wmcrypt

wmcrypt

A lightweight alternative to bcrypt for password hashing and verification using Node.js built-in crypto module.

Features

• Simple API for password hashing and verification
• Uses PBKDF2 with SHA-512 for strong security
• No external dependencies (uses Node.js crypto)
• Fast and easy to use
• Suitable for authentication systems

Installation

Install via npm (local usage):

npm install ./wmcrypt

Or if published to npm:

npm install wmcrypt

Usage

Import

const { hashPassword, verifyPassword } = require('wmcrypt');

Hash a Password

const password = 'mySecret123';
const hashed = hashPassword(password);
console.log('Hashed:', hashed);

Verify a Password

const isMatch = verifyPassword('mySecret123', hashed);
console.log('Password match:', isMatch); // true

const isMismatch = verifyPassword('wrongPass', hashed);
console.log('Password match:', isMismatch); // false

Example

See test/wmcrypt.test.js for a complete example:

const { hashPassword, verifyPassword } = require('../src/index');

const password = 'mySecret123';
const hashed = hashPassword(password);

console.log('Hashed:', hashed);
console.log('Match:', verifyPassword(password, hashed)); // true
console.log('Mismatch:', verifyPassword('wrongPass', hashed)); // false

API Reference

hashPassword(password: string): string

• Hashes the given password with a random salt.
• Returns a string in the format salt:hash.

verifyPassword(password: string, storedHash: string): boolean

• Verifies the password against the stored hash.
• Returns true if the password matches, otherwise false.

How It Works

• Generates a random salt for each password.
• Uses PBKDF2 with SHA-512, 100,000 iterations, and a 64-byte key.
• Stores salt and hash together, separated by a colon.

Project Structure

• src/index.js: Main implementation.
• test/wmcrypt.test.js: Example and tests.
• package.json: Project metadata and scripts.

License

MIT