Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
pbkdf2
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
pbkdf2 
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
Usage
var pbkdf2 = require('pbkdf2')
var derivedKey = pbkdf2.pbkdf2Sync('password', 'salt', 1, 32, 'sha512')
...
For more information on the API, please see the relevant Node documentation.
For high performance, use the async variant (pbkdf2.pbkdf2), not pbkdf2.pbkdf2Sync; this variant has the oppurtunity to use window.crypto.subtle when browserified.
Credits
This module is a derivative of cryptocoinjs/pbkdf2-sha256, so thanks to JP Richardson for laying the ground work.
Thank you to FangDun Cai for donating the package name on npm, if you're looking for his previous module it is located at fundon/pbkdf2.
v3.1.5 - 2025-09-23
Commits
Other packages similar to pbkdf2
bcrypt
bcrypt is a popular npm package used for hashing passwords. It is based on the Blowfish cipher and includes a salt to protect against rainbow table attacks. Unlike pbkdf2, bcrypt has its own built-in salt generation and a simpler API for hashing and comparing passwords.
argon2
argon2 is another npm package that provides password hashing. It is the winner of the Password Hashing Competition and is recommended for new applications over pbkdf2 and bcrypt. Argon2 has better resistance to GPU cracking attacks and offers multiple variants for different use cases.
scrypt
scrypt is a password-based key derivation function that is designed to be far more secure against hardware brute-force attacks than alternative functions such as pbkdf2. It is also available as an npm package and is used for secure password hashing by requiring more memory to perform the hash.
FAQs
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
The npm package pbkdf2 receives a total of 8,719,802 weekly downloads. As such, pbkdf2 popularity was classified as popular.
We found that pbkdf2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 24 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025