bcrypt-as-promised - npm Package Compare versions

Comparing version 1.0.1 to 1.1.0

index.js

 'use strict';
 
+var util = require('util');
+
 var bcrypt = require('bcrypt');
@@ -12,10 +14,23 @@ var nodefn = require('when/node');
 
+function MismatchError(message){
+  Error.call(this);
+  this.message = message;
+  this.name = MismatchError.name;
+  if(typeof Error.captureStackTrace === 'function'){
+    Error.captureStackTrace(this, MismatchError);
+  }
+}
+util.inherits(MismatchError, Error);
+
+function throwOnInvalid(valid){
+  if(!valid){
+    return when.reject(new MismatchError('invalid'));
+  } else {
+    return valid;
+  }
+}
+
 function compare(password, hash){
   return getValid(password, hash)
-    .then(function(valid){
-      if(!valid){
-        return when.reject(new Error('invalid'));
-      }
-      return valid;
-    });
+    .then(throwOnInvalid);
 }
@@ -38,3 +53,4 @@
   compare: compare,
-  getRounds: getRounds
+  getRounds: getRounds,
+  MISMATCH_ERROR: MismatchError
 };

package.json

 {
   "name": "bcrypt-as-promised",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "A promisified bcrypt",
@@ -8,3 +8,3 @@ "main": "index.js",
     "test": "istanbul cover _mocha && npm run check-coverage",
-    "check-coverage": "istanbul check-coverage --statements 100 --branches 100 --lines 100 --functions 100"
+    "check-coverage": "istanbul check-coverage"
   },
@@ -11,0 +11,0 @@ "repository": {

Readme.md

@@ -16,24 +16,34 @@ bcrypt-as-promised
 hashing:
-```javascript
-    bcrypt.hash('my password', 10)
-      .then(console.log, console.error)
+```js
+bcrypt.hash('my password', 10)
+  .then(console.log, console.error)
 ```
 
 comparing:
-(note that an invalid password/hash combo errors as a rejected promise)
-```javascript
-    bcrypt.compare('my password', someHash)
-      .then(console.log, console.error)
+```js
+bcrypt.compare('my password', someHash)
+  .then(console.log, console.error)
 ```
 
+__Note: an invalid password/hash combo errors as a rejected promise__
+
+The rejection can be checked against `instanceof bcrypt.MISMATCH_ERROR`
+
+```js
+bcrypt.compare('invalid password', someHash)
+  .then(handleValidPassword)
+  .catch(bcrypt.MISMATCH_ERROR, handleInvalidPassword)
+  .catch(handleOtherErrors);
+```
+
 generating a salt:
-```javascript
-    bcrypt.genSalt(10)
-      .then(console.log, console.error)
+```js
+bcrypt.genSalt(10)
+  .then(console.log, console.error)
 ```
 
 calculating the rounds used in a salt:
-```javascript
-    bcrypt.getRounds(someHash)
-      .then(console.log, console.error)
+```js
+bcrypt.getRounds(someHash)
+  .then(console.log, console.error)
 ```

test/index.js

@@ -53,2 +53,8 @@ 'use strict';
 
+  it('should error with MISMATCH_ERROR on an invalid password', function(){
+    var badPassword = 'a BAD password';
+    return expect(bcrypt.compare(badPassword, goodHash))
+      .to.eventually.be.rejectedWith(bcrypt.MISMATCH_ERROR);
+  });
+
   it('should get number of rounds from a hash', function(){
@@ -55,0 +61,0 @@ return expect(bcrypt.getRounds(goodHash))

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6269

increased by12.81%

Lines of code

96

increased by23.08%

Number of lines in readme file

49

increased by25.64%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes