🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
argon2 - npm Package Compare versions
Comparing version 0.20.0 to 0.20.1
| 'use strict' | ||
| const { randomBytes } = require('crypto') | ||
| const { randomBytes, timingSafeEqual } = require('crypto') | ||
| const { promisify } = require('util') | ||
@@ -69,5 +69,5 @@ const bindings = require('bindings')('argon2') | ||
| }) | ||
| return expected.equals(hash) | ||
| return timingSafeEqual(expected, hash) | ||
| } | ||
| module.exports = { defaults, limits, hash, needsRehash, verify, ...types } |
| { | ||
| "name": "argon2", | ||
| "version": "0.20.0", | ||
| "version": "0.20.1", | ||
| "description": "An Argon2 library for Node", | ||
@@ -5,0 +5,0 @@ "main": "argon2.js", |
110
README.md
@@ -15,4 +15,4 @@ # node-argon2 | ||
| ### Usage | ||
| It's possible to hash a password using both Argon2i (default) Argon2d and Argon2id, sync | ||
| and async, and to verify if a password matches a hash. | ||
| It's possible to hash using either Argon2i (default), Argon2d and Argon2id, and | ||
| verify if a password matches a hash. | ||
@@ -23,10 +23,2 @@ To hash a password: | ||
| argon2.hash('password').then(hash => { | ||
| // ... | ||
| }).catch(err => { | ||
| // ... | ||
| }); | ||
| // ES7 or TypeScript | ||
| try { | ||
@@ -38,88 +30,9 @@ const hash = await argon2.hash("password"); | ||
| ``` | ||
| You can choose between Argon2i, Argon2d and Argon2id by passing an object as the third | ||
| argument with the `type` key set to which type you want to use: | ||
| ```js | ||
| argon2.hash('password', { | ||
| type: argon2.argon2d | ||
| }).then(hash => { | ||
| // ... | ||
| }).catch(err => { | ||
| // internal failure | ||
| }); | ||
| // ES7 or TypeScript | ||
| To see how you can modify the output (hash length, encoding) and parameters | ||
| (time cost, memory cost and parallelism), | ||
| [read the wiki](https://github.com/ranisalt/node-argon2/wiki/Options) | ||
| try { | ||
| const hash = await argon2.hash('password', { | ||
| type: argon2.argon2d | ||
| }); | ||
| } catch (err) { | ||
| // internal failure | ||
| } | ||
| ``` | ||
| The `type` option is flexible and accepts 0, 1 or 2 for Argon2d, Argon2i and Argon2id respectively. | ||
| You can also get the hash as a raw Node Buffer by passing 'true' to the 'raw' option: | ||
| ```js | ||
| argon2.hash('password', { | ||
| raw: true | ||
| }).then(hash => { | ||
| // ... hash is a Buffer | ||
| }).catch(err => { | ||
| // internal failure | ||
| }); | ||
| // ES7 or TypeScript | ||
| try { | ||
| const hash = await argon2.hash('password', { | ||
| raw: true | ||
| }); | ||
| } catch (err) { | ||
| // internal failure | ||
| } | ||
| ``` | ||
| You can change the Promise with | ||
| [any-promise](https://www.npmjs.com/package/any-promise). Try using Bluebird or | ||
| Q for enhanced functionality. | ||
| You can also modify time, memory and parallelism constraints passing the object | ||
| as the third parameter, with keys `timeCost`, `memoryCost` and `parallelism`, | ||
| respectively defaulted to 3, 4096 (KiB) and 1 (threads): | ||
| ```js | ||
| const options = { | ||
| timeCost: 4, memoryCost: 2 ** 13, parallelism: 2, type: argon2.argon2d | ||
| }; | ||
| argon2.hash('password', options).then(hash => { | ||
| // ... | ||
| }); | ||
| // ES7 or TypeScript | ||
| const hash = await argon2.hash("password", options); | ||
| ``` | ||
| The default parameters for Argon2 can be accessed with `defaults`: | ||
| ```js | ||
| console.log(argon2.defaults); | ||
| // => { timeCost: 3, memoryCost: 4096, parallelism: 1, type: argon2.argon2i } | ||
| ``` | ||
| To verify a password: | ||
| ```js | ||
| argon2.verify('<big long hash>', 'password').then(match => { | ||
| if (match) { | ||
| // password match | ||
| } else { | ||
| // password did not match | ||
| } | ||
| }).catch(err => { | ||
| // internal failure | ||
| }); | ||
| // ES7 or TypeScript | ||
| try { | ||
@@ -135,8 +48,3 @@ if (await argon2.verify("<big long hash>", "password")) { | ||
| ``` | ||
| First parameter must have been generated by an Argon2 encoded hashing method, | ||
| not raw. | ||
| When you hit an internal failure, the message is properly set. If it is not or | ||
| you do not understand it, feel free to open an issue. | ||
| ### TypeScript Usage | ||
@@ -181,4 +89,5 @@ A TypeScript type declaration file is published with this module. If you are | ||
| The interface of both are very similar, notably node-argon2-ffi splits the | ||
| argon2i and argon2d function set, but this module also has the argon2id option. Also, while | ||
| node-argon2-ffi suggests you promisify `crypto.randomBytes, this library does that internally. | ||
| argon2i and argon2d function set, but this module also has the argon2id option. | ||
| Also, while node-argon2-ffi suggests you promisify `crypto.randomBytes`, this | ||
| library does that internally. | ||
@@ -194,6 +103,5 @@ Performance-wise, the libraries are equal. You can run the same benchmark suite | ||
| **node-argon2** works only and is tested against Node >=4.0.0. | ||
| **node-argon2** works only and is tested against Node >=8.0.0. | ||
| #### OSX | ||
| To install GCC >= 4.8 on OSX, use [homebrew](http://brew.sh/): | ||
@@ -200,0 +108,0 @@ ```console |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
208119
3.17%- Number of package files
27
3.85%- Lines of code
524
82.58%- Number of medium supply chain risk alerts
1
-50%Worsened metrics
- Number of lines in readme file
139
-39.83%No dependency changes