New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

calibrate-bcrypt-rounds

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

calibrate-bcrypt-rounds - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

7

dist/index.d.ts

@@ -1,2 +0,5 @@

import * as bcryptLike from 'bcryptjs';
export default function calibrateBcryptRounds(bcrypt: typeof bcryptLike, minimumTime: number): Promise<number>;
interface BcryptLike {
hash(value: string, rounds: number): Promise<any>;
}
export default function calibrateBcryptRounds(bcrypt: BcryptLike, minimumTime: number): Promise<number>;
export {};

2

dist/index.js

@@ -15,2 +15,2 @@ "use strict";

exports.default = calibrateBcryptRounds;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiLi9zcmMvIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUVlLEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxNQUF5QixFQUFFLFdBQW1CO0lBQ2hHLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztJQUNsQixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7SUFDZixPQUFPLFNBQVMsR0FBRyxXQUFXLEVBQUU7UUFDOUIsTUFBTSxJQUFJLENBQUMsQ0FBQztRQUNaLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUMzQixNQUFNLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ3RDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsU0FBUyxDQUFDO0tBQ3BDO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQVZELHdDQVVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgYmNyeXB0TGlrZSBmcm9tICdiY3J5cHRqcyc7XG5cbmV4cG9ydCBkZWZhdWx0IGFzeW5jIGZ1bmN0aW9uIGNhbGlicmF0ZUJjcnlwdFJvdW5kcyhiY3J5cHQ6IHR5cGVvZiBiY3J5cHRMaWtlLCBtaW5pbXVtVGltZTogbnVtYmVyKSB7XG4gIGxldCB0aW1lVGFrZW4gPSAwO1xuICBsZXQgcm91bmRzID0gMTtcbiAgd2hpbGUgKHRpbWVUYWtlbiA8IG1pbmltdW1UaW1lKSB7XG4gICAgcm91bmRzICs9IDE7XG4gICAgbGV0IHN0YXJ0VGltZSA9IERhdGUubm93KCk7XG4gICAgYXdhaXQgYmNyeXB0Lmhhc2goJzEyMzQ1Njc4Jywgcm91bmRzKTtcbiAgICB0aW1lVGFrZW4gPSBEYXRlLm5vdygpIC0gc3RhcnRUaW1lO1xuICB9XG4gIHJldHVybiByb3VuZHM7XG59XG4iXX0=
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiLi9zcmMvIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUllLEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxNQUFrQixFQUFFLFdBQW1CO0lBQ3pGLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztJQUNsQixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7SUFDZixPQUFPLFNBQVMsR0FBRyxXQUFXLEVBQUU7UUFDOUIsTUFBTSxJQUFJLENBQUMsQ0FBQztRQUNaLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUMzQixNQUFNLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ3RDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsU0FBUyxDQUFDO0tBQ3BDO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQVZELHdDQVVDIiwic291cmNlc0NvbnRlbnQiOlsiaW50ZXJmYWNlIEJjcnlwdExpa2Uge1xuICBoYXNoKHZhbHVlOiBzdHJpbmcsIHJvdW5kczogbnVtYmVyKTogUHJvbWlzZTxhbnk+O1xufVxuXG5leHBvcnQgZGVmYXVsdCBhc3luYyBmdW5jdGlvbiBjYWxpYnJhdGVCY3J5cHRSb3VuZHMoYmNyeXB0OiBCY3J5cHRMaWtlLCBtaW5pbXVtVGltZTogbnVtYmVyKSB7XG4gIGxldCB0aW1lVGFrZW4gPSAwO1xuICBsZXQgcm91bmRzID0gMTtcbiAgd2hpbGUgKHRpbWVUYWtlbiA8IG1pbmltdW1UaW1lKSB7XG4gICAgcm91bmRzICs9IDE7XG4gICAgbGV0IHN0YXJ0VGltZSA9IERhdGUubm93KCk7XG4gICAgYXdhaXQgYmNyeXB0Lmhhc2goJzEyMzQ1Njc4Jywgcm91bmRzKTtcbiAgICB0aW1lVGFrZW4gPSBEYXRlLm5vdygpIC0gc3RhcnRUaW1lO1xuICB9XG4gIHJldHVybiByb3VuZHM7XG59XG4iXX0=

3

package.json
{
"name": "calibrate-bcrypt-rounds",
"version": "1.1.0",
"version": "1.1.1",
"description": "Calculate bcrypt rounds on the fly rather than hardcoding a specific number",

@@ -28,3 +28,2 @@ "main": "dist/index.js",

"@commitlint/config-conventional": "^7.0.1",
"@types/bcrypt": "^2.0.0",
"@types/bcryptjs": "^2.4.1",

@@ -31,0 +30,0 @@ "@types/lodash": "^4.14.116",

23

Readme.md

@@ -27,2 +27,17 @@ # calibrate-bcrypt-rounds

**Note:** using `calibrate` will help pick the right cost factor every time
you restart or redeploy your app. But it won't update old passwords hashed
with fewer rounds. As you check passwords, you should also check to see if
they need to be rehashed with more rounds to keep them secure, i.e.:
```js
if (await bcrypt.compare(req.body.password, user.hashedPassword)) {
// User has authenticated, now rehash password if needed
if (bcrypt.getRounds(user.hashedPassword) < myAppConfig.bcryptRoundsFromCalibration) {
user.hashedPassword = await bcrypt.hash(req.body.password, myAppConfig.bcryptRoundsFromCalibration);
await user.save();
}
// ...
}
## Motivation

@@ -33,4 +48,4 @@

first released in 1999, the original suggested cost factor was 6. Today
(2018), that recommendation is now somewhere between 11 and 14 (each
increment of the cost factor doubles the work).
(2018), thanks to faster hardware, that recommendation is now somewhere
between 11 and 14 (each increment of the cost factor doubles the work).

@@ -41,3 +56,7 @@ Rather than hardcoding a specific cost factor into your code (which will likely

This module automates that process by running bcrypt with progressively
increasing cost factors until it takes at least as long as you specify to
hash a password.
See [this Security StackExchange answer](https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256/3993#3993)
for more detail.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc