Security News
New axobject-query Maintainer Faces Backlash Over Controversial Decision to Support Legacy Node.js Versions
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.
node-pbkdf2
Advanced tools
Readme
Wrapper to hash and check password with Node's crypto module's built-in pbkdf2.
It abstracts the API change between Node v0.8 and v0.10, you can begin using this module with any version and it will also work on the others.
It is future-proof, meaning that you can change the parameters to arbitrarily increase the strength of new password encryption and it will still be able to check against passwords encrypted with the old method.
// Install it
npm install node-pbkdf2
// Run tests (dev dependencies need to be installed)
make test
// You can also test it works across the API change between Node v0.8 and v0.10
// You need to have nvm, node v0.8 and node v0.10 for this test
make testVersionSwitch
// Create a new password hasher with standard strength parameters
var NodePbkdf2 = require('node-pbkdf2')
, hasher = new NodePbkdf2({ iterations: 10000, saltLength: 12, derivedKeyLength: 30 });
// Hash a password
hasher('supersecret', function (err, encryptedPassword) {
// encryptedPassword is a string
});
// Check a given password against an encrypted one
hasher('supersecret', encryptedPassword, function (err, passwordIsCorrect) {
// passwordIsCorrect is true
});
MIT, do whatever you want with the code, just leave this message here
(c) 2013 Louis Chatriot (louis@tldr.io)
FAQs
Wrapper around pbkdf2 to securely and hash and check passwords in a future-proof manner, abstracting the API change between node v0.8 and v0.10
The npm package node-pbkdf2 receives a total of 1 weekly downloads. As such, node-pbkdf2 popularity was classified as not popular.
We found that node-pbkdf2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.
Security News
Results from the 2023 State of JavaScript Survey highlight key trends, including Vite's dominance, rising TypeScript adoption, and the enduring popularity of React. Discover more insights on developer preferences and technology usage.
Security News
The US Justice Department has penalized two consulting firms $11.3 million for failing to meet cybersecurity requirements on federally funded projects, emphasizing strict enforcement to protect sensitive government data.