bcrypt-ts
Advanced tools
Comparing version 2.2.0 to 2.2.1
{ | ||
"name": "bcrypt-ts", | ||
"version": "2.2.0", | ||
"version": "2.2.1", | ||
"description": "bcrypt written in typescript", | ||
@@ -18,2 +18,3 @@ "keywords": [ | ||
".": { | ||
"types": "./dist/node.d.mts", | ||
"browser": "./dist/browser.mjs", | ||
@@ -26,2 +27,3 @@ "node": "./dist/node.mjs", | ||
"./browser": { | ||
"types": "./dist/browser.d.mts", | ||
"import": "./dist/browser.mjs", | ||
@@ -32,2 +34,3 @@ "require": "./dist/browser.cjs", | ||
"./node": { | ||
"types": "./dist/node.d.mts", | ||
"import": "./dist/node.mjs", | ||
@@ -45,13 +48,13 @@ "require": "./dist/node.cjs", | ||
], | ||
"packageManager": "pnpm@7.9.5", | ||
"packageManager": "pnpm@7.14.0", | ||
"devDependencies": { | ||
"@rollup/plugin-alias": "3.1.9", | ||
"@rollup/plugin-replace": "4.0.0", | ||
"@rollup/plugin-typescript": "8.3.4", | ||
"@types/node": "18.7.11", | ||
"@typescript-eslint/eslint-plugin": "5.34.0", | ||
"@typescript-eslint/parser": "5.34.0", | ||
"@vitest/coverage-c8": "0.22.1", | ||
"@rollup/plugin-alias": "4.0.2", | ||
"@rollup/plugin-replace": "5.0.1", | ||
"@rollup/plugin-typescript": "9.0.2", | ||
"@types/node": "18.11.8", | ||
"@typescript-eslint/eslint-plugin": "5.42.0", | ||
"@typescript-eslint/parser": "5.42.0", | ||
"@vitest/coverage-c8": "0.24.4", | ||
"c8": "7.12.0", | ||
"eslint": "8.22.0", | ||
"eslint": "8.26.0", | ||
"eslint-config-prettier": "8.5.0", | ||
@@ -61,9 +64,9 @@ "eslint-plugin-prettier": "4.2.1", | ||
"rimraf": "3.0.2", | ||
"rollup": "2.78.1", | ||
"rollup-plugin-dts": "4.2.2", | ||
"rollup": "3.2.5", | ||
"rollup-plugin-dts": "5.0.0", | ||
"rollup-plugin-terser": "7.0.2", | ||
"tslib": "2.4.0", | ||
"typescript": "4.8.2", | ||
"vite": "3.0.9", | ||
"vitest": "0.22.1" | ||
"tslib": "2.4.1", | ||
"typescript": "4.8.4", | ||
"vite": "3.2.2", | ||
"vitest": "0.24.4" | ||
}, | ||
@@ -70,0 +73,0 @@ "scripts": { |
209
README.md
@@ -1,5 +0,208 @@ | ||
# bycrypt-ts | ||
# bcrypt-ts | ||
A typescript version of [bcrypt.js](https://github.com/dcodeIO/bcrypt.js). | ||
Optimized bcrypt written in typescript. Working in both Node.js and browser. | ||
Provides ES modules and declaration files. | ||
> Heavily inspired by [bcrypt.js](https://github.com/dcodeIO/bcrypt.js). | ||
## Security considerations | ||
Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the | ||
iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with | ||
increasing computation power. ([see](http://en.wikipedia.org/wiki/Bcrypt)) | ||
While bcrypt-ts is compatible to the C++ bcrypt binding, it is providing pure JavaScript and thus slower about 30%, effectively reducing the number of iterations that can be processed in an equal time span. | ||
The maximum input length is 72 bytes (note that UTF8 encoded characters use up to 4 bytes) and the length of generated | ||
hashes is 60 characters. | ||
## Highlights | ||
- 0 dependencies, with ONLY 8KB Gzip size | ||
- Written in typescript | ||
- Provide tree-shakable ES module | ||
## Usage | ||
### Node.js | ||
On Node.js, the inbuilt [crypto module](http://nodejs.org/api/crypto.html)'s randomBytes interface is used to obtain secure random numbers. | ||
### Browser | ||
In the browser, bcrypt.js relies on [Web Crypto API](http://www.w3.org/TR/WebCryptoAPI)'s getRandomValues interface to obtain secure random numbers. If no cryptographically secure source of randomness is available, the package will **throw an error**. | ||
## Usage - Sync | ||
To hash a password: | ||
```js | ||
import { genSaltSync, hashSync } from "bcrypt-ts"; | ||
const salt = genSaltSync(10); | ||
const hash = hashSync("B4c0//", salt); | ||
// Store hash in your password DB. | ||
``` | ||
To check a password: | ||
```js | ||
import { compareSync } from "bcrypt-ts"; | ||
// Load hash from your password DB. | ||
compareSync("B4c0//", hash); // true | ||
compareSync("not_bacon", hash); // false | ||
``` | ||
Auto-gen a salt and hash at the same time: | ||
```js | ||
import { hashSync } from "bcrypt-ts"; | ||
const hash = hashSync("bacon", 8); | ||
``` | ||
## Usage - Async | ||
To hash a password: | ||
```js | ||
import { genSalt, hash } from "bcrypt-ts"; | ||
genSalt(10) | ||
.then((salt) => hash("B4c0//", salt)) | ||
.then((hash) => { | ||
// Store hash in your password DB. | ||
}); | ||
``` | ||
To check a password: | ||
```js | ||
import { compare } from "bcrypt-ts"; | ||
// Load hash from your password DB. | ||
const hash = "xxxxxx"; | ||
compare("B4c0//", hash).then((result) => { | ||
// result is `true` | ||
}); | ||
compare("not_bacon", hash).then((result) => { | ||
// result is `false` | ||
}); | ||
``` | ||
Auto-gen a salt and hash: | ||
```js | ||
import { hash } from "bcrypt-ts"; | ||
hash("bacon").then((hash) => { | ||
// do something with hash | ||
}); | ||
``` | ||
**Note:** Under the hood, asynchronisation splits a crypto operation into small chunks. After the completion of a chunk, the execution of the next chunk is placed on the back of [JS event loop queue](https://developer.mozilla.org/en/docs/Web/JavaScript/EventLoop), thus efficiently sharing the computational resources with the other operations in the queue. | ||
## API | ||
```ts | ||
/** | ||
* Encodes a byte array to base64 with up to len bytes of input, using the custom bcrypt alphabet. | ||
* | ||
* @param byteArray Byte array | ||
* @param length Maximum input length | ||
*/ | ||
export const encodeBase64: ( | ||
byteArray: number[] | Buffer, | ||
length: number | ||
) => string; | ||
/** | ||
* Decodes a base64 encoded string to up to len bytes of output, using the custom bcrypt alphabet. | ||
* | ||
* @param contentString String to decode | ||
* @param length Maximum output length | ||
*/ | ||
export const decodeBase64: (contentString: string, length: number) => number[]; | ||
/** | ||
* Synchronously tests a string against a hash. | ||
* | ||
* @param content String to compare | ||
* @param hash Hash to test against | ||
*/ | ||
export const compareSync: (content: string, hash: string) => boolean; | ||
/** | ||
* Asynchronously compares the given data against the given hash. | ||
* | ||
* @param content Data to compare | ||
* @param hash Data to be compared to | ||
* @param progressCallback Callback successively called with the percentage of rounds completed | ||
* (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms. | ||
*/ | ||
export const compare: ( | ||
content: string, | ||
hash: string, | ||
progressCallback?: ((percent: number) => void) | undefined | ||
) => Promise<boolean>; | ||
/** | ||
* Synchronously generates a hash for the given string. | ||
* | ||
* @param contentString String to hash | ||
* @param salt Salt length to generate or salt to use, default to 10 | ||
* @returns Resulting hash | ||
*/ | ||
export const hashSync: ( | ||
contentString: string, | ||
salt?: string | number | ||
) => string; | ||
/** | ||
* Asynchronously generates a hash for the given string. | ||
* | ||
* @param contentString String to hash | ||
* @param salt Salt length to generate or salt to use | ||
* @param progressCallback Callback successively called with the percentage of rounds completed | ||
* (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms. | ||
*/ | ||
export const hash: ( | ||
contentString: string, | ||
salt: number | string, | ||
progressCallback?: ((progress: number) => void) | undefined | ||
) => Promise<string>; | ||
/** | ||
* Gets the number of rounds used to encrypt the specified hash. | ||
* | ||
* @param hash Hash to extract the used number of rounds from | ||
* @returns Number of rounds used | ||
* @throws {Error} If `hash` is not a string | ||
*/ | ||
export const getRounds: (hash: string) => number; | ||
/** | ||
* Gets the salt portion from a hash. Does not validate the hash. | ||
* | ||
* @param hash Hash to extract the salt from | ||
* @returns Extracted salt part | ||
* @throws {Error} If `hash` is not a string or otherwise invalid | ||
*/ | ||
export const getSalt: (hash: string) => string; | ||
/** | ||
* Synchronously generates a salt. | ||
* | ||
* @param rounds Number of rounds to use, defaults to 10 if omitted | ||
* @returns Resulting salt | ||
* @throws {Error} If a random fallback is required but not set | ||
*/ | ||
export const genSaltSync: (rounds?: number) => string; | ||
/** | ||
* Asynchronously generates a salt. | ||
* | ||
* @param rounds Number of rounds to use, defaults to 10 if omitted | ||
*/ | ||
export const genSalt: (rounds?: number) => Promise<string>; | ||
``` | ||
## License | ||
New-BSD / MIT ([see](https://github.com/Mister-Hope/bcrypt-ts/blob/main/LICENSE)) |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
spdx disjunction for an artifact's license information
Licensespdx disjunction for an artifact's license information
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
spdx disjunction for an artifact's license information
Licensespdx disjunction for an artifact's license information
Found 1 instance in 1 package
344097
209
0
15
3
80
298