CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-bcryptjs

Optimized bcrypt in plain JavaScript with zero dependencies, with TypeScript support.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

password-hashing.mddocs/

Password Hashing

Core password hashing functionality providing both synchronous and asynchronous APIs for secure password hash generation using the bcrypt algorithm.

Capabilities

Synchronous Hash Generation

Generates a bcrypt hash synchronously for a given password and salt.

/**
 * Synchronously generates a hash for the given password.
 * @param password Password to hash (max 72 bytes UTF-8)
 * @param salt Salt length to generate or salt to use, defaults to 10
 * @returns Resulting hash (60 characters)
 */
function hashSync(password: string, salt?: number | string): string;

Usage Examples:

import { hashSync, genSaltSync } from "bcryptjs";

// Hash with auto-generated salt (10 rounds)
const hash1 = hashSync("myPassword");

// Hash with custom rounds
const hash2 = hashSync("myPassword", 12);

// Hash with pre-generated salt
const salt = genSaltSync(10);
const hash3 = hashSync("myPassword", salt);

Asynchronous Hash Generation (Promise)

Generates a bcrypt hash asynchronously using Promises.

/**
 * Asynchronously generates a hash for the given password.
 * @param password Password to hash
 * @param salt Salt length to generate or salt to use
 * @returns Promise with resulting hash
 */
function hash(password: string, salt: number | string): Promise<string>;

Usage Examples:

import { hash, genSalt } from "bcryptjs";

// Hash with auto-generated salt
const hash1 = await hash("myPassword", 10);

// Hash with pre-generated salt
const salt = await genSalt(12);
const hash2 = await hash("myPassword", salt);

// Using in async function
async function hashPassword(password) {
  try {
    const hash = await hash(password, 10);
    console.log("Hash generated:", hash);
    return hash;
  } catch (error) {
    console.error("Hashing failed:", error);
    throw error;
  }
}

Asynchronous Hash Generation (Callback)

Generates a bcrypt hash asynchronously using callback-based API with optional progress tracking.

/**
 * Asynchronously generates a hash for the given password.
 * @param password Password to hash
 * @param salt Salt length to generate or salt to use
 * @param callback Callback receiving the error, if any, and the resulting hash
 * @param progressCallback Optional callback for progress updates (0.0 - 1.0)
 */
function hash(
  password: string,
  salt: number | string,
  callback?: Callback<string>,
  progressCallback?: ProgressCallback
): void;

Usage Examples:

import { hash } from "bcryptjs";

// Basic callback usage
hash("myPassword", 10, (err, hash) => {
  if (err) {
    console.error("Hashing failed:", err);
    return;
  }
  console.log("Hash generated:", hash);
});

// With progress callback for long operations
hash("myPassword", 15, 
  (err, hash) => {
    if (err) {
      console.error("Hashing failed:", err);
      return;
    }
    console.log("Hash completed:", hash);
  },
  (progress) => {
    console.log(`Hashing progress: ${Math.round(progress * 100)}%`);
  }
);

Hash Format

bcryptjs generates hashes in the standard bcrypt format:

$2b$[rounds]$[salt][hash]
  • $2b$: bcrypt algorithm identifier
  • [rounds]: Number of iterations (04-31, zero-padded)
  • [salt]: 22-character base64-encoded salt
  • [hash]: 31-character base64-encoded hash

Example: $2b$10$N9qo8uLOickgx2ZMRZoMye2Z8WSdtXvKLhXfV.O/JZ4MYxvmq4dS6

Performance Considerations

  • Rounds Impact: Each increment doubles computation time

    • 10 rounds: ~100ms (recommended minimum)
    • 12 rounds: ~400ms (good for high-security applications)
    • 15 rounds: ~3-4 seconds (very high security)

  • Asynchronous Benefits: Non-blocking execution prevents UI freezing

  • Progress Callbacks: Available for operations taking longer than 100ms

Error Handling

// Synchronous - throws on error
try {
  const hash = hashSync("password", 10);
} catch (error) {
  console.error("Hashing failed:", error.message);
}

// Asynchronous Promise - rejects on error
try {
  const hash = await hash("password", 10);
} catch (error) {
  console.error("Hashing failed:", error.message);
}

// Asynchronous callback - error as first parameter
hash("password", 10, (err, hash) => {
  if (err) {
    console.error("Hashing failed:", err.message);
    return;
  }
  // Success handling
});

docs

index.md

password-hashing.md

password-verification.md

salt-generation.md

utility-functions.md

tile.json