Security News
ESLint Adds Official Support for Linting HTML
ESLint now supports HTML linting with 48 new rules, expanding its language plugin system to cover more of the modern web development stack.
By Sarah Gooding - May 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
node-passlib
Advanced tools
node-passlib
Unofficial library to generate and verify python-passlib compatible PBKDF2 hashes.
This module provides a verification function to verify python-passlibs (https://passlib.readthedocs.io/) encoded PBKDF2-hashes. Tested with passlib 1.7.4 and PBKDF2-SHA512 algorithm.
Installation
$ npm install node-passlib
Usage
import { verify } from 'node-passlib';
// python-passlib PBKDF2-SHA512 hash
const pbkdf2Hash = '$pbkdf2-sha512$25000$JKSU8r63VgrBmHMO4RwjRA$bUL/owmBl8slaj.fjONmdRijzOs4Lo6EwbKtoA6EPX1hs1BCdg3JRjfkR3WX5/mZ4cIhtJhFVFxrLlq1lHfpQw';
verify('yourpassword', pbkdf2Hash);
// true
verify('wrongpassword', pbkdf2Hash);
// false
Passlib 1.7.4 default algorithm is pbkdf2_sha512 with a keylen of 64 for the SHA512 digest. If you want to verify a different algorithm you may have to specify the keylen.
const sha256Hash = '$pbkdf2-sha256$29000$49wbQyil1JqTcs7Z23tvTQ$EqGpkZH6Gb2ZE92/VY7B1uuO.CUR8xc4bU.TNsDIekI';
verify('yourpassword', sha256Hash, 32);
Disclaimer
UNOFFICIAL - USE AT YOUR OWN RISK!
Using this lib is not as save as passlib itself. Passlib does way more security stuff like preventing timing attacks in the verify method. It's not recommended to use this lib in production if you are not aware of the risk.
FAQs
Generate and verify python-passlib compatible PBKDF2 hashes.
The npm package node-passlib receives a total of 270 weekly downloads. As such, node-passlib popularity was classified as not popular.
We found that node-passlib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Dec 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
CISA Kills Off RSS Feeds for KEVs and Cyber Alerts
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.
By Sarah Gooding - May 12, 2025
Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025