explaingit

dcodeio/bcrypt.js

3,790JavaScriptAudience · developerComplexity · 2/5Setup · easy

TLDR

A pure-JavaScript library for securely hashing passwords using the bcrypt algorithm. Works in both Node.js and browsers, adds automatic salting, and lets you tune hashing speed to stay ahead of faster hardware.

Mindmap

mindmap
  root((bcrypt.js))
    Password Hashing
      Bcrypt algorithm
      Auto salting
      Adjustable rounds
    Environments
      Node.js server
      Web browser
      Command line
    API Styles
      Sync functions
      Async functions
      TypeScript types
    Limitations
      72 byte max length
      30 percent slower native
    Distribution
      npm bcryptjs
      CDN browser load
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Hash user passwords before saving them to a database so they can never be read if the database is leaked.

USE CASE 2

Verify a login attempt by comparing the typed password against the stored hash without decrypting anything.

USE CASE 3

Run password hashing directly in the browser for client-side apps with no backend dependency.

USE CASE 4

Use the CLI to quickly hash a value from the terminal during development or testing.

Tech stack

JavaScriptNode.jsTypeScriptnpm

Getting it running

Difficulty · easy Time to first run · 5min

Install via npm install bcryptjs. No native dependencies, no build step. Works in Node.js and browsers out of the box. TypeScript types included.

No license was mentioned in the explanation.

In plain English

bcrypt.js is a JavaScript library for securely hashing passwords. When a web application stores passwords, it should never store them as plain text. Instead, passwords are run through a hashing algorithm that converts them into a fixed-length string that cannot be reversed. When a user logs in, the app hashes what they typed and compares it to the stored hash. This library implements bcrypt, one of the most widely trusted algorithms for this purpose. Bcrypt has a built-in feature that makes it resistant to brute-force guessing even as computers get faster over time: you can increase the number of processing rounds it uses, making each hash operation slower and therefore making it harder for an attacker to try millions of passwords quickly. The library also automatically adds a random value called a salt to each password before hashing, which means two users with the same password will have different hashes stored in the database. The library works in both Node.js server environments and directly in web browsers, with no external dependencies. It includes TypeScript type definitions for projects that use TypeScript. Functions come in both synchronous versions (which block until done) and asynchronous versions (which run in the background without freezing other activity). There is also a command-line interface for hashing a value directly from the terminal. One important limitation noted in the README is that the library is written in pure JavaScript rather than compiled native code, which makes it about 30 percent slower than the native bcrypt binding for Node.js. The maximum password length it can process is 72 bytes, and the library provides a helper function to check whether a given password would be silently cut off at that limit. The package is available on npm under the name bcryptjs and can also be loaded directly in a browser via CDN links.

Copy-paste prompts

Prompt 1
Using the bcryptjs npm package, show me how to hash a new user's password when they register and then verify it when they log in, with async/await syntax.
Prompt 2
I'm using bcryptjs in my Node.js app. How do I choose the right number of salt rounds so hashing takes about 250ms on my server without slowing down login too much?
Prompt 3
My password is longer than 72 characters. Show me how to use bcryptjs's helper to detect if it will be silently truncated, and how to handle that case safely.
Prompt 4
Show me how to load bcryptjs via a CDN link in a plain HTML page and hash a password typed into a form field, entirely in the browser.
Prompt 5
Rewrite my existing synchronous bcryptjs hash and compare calls to use the asynchronous versions so they don't block my Express.js server.
Open on GitHub → Explain another repo

← dcodeio on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.