The bcryptjs npm package is a library that allows developers to hash and compare passwords securely in Node.js applications. It is a pure JavaScript implementation of the bcrypt password hashing algorithm and is compatible with the C++ bcrypt binding on npm. It's designed to be a reliable and secure way to handle password storage and verification.

What are bcryptjs's main functionalities?

Hashing Passwords

This feature allows you to securely hash passwords using bcrypt. The `genSalt` function generates a salt, and the `hash` function applies the bcrypt hashing algorithm to the password along with the salt.

const bcrypt = require('bcryptjs');
const password = 'myPassword123';
bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(password, salt, function(err, hash) {
    // Store hash in your password DB.
  });
});

Comparing Passwords

This feature is used to compare a plaintext password with a previously hashed one to check if they match. It is commonly used during the login process to verify user credentials.

const bcrypt = require('bcryptjs');
const password = 'myPassword123';
const hash = '$2a$10$N9qo8uLOickgx2ZMRZoMye';
bcrypt.compare(password, hash, function(err, isMatch) {
  if (err) throw err;
  console.log('Password match:', isMatch);
});

Other packages similar to bcryptjs

Readme

Source

Optimized bcrypt in plain JavaScript with zero dependencies. Compiled through Closure Compiler using advanced optimizations, 100% typed code. Fully compatible to bcrypt and also working in the browser.

Features

CommonJS/node.js compatible (via crypto), also available via npm
Shim/browser compatible (via WebCryptoAPI)
RequireJS/AMD compatible
Zero production dependencies
Small footprint
Closure Compiler externs included

Usage

node.js

npm install bcryptjs

var bcrypt = require('bcryptjs');
...

RequireJS/AMD

require.config({
    "paths": {
        "bcrypt": "/path/to/bcrypt.js"
    }
});
require(["bcrypt"], function(bcrypt) {
    ...
});

Shim/browser

<script src="//raw.github.com/dcodeIO/bcrypt.js/master/bcrypt.min.js"></script>

var bcrypt = dcodeIO.bcrypt;
...

Usage - Sync

To hash a password:

var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("B4c0/\/", salt);
// Store hash in your password DB.

To check a password:

// Load hash from your password DB.
bcrypt.compareSync("B4c0/\/", hash); // true
bcrypt.compareSync("not_bacon", hash); // false

Auto-gen a salt and hash:

var hash = bcrypt.hashSync('bacon', 8);

Usage - Async

To hash a password:

var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash("B4c0/\/", salt, function(err, hash) {
        // Store hash in your password DB.
    });
});

To check a password:

// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
    // res == true
});
bcrypt.compare("not_bacon", hash, function(err, res) {
    // res = false
});

Auto-gen a salt and hash:

bcrypt.hash('bacon', 8, function(err, hash) {
});

API

bcrypt

bcrypt namespace.

bcrypt.genSaltSync(rounds, seed_length)

Synchronously generates a salt.

Name	Type	Description
rounds*	number	Number of rounds to use, defaults to 10 if omitted
seed_length*	number	Not supported.

returns	string	Resulting salt

bcrypt.genSalt(rounds, seed_length, callback*)

Asynchronously generates a salt.

Name	Type	Description
rounds*	(number ¦ function(Error, ?string))	Number of rounds to use, defaults to 10 if omitted
seed_length*	(number ¦ function(Error, ?string))	Not supported.
callback*	function(Error, ?string)	Callback receiving the error, if any, and the resulting salt

bcrypt.hashSync(s, salt*)

Synchronously generates a hash for the given string.

Name	Type	Description
s	string	String to hash
salt*	(number ¦ string)	Salt length to generate or salt to use, default to 10

returns	?string	Resulting hash, actually never null

bcrypt.hash(s, salt, callback)

Asynchronously generates a hash for the given string.

Name	Type	Description
s	string	String to hash
salt	number ¦ string	Salt length to generate or salt to use
callback	function(Error, ?string)	Callback receiving the error, if any, and the resulting hash

bcrypt.compareSync(s, hash)

Synchronously tests a string against a hash.

Name	Type	Description
s	string	String to compare
hash	string	Hash to test against

returns	boolean	true if matching, otherwise false
throws	Error	If an argument is illegal

bcrypt.compare(s, hash, callback)

Asynchronously compares the given data against the given hash.

Name	Type	Description
s	string	Data to compare
hash	string	Data to be compared to
callback	function(Error, boolean)	Callback receiving the error, if any, otherwise the result

throws	Error	If the callback argument is invalid

bcrypt.getRounds(hash)

Gets the number of rounds used to encrypt the specified hash.

Name	Type	Description
hash	string	Hash to extract the used number of rounds from

returns	number	Number of rounds used
throws	Error	If hash is not a string

bcrypt.getSalt(hash)

Gets the salt portion from a hash.

Name	Type	Description
hash	string	Hash to extract the salt from

returns	string	Extracted salt part portion
throws	Error	If `hash` is not a string or otherwise invalid

Command line

Usage: bcrypt <input> [salt]

If the input has spaces inside, simply surround it with quotes.

Downloads

Credits

Based on work started by Shane Girish at bcrypt-nodejs (MIT-licensed), which is itself based on javascript-bcrypt (New BSD-licensed).

License

Apache License, Version 2.0 if not stated otherwise

Keywords

FAQs

What is bcryptjs?

Is bcryptjs well maintained?

Last updated on 08 Jun 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

bcryptjs