bcrypt - npm Package Compare versions

Comparing version 0.8.5 to 0.8.6

package.json

@@ -14,3 +14,3 @@ {
   "main": "./bcrypt",
-  "version": "0.8.5",
+  "version": "0.8.6",
   "author": "Nick Campbell (https://github.com/ncb000gt)",
@@ -33,3 +33,3 @@ "engines": {
     "bindings": "1.2.1",
-    "nan": "2.0.5"
+    "nan": "2.2.1"
   },
@@ -55,2 +55,2 @@ "devDependencies": {
   ]
-}
+}

README.md

@@ -39,2 +39,4 @@ # node.bcrypt.js
 
+> Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords.
+
 As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible.
@@ -50,3 +52,3 @@
 * `node-gyp`
- * Please check the dependencies for this tool at: https://github.com/TooTallNate/node-gyp/
+ * Please check the dependencies for this tool at: https://github.com/nodejs/node-gyp
   * Windows users will need the options for c# and c++ installed with their visual studio instance.
@@ -67,8 +69,16 @@ * Python 2.x
 
-To hash a password:
+```javascript
+var bcrypt = require('bcrypt');
+const saltRounds = 10;
+const myPlaintextPassword = 's0/\/\P4$$w0rD';
+const someOtherPlaintextPassword = 'not_bacon';
+```
 
+#### To hash a password:
+
+Technique 1 (generate a salt and hash on separate function calls):
+
 ```javascript
-var bcrypt = require('bcrypt');
-bcrypt.genSalt(10, function(err, salt) {
-    bcrypt.hash('B4c0/\/', salt, function(err, hash) {
+bcrypt.genSalt(saltRounds, function(err, salt) {
+    bcrypt.hash(myPlaintextPassword, salt, function(err, hash) {
         // Store hash in your password DB.
@@ -79,10 +89,20 @@ });
 
-To check a password:
+Technique 2 (auto-gen a salt and hash):
 
 ```javascript
+bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
+  // Store hash in your password DB.
+});
+```
+
+Note that both techniques achieve the same end-result.
+
+#### To check a password:
+
+```javascript
 // Load hash from your password DB.
-bcrypt.compare('B4c0/\/', hash, function(err, res) {
+bcrypt.compare(myPlaintextPassword, hash, function(err, res) {
     // res == true
 });
-bcrypt.compare('not_bacon', hash, function(err, res) {
+bcrypt.compare(someOtherPlaintextPassword, hash, function(err, res) {
     // res == false
@@ -92,33 +112,37 @@ });
 
-Auto-gen a salt and hash:
 
+### sync
+
 ```javascript
-bcrypt.hash('bacon', 8, function(err, hash) {
-});
+var bcrypt = require('bcrypt');
+const saltRounds = 10;
+const myPlaintextPassword = 's0/\/\P4$$w0rD';
+const someOtherPlaintextPassword = 'not_bacon';
 ```
 
+#### To hash a password:
 
-### sync
+Technique 1 (generate a salt and hash on separate function calls):
 
-To hash a password:
-
 ```javascript
-var bcrypt = require('bcrypt');
-var salt = bcrypt.genSaltSync(10);
-var hash = bcrypt.hashSync('B4c0/\/', salt);
+var salt = bcrypt.genSaltSync(saltRounds);
+var hash = bcrypt.hashSync(myPlaintextPassword, salt);
 // Store hash in your password DB.
 ```
 
-To check a password:
+Technique 2 (auto-gen a salt and hash):
 
 ```javascript
-// Load hash from your password DB.
-bcrypt.compareSync('B4c0/\/', hash); // true
-bcrypt.compareSync('not_bacon', hash); // false
+var hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);
+// Store hash in your password DB.
 ```
 
-Auto-gen a salt and hash:
+As with async, both techniques achieve the same end-result.
 
+#### To check a password:
+
 ```javascript
-var hash = bcrypt.hashSync('bacon', 8);
+// Load hash from your password DB.
+bcrypt.compareSync(myPlaintextPassword, hash); // true
+bcrypt.compareSync(someOtherPlaintextPassword, hash); // false
 ```
@@ -139,6 +163,6 @@
     * `data` - [REQUIRED] - the data to be encrypted.
-    * `salt` - [REQUIRED] - the salt to be used in encryption.
+    * `salt` - [REQUIRED] - the salt to be used to hash the password. if specified as a number then a salt will be generated with the specified number of rounds and used (see example under **Usage**).
   * `hash(data, salt, cb)`
     * `data` - [REQUIRED] - the data to be encrypted.
-    * `salt` - [REQUIRED] - the salt to be used to hash the password. if specified as a number then a salt will be generated and used (see examples).
+    * `salt` - [REQUIRED] - the salt to be used to hash the password. if specified as a number then a salt will be generated with the specified number of rounds and used (see example under **Usage**).
     * `cb` - [REQUIRED] - a callback to be fired once the data has been encrypted. uses eio making it asynchronous.
@@ -221,3 +245,3 @@ * `err` - First parameter to the callback detailing any errors.
 
-[bcryptwiki]: http://en.wikipedia.org/wiki/Bcrypt
+[bcryptwiki]: https://en.wikipedia.org/wiki/Bcrypt
 [bcryptgs]: http://mail-index.netbsd.org/tech-crypto/2002/05/24/msg000204.html
@@ -224,0 +248,0 @@ [codahale]: http://codahale.com/how-to-safely-store-a-password/

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

81693

increased by1.34%

Number of lines in readme file

260

increased by10.17%

Dependency changes

• + Addednan@2.2.1(transitive)

• - Removednan@2.0.5(transitive)

• Updatednan@2.2.1