Optimized bcrypt in plain JavaScript with zero dependencies. Compiled through Closure Compiler using advanced
optimizations, 100% typed code. Fully compatible to bcrypt and also working in the
browser.
Features
- CommonJS/node.js compatible (via crypto), also available via npm
- Shim/browser compatible (via WebCryptoAPI)
- RequireJS/AMD compatible
- Zero production dependencies
- Small footprint
- Closure Compiler externs included
Usage
node.js
npm install bcryptjs
var bcrypt = require('bcryptjs');
...
RequireJS/AMD
require.config({
"paths": {
"bcrypt": "/path/to/bcrypt.js"
}
});
require(["bcrypt"], function(bcrypt) {
...
});
Shim/browser
<script src="//raw.github.com/dcodeIO/bcrypt.js/master/bcrypt.min.js"></script>
var bcrypt = dcodeIO.bcrypt;
...
Usage - Sync
To hash a password:
var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("B4c0/\/", salt);
To check a password:
bcrypt.compareSync("B4c0/\/", hash);
bcrypt.compareSync("not_bacon", hash);
Auto-gen a salt and hash:
var hash = bcrypt.hashSync('bacon', 8);
Usage - Async
To hash a password:
var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash("B4c0/\/", salt, function(err, hash) {
});
});
To check a password:
bcrypt.compare("B4c0/\/", hash, function(err, res) {
});
bcrypt.compare("not_bacon", hash, function(err, res) {
});
Auto-gen a salt and hash:
bcrypt.hash('bacon', 8, function(err, hash) {
});
API
bcrypt
bcrypt namespace.
bcrypt.genSaltSync(rounds*, seed_length*)
Synchronously generates a salt.
Name | Type | Description |
---|
rounds* | number | Number of rounds to use, defaults to 10 if omitted |
seed_length* | number | Not supported. |
| | |
returns | string | Resulting salt |
bcrypt.genSalt(rounds*, seed_length*, callback*)
Asynchronously generates a salt.
Name | Type | Description |
---|
rounds* | (number ¦ function(Error, ?string)) | Number of rounds to use, defaults to 10 if omitted |
seed_length* | (number ¦ function(Error, ?string)) | Not supported. |
callback* | function(Error, ?string) | Callback receiving the error, if any, and the resulting salt |
bcrypt.hashSync(s, salt*)
Synchronously generates a hash for the given string.
Name | Type | Description |
---|
s | string | String to hash |
salt* | (number ¦ string) | Salt length to generate or salt to use, default to 10 |
| | |
returns | ?string | Resulting hash, actually never null |
bcrypt.hash(s, salt, callback)
Asynchronously generates a hash for the given string.
Name | Type | Description |
---|
s | string | String to hash |
salt | number ¦ string | Salt length to generate or salt to use |
callback | function(Error, ?string) | Callback receiving the error, if any, and the resulting hash |
bcrypt.compareSync(s, hash)
Synchronously tests a string against a hash.
Name | Type | Description |
---|
s | string | String to compare |
hash | string | Hash to test against |
| | |
returns | boolean | true if matching, otherwise false |
throws | Error | If an argument is illegal |
bcrypt.compare(s, hash, callback)
Asynchronously compares the given data against the given hash.
Name | Type | Description |
---|
s | string | Data to compare |
hash | string | Data to be compared to |
callback | function(Error, boolean) | Callback receiving the error, if any, otherwise the result |
| | |
throws | Error | If the callback argument is invalid |
bcrypt.getRounds(hash)
Gets the number of rounds used to encrypt the specified hash.
Name | Type | Description |
---|
hash | string | Hash to extract the used number of rounds from |
| | |
returns | number | Number of rounds used |
throws | Error | If hash is not a string |
bcrypt.getSalt(hash)
Gets the salt portion from a hash.
Name | Type | Description |
---|
hash | string | Hash to extract the salt from |
| | |
returns | string | Extracted salt part portion |
throws | Error | If hash is not a string or otherwise invalid |
Command line
Usage: bcrypt <input> [salt]
If the input has spaces inside, simply surround it with quotes.
Downloads
Credits
Based on work started by Shane Girish at bcrypt-nodejs (MIT-licensed),
which is itself based on javascript-bcrypt (New BSD-licensed).
License
Apache License, Version 2.0 if not stated otherwise