credential-plus

credential-plus

🛡 Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.

Install

$ npm install --save credential-plus

Plugins

In order to use this package you need at least one plugin. (aka hash function) You can chose one ore more of those plugins:

• credential-plus-pbkdf2
• credential-plus-bcrypt
• credential-plus-scrypt
• credential-plus-argon2

If you create your own plugin, please open a PR and add it to this list.

Usage

Lets call X the plugin package of your choice.

const credential = require('credential-plus');

// Installs the plugin. Replace 'X' with your choice.
credential.install(require('credential-plus-X'));

// Hash and verify with default configs.
credential.hash('We are all humans', {func: 'X'}, (err, hash) => {
  console.log(hash);
  //=> '{"hash":"generated hash", "func":"X"}'
  credential.verify(hash, 'We are all humans', (match) =>{
    console.log(match);
    //=> true
  })
  credential.verify(hash, 'We are all unicorns', (match) =>{
    console.log(match);
    //=> false
  })
});

You can find more detailed usage in the usage section of each plugin:

• pbkdf2
• bcrypt
• scrypt
• argon2

API

hash(password, options, callback)

Creates a new 'unique' hash from a password.

password

Type: string

The password to hash.

options

Type: object

Configurations for the hash function.

func

Type: string

The name of the plugin (hash function) to use. This is the only option field required.

Options available are different for each hash function.
See the API section of the plugin you choose for more details:

• pbkdf2
• bcrypt
• scrypt
• argon2

callback(err, hash)

Type: function

Called after the hash has been computed.

err

Type: object

Possible error thrown.

hash

Type: object

The generated hash.

verify(hash, input, callback)

Determines whether or not the user's input matches the stored password.

hash

Type: string

An hash generated from this package.

input

Type: string

User's input input.

callback(err, valid)

Type: string

Called after the verification process has been computed.

err

Type: object

Possible error thrown.

valid

Type: boolean

True if the hash computed for the input matches.

install(plugin)

Installs an hash function plugin.

plugin

A plugin compatible with this package.

plugins()

Returns the array of the installed plugins (hash functions).

Authors

• Simone Primarosa - simonepri

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details.