Scribd
Upload
6 views

bcryptjs - npm

bcryptjs is a JavaScript library for hashing passwords with zero dependencies, compatible with both Node.js and browsers. It provides synchronous and asynchronous methods for generating salts and hashes, while ensuring security against brute-force attacks through its adaptive function. The library is published under the MIT license and has been downloaded approximately 4.8 million times per month.

Uploaded by

Glodi Mbenza
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

bcryptjs - npm

bcryptjs is a JavaScript library for hashing passwords with zero dependencies, compatible with both Node.js and browsers. It provides synchronous and asynchronous methods for generating salts and hashes, while ensuring security against brute-force attacks through its adaptive function. The library is published under the MIT license and has been downloaded approximately 4.8 million times per month.

Uploaded by

Glodi Mbenza
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

20/11/2021 22:28 bcryptjs - npm

Products Pricing Documentation Community

Sign Up Sign In

Search packages Search

bcryptjs
2.4.3 • Public • Published 5 years ago

Readme

Explore BETA

0 Dependencies

2 537 Dependents

25 Versions

bcrypt.js
Optimized bcrypt in JavaScript with zero dependencies. Compatible to the C++ bcrypt
binding on node.js and also working in the browser.

build error npm v2.4.3 downloads 4.8M/month donate ❤

Security considerations
Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an
adaptive function: over time, the iteration count can be increased to make it slower, so it
remains resistant to brute-force search attacks even with increasing computation power.
(see)

While bcrypt.js is compatible to the C++ bcrypt binding, it is written in pure JavaScript
and thus slower (about 30%), effectively reducing the number of iterations that can be

https://www.npmjs.com/package/bcryptjs 1/10
20/11/2021 22:28 bcryptjs - npm

processed in an equal time span.

The maximum input length is 72 bytes (note that UTF8 encoded characters use up to 4
bytes) and the length of generated hashes is 60 characters.

Usage
The library is compatible with CommonJS and AMD loaders and is exposed globally as
dcodeIO.bcrypt if neither is available.

node.js
On node.js, the inbuilt crypto module's randomBytes interface is used to obtain secure
random numbers.

npm install bcryptjs

var bcrypt = require('bcryptjs');


...

Browser
In the browser, bcrypt.js relies on Web Crypto API's getRandomValues interface to obtain
secure random numbers. If no cryptographically secure source of randomness is
available, you may specify one through bcrypt.setRandomFallback.

var bcrypt = dcodeIO.bcrypt;


...

or

require.config({
paths: { "bcrypt": "/path/to/bcrypt.js" }
});
require(["bcrypt"], function(bcrypt) {
...
});

Usage - Sync
https://www.npmjs.com/package/bcryptjs 2/10
20/11/2021 22:28 bcryptjs - npm

To hash a password:

var bcrypt = require('bcryptjs');


var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("B4c0/\/", salt);
// Store hash in your password DB.

To check a password:

// Load hash from your password DB.


bcrypt.compareSync("B4c0/\/", hash); // true
bcrypt.compareSync("not_bacon", hash); // false

Auto-gen a salt and hash:

var hash = bcrypt.hashSync('bacon', 8);

Usage - Async
To hash a password:

var bcrypt = require('bcryptjs');


bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash("B4c0/\/", salt, function(err, hash) {
// Store hash in your password DB.
});
});

To check a password:

// Load hash from your password DB.


bcrypt.compare("B4c0/\/", hash, function(err, res) {
// res === true
});
bcrypt.compare("not_bacon", hash, function(err, res) {
https://www.npmjs.com/package/bcryptjs 3/10
20/11/2021 22:28 bcryptjs - npm

// res === false


});

// As of bcryptjs 2.4.0, compare returns a promise if callback is om


bcrypt.compare("B4c0/\/", hash).then((res) => {
// res === true
});

Auto-gen a salt and hash:

bcrypt.hash('bacon', 8, function(err, hash) {


});

Note: Under the hood, asynchronisation splits a crypto operation into small chunks. After
the completion of a chunk, the execution of the next chunk is placed on the back of JS
event loop queue, thus efficiently sharing the computational resources with the other
operations in the queue.

API
setRandomFallback(random)
Sets the pseudo random number generator to use as a fallback if neither node's crypto
module nor the Web Crypto API is available. Please note: It is highly important that the
PRNG used is cryptographically secure and that it is seeded properly!

Parameter Type Description

Function taking the number of bytes


to generate as its sole argument,
function(number):!Array.
random returning the corresponding array of
<number>
cryptographically secure random byte
values.

@see http://nodejs.org/api/crypto.html

@see http://www.w3.org/TR/WebCryptoAPI/

https://www.npmjs.com/package/bcryptjs 4/10
20/11/2021 22:28 bcryptjs - npm

Hint: You might use isaac.js as a CSPRNG but you still have to make sure to seed it
properly.

genSaltSync(rounds=, seed_length=)
Synchronously generates a salt.

Parameter Type Description

rounds number Number of rounds to use, defaults to 10 if omitted

seed_length number Not supported.

@returns string Resulting salt

@throws Error If a random fallback is required but not set

genSalt(rounds=, seed_length=, callback)


Asynchronously generates a salt.

Parameter Type Description

number |
Number of rounds to use, defaults to
rounds function(Error,
10 if omitted
string=)

number |
seed_length function(Error, Not supported.
string=)

function(Error, Callback receiving the error, if any,


callback
string=) and the resulting salt

@returns Promise If callback has been omitted

If callback is present but not a


@throws Error
function

hashSync(s, salt=)
Synchronously generates a hash for the given string.

https://www.npmjs.com/package/bcryptjs 5/10
20/11/2021 22:28 bcryptjs - npm

Parameter Type Description

s string String to hash

number | Salt length to generate or salt to use, default to


salt
string 10

@returns string Resulting hash

hash(s, salt, callback, progressCallback=)


Asynchronously generates a hash for the given string.

Parameter Type Description

s string String to hash

salt number | string Salt length to generate or salt to use

function(Error, Callback receiving the error, if any,


callback
string=) and the resulting hash

Callback successively called with the


percentage of rounds completed (0.0
progressCallback function(number) - 1.0), maximally once per
MAX_EXECUTION_TIME = 100
ms.

@returns Promise If callback has been omitted

If callback is present but not a


@throws Error
function

compareSync(s, hash)
Synchronously tests a string against a hash.

Parameter Type Description

s string String to compare

hash string Hash to test against

https://www.npmjs.com/package/bcryptjs 6/10
20/11/2021 22:28 bcryptjs - npm

Parameter Type Description

@returns boolean true if matching, otherwise false

@throws Error If an argument is illegal

compare(s, hash, callback, progressCallback=)


Asynchronously compares the given data against the given hash.

Parameter Type Description

s string Data to compare

hash string Data to be compared to

function(Error, Callback receiving the error, if any,


callback
boolean) otherwise the result

Callback successively called with the


percentage of rounds completed (0.0
progressCallback function(number) - 1.0), maximally once per
MAX_EXECUTION_TIME = 100
ms.

@returns Promise If callback has been omitted

If callback is present but not a


@throws Error
function

getRounds(hash)
Gets the number of rounds used to encrypt the specified hash.

Parameter Type Description

hash string Hash to extract the used number of rounds from

@returns number Number of rounds used

@throws Error If hash is not a string

getSalt(hash)
https://www.npmjs.com/package/bcryptjs 7/10
20/11/2021 22:28 bcryptjs - npm

Gets the salt portion from a hash. Does not validate the hash.

Parameter Type Description

hash string Hash to extract the salt from

@returns string Extracted salt part

@throws Error If hash is not a string or otherwise invalid

Command line
Usage: bcrypt <input> [salt]

If the input has spaces inside, simply surround it with quotes.

Downloads
Distributions
ZIP-Archive
Tarball

Credits
Based on work started by Shane Girish at bcrypt-nodejs (MIT-licensed), which is itself
based on javascript-bcrypt (New BSD-licensed).

License
New-BSD / MIT (see)

Keywords

bcrypt password auth authentication encryption crypt crypto

https://www.npmjs.com/package/bcryptjs 8/10
20/11/2021 22:28 bcryptjs - npm

Install

npm i bcryptjs

Repository
github.com/dcodeIO/bcrypt.js

Homepage
github.com/dcodeIO/bcrypt.js#readme

Weekly Downloads

1 150 695

Version License
2.4.3 MIT

Issues Pull Requests


27 6

Last publish
5 years ago

Collaborators

Try on RunKit

Report malware

https://www.npmjs.com/package/bcryptjs 9/10
20/11/2021 22:28 bcryptjs - npm

Support

Help

Community

Advisories

Status

Contact npm

Company

About

Blog

Press

Terms & Policies

Policies

Terms of Use

Code of Conduct

Privacy

https://www.npmjs.com/package/bcryptjs 10/10

You might also like