@@ -15,4 +15,4 @@ # node-argon2
		### Usage
		It's possible to hash a password using both Argon2i (default) Argon2d and Argon2id, sync
		and async, and to verify if a password matches a hash.
		It's possible to hash using either Argon2i (default), Argon2d and Argon2id, and
		verify if a password matches a hash.

		@@ -23,10 +23,2 @@ To hash a password:

		argon2.hash('password').then(hash => {
		// ...
		}).catch(err => {
		// ...
		});

		// ES7 or TypeScript

		try {
		@@ -38,88 +30,9 @@ const hash = await argon2.hash("password");
		```
		You can choose between Argon2i, Argon2d and Argon2id by passing an object as the third
		argument with the `type` key set to which type you want to use:
		```js
		argon2.hash('password', {
		type: argon2.argon2d
		}).then(hash => {
		// ...
		}).catch(err => {
		// internal failure
		});

		// ES7 or TypeScript
		To see how you can modify the output (hash length, encoding) and parameters
		(time cost, memory cost and parallelism),
		[read the wiki](https://github.com/ranisalt/node-argon2/wiki/Options)

		try {
		const hash = await argon2.hash('password', {
		type: argon2.argon2d
		});
		} catch (err) {
		// internal failure
		}
		```
		The `type` option is flexible and accepts 0, 1 or 2 for Argon2d, Argon2i and Argon2id respectively.

		You can also get the hash as a raw Node Buffer by passing 'true' to the 'raw' option:

		```js
		argon2.hash('password', {
		raw: true
		}).then(hash => {
		// ... hash is a Buffer
		}).catch(err => {
		// internal failure
		});

		// ES7 or TypeScript

		try {
		const hash = await argon2.hash('password', {
		raw: true
		});
		} catch (err) {
		// internal failure
		}
		```

		You can change the Promise with
		[any-promise](https://www.npmjs.com/package/any-promise). Try using Bluebird or
		Q for enhanced functionality.

		You can also modify time, memory and parallelism constraints passing the object
		as the third parameter, with keys `timeCost`, `memoryCost` and `parallelism`,
		respectively defaulted to 3, 4096 (KiB) and 1 (threads):
		```js
		const options = {
		timeCost: 4, memoryCost: 2 ** 13, parallelism: 2, type: argon2.argon2d
		};

		argon2.hash('password', options).then(hash => {
		// ...
		});

		// ES7 or TypeScript

		const hash = await argon2.hash("password", options);
		```

		The default parameters for Argon2 can be accessed with `defaults`:
		```js
		console.log(argon2.defaults);
		// => { timeCost: 3, memoryCost: 4096, parallelism: 1, type: argon2.argon2i }
		```

		To verify a password:
		```js
		argon2.verify('<big long hash>', 'password').then(match => {
		if (match) {
		// password match
		} else {
		// password did not match
		}
		}).catch(err => {
		// internal failure
		});

		// ES7 or TypeScript

		try {
		@@ -135,8 +48,3 @@ if (await argon2.verify("<big long hash>", "password")) {
		```
		First parameter must have been generated by an Argon2 encoded hashing method,
		not raw.

		When you hit an internal failure, the message is properly set. If it is not or
		you do not understand it, feel free to open an issue.

		### TypeScript Usage
		@@ -181,4 +89,5 @@ A TypeScript type declaration file is published with this module. If you are
		The interface of both are very similar, notably node-argon2-ffi splits the
		argon2i and argon2d function set, but this module also has the argon2id option. Also, while
		node-argon2-ffi suggests you promisify `crypto.randomBytes, this library does that internally.
		argon2i and argon2d function set, but this module also has the argon2id option.
		Also, while node-argon2-ffi suggests you promisify `crypto.randomBytes`, this
		library does that internally.

		@@ -194,6 +103,5 @@ Performance-wise, the libraries are equal. You can run the same benchmark suite

		node-argon2 works only and is tested against Node >=4.0.0.
		node-argon2 works only and is tested against Node >=8.0.0.

		#### OSX

		To install GCC >= 4.8 on OSX, use [homebrew](http://brew.sh/):
		@@ -200,0 +108,0 @@ ```console

binding.gyp

Sorry, the diff of this file is not supported yet

src/argon2_node.cpp

Sorry, the diff of this file is not supported yet

argon2 - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics