{"_id":"credentials","_rev":"9-558fdc1d27dac0ed537217d7b09302ae","name":"credentials","description":"Secure password hashing and verification","dist-tags":{"latest":"3.0.2"},"versions":{"1.0.0":{"name":"credentials","version":"1.0.0","description":"Secure password hashing and verification","main":"src","bin":{"credentials":"bin/cmd.js"},"dependencies":{"object-assign":"3.0.0","scmp":"1.0.0","bluebird":"2.9.32","commander":"2.8.1","pluck-keys":"0.0.4"},"devDependencies":{"tape":"^4.0.0"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","gitHead":"7c64977fb6157ce1a01c0233d1e548332cd13a04","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@1.0.0","_shasum":"9bb96eab3cf7db55ba65f7afe6c459fc1bf8c257","_from":".","_npmVersion":"2.9.1","_nodeVersion":"2.3.3","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"dist":{"shasum":"9bb96eab3cf7db55ba65f7afe6c459fc1bf8c257","tarball":"https://registry.npmjs.org/credentials/-/credentials-1.0.0.tgz","integrity":"sha512-uJ6/PvclzejPtwfPg3torC4igx1b8HzfNys0//PTizyb4ioqDxRI66D92TLpK1wbtzxvRkiskb3e9kTVMRAHWQ==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEYCIQDnlgrfGuMajBubUwyCPXRKyRB5xRUliQDCDvdQOdetVQIhAMOGGlR162shIOx6CDReNy7j4xiW8mbqU5/UplSrAij5"}]},"directories":{}},"1.0.1":{"name":"credentials","version":"1.0.1","description":"Secure password hashing and verification","main":"src","bin":{"credentials":"bin/cmd.js"},"dependencies":{"object-assign":"4.0.1","scmp":"1.0.0","bluebird":"3.0.5","commander":"2.9.0","pluck-keys":"0.0.4"},"devDependencies":{"tape":"^4.2.2"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","gitHead":"46f7785eceb1f0e3ba2e68ef943348d2801372c5","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@1.0.1","_shasum":"7fd00d49a3300bca26f546f3cb77001d9f14dcf5","_from":".","_npmVersion":"3.3.11","_nodeVersion":"5.1.0","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"dist":{"shasum":"7fd00d49a3300bca26f546f3cb77001d9f14dcf5","tarball":"https://registry.npmjs.org/credentials/-/credentials-1.0.1.tgz","integrity":"sha512-A6U5MAvmCmNMeJKAaTe+itVxK0+iBdOgf4RLTWAaa3N4NDbNiWCGXUDj/dSbkyBiDeOaOh9X8gknNCl+NgpiaA==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEYCIQDs8bu2N/LZEGb4e/8VRBbiv8BtuG1vMrLePD+uFABR7wIhAKCWsF4YhBd8x62XYe0KXoTBuKUHBryU2Bz2f7ubAgaJ"}]},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"directories":{}},"2.0.0":{"name":"credentials","version":"2.0.0","description":"Secure password hashing and verification","main":"src","bin":{"credentials":"bin/cmd.js"},"engines":{"node":">=0.12.0"},"dependencies":{"bluebird":"^3.3.5","commander":"^2.9.0","object-assign":"^4.1.0","pluck-keys":"^0.0.4","scmp":"^1.0.0"},"devDependencies":{"tape":"^4.5.1"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","gitHead":"4c75318d8aca99a9c3d43fe6927e5e9c2aa1e7b0","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@2.0.0","_shasum":"38b9bc88fda6597e209d54ffc45e32588f1efda4","_from":".","_npmVersion":"3.8.5","_nodeVersion":"6.1.0","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"dist":{"shasum":"38b9bc88fda6597e209d54ffc45e32588f1efda4","tarball":"https://registry.npmjs.org/credentials/-/credentials-2.0.0.tgz","integrity":"sha512-diffkppbxo+KDn2AVB/I2Qase42xYUoBIoL+mZ5hn+lRb1RWNKlNbrxl5nVOYP4oLo8ckDx8/ei/dxzVW00DNQ==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEQCIHDNWpw2THbs3cGdFJu/pPtz4jt/PHljXdW1w8MFkyIsAiBF4GcKmj2ONGFyOg/qMoJy+yKvemZp7vewcwA/aAY8Tw=="}]},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"_npmOperationalInternal":{"host":"packages-12-west.internal.npmjs.com","tmp":"tmp/credentials-2.0.0.tgz_1464371230546_0.8933807688299567"},"directories":{}},"3.0.0":{"name":"credentials","version":"3.0.0","description":"Secure password hashing and verification","bin":{"credentials":"bin/cmd.js"},"dependencies":{"commander":"^2.18.0"},"devDependencies":{"bluebird":"^3.5.2","prettier":"^1.14.3","tape":"^4.9.1"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","prettier":{"semi":false,"singleQuote":true,"useTabs":true,"bracketSpacing":false,"trailingComma":"es5","tabWidth":4,"overrides":[{"files":"*.md","options":{"tabWidth":2}}]},"gitHead":"3fe8fe3a63fec444405c6c4b2eecf6a03a68cc43","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@3.0.0","_npmVersion":"6.4.1","_nodeVersion":"10.8.0","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"dist":{"integrity":"sha512-OEwhMBxHHtliNNPEAzoXNkTHTflRBBfpvlGQ452ToZtwYfGjxjDcDtOsXv5k6FYTs/v7orT5p25iWumFbWfatA==","shasum":"d6f47e1b8cebe49e3f6ac6d173a733a936bd0770","tarball":"https://registry.npmjs.org/credentials/-/credentials-3.0.0.tgz","fileCount":4,"unpackedSize":8240,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJbsf0pCRA9TVsSAnZWagAAUPEP/14Ew03bDd+9TcKQYhbn\nUOV/TGDXTvmRw0bTuiKr9fbMevpgAtO4sBHRo+yJqEfCNGQ77bHAm/xapgE1\nfFjYjyiV7uH05japDDNhqtsV0eCewYTIzeYLSa36+S3kpVa+7wEDqJ+I+Own\nG7g/uLXQbnWmLDQjZU79Ph1PJW8KMJLnkwXkcwilM2GVKLUdtjLyplWxQsew\n8ymDTLffdY36MHs3nx38lU1w3lTgjoaMva5Qv62W68ysOqzeYmVcw3ZAYIon\n9+t6IBN6mTJYzk+oH2hEPFFr4T0ocpfAnsXrYtxSUm9az0XIiqFqLuIbZSrN\nvSmErEGyox/SmlbYl48+vIS5M3kDfOluts9vtY0RFXuJQOIKrRsw/3omAQwU\nWmbUlB1QEAfoSsNCSHaFDW4F5DH5DcpaY7ext5XH3g1k1CVME+NRWmfo/J1W\n23Ad1zdzFVFaH1HKNRP2UCBUNFqPOLjLCoGFAwBKranVqFQkTVJ8jN4BkZL6\nZ68RQHL3O8tprCCaHzrTQcelHCJ1eOpUqDVmaNWMgLlt6XRxcvWp10tjUbJv\n8aPj6z96Fct50u/vDL8tcdq0UFX89ITLurxX6tjNspHE2jCXGuk+RiaR9iw2\nki/Vi54N3ONqYFnf8wWKOHSMh4xDMNqycwoTgVh4BPhfty5WhE/4S8EyswaB\nfFrb\r\n=XHHB\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEUCIGbj6EfkaV6OwzUL0lMMEXvNNZWku/CnQfcvkTCOkvc5AiEAkpZf/TnLMWPKkHOLxcoLME2YiLemXdrQh+eDzngUcgw="}]},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/credentials_3.0.0_1538391337299_0.7588342244372066"},"_hasShrinkwrap":false},"3.0.1":{"name":"credentials","version":"3.0.1","description":"Secure password hashing and verification","bin":{"credentials":"bin/cmd.js"},"dependencies":{"commander":"^2.18.0"},"devDependencies":{"bluebird":"^3.5.2","prettier":"^1.14.3","tape":"^4.9.1"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","prettier":{"semi":false,"singleQuote":true,"useTabs":true,"bracketSpacing":false,"trailingComma":"es5","tabWidth":4,"overrides":[{"files":"*.md","options":{"tabWidth":2}}]},"gitHead":"f223fdf991f258ae143731c0c76c4975ddd95953","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@3.0.1","_npmVersion":"6.4.1","_nodeVersion":"10.8.0","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"dist":{"integrity":"sha512-r/7iOu4hIlLbkw5I/wU20OfrUZIp40aovQpww1oStcHp7T+jFXTd27Gi6vo87g+rC5CGrwejGN/otyefUKYkKw==","shasum":"8bc5a75bde0f6c2e9628b3e1d818da373bc1a135","tarball":"https://registry.npmjs.org/credentials/-/credentials-3.0.1.tgz","fileCount":4,"unpackedSize":8481,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJbsgESCRA9TVsSAnZWagAA+8EP/ArrW8mYHd7eSDsr5fBv\ngR4ZAJgl30bKZPrk9mObjoQyDwuSSRJJLDE5BTxSCUzz5UiZlt3qWz/TmK8o\nXMU1vUUrsDoO47t9Cwkm9+RfMI3efJfSvaswrFKJLMka5GnhNgw6UJKPswhm\nCVcowL2e/Wj+wxzyDdjoSrYg9xawNYfE/ru0Siy0ks9D82OKJduHsx6BkXSo\n4MzD2jOkjkq7lksLRG0yGo7hEBjD3DIXXwtUz8HU2KmxP086XMTHObVuUyP3\nYkhAN32kq/3Q6z+r3Vex+LRZaa8Kuj/XTGq3GgEZUZL5OvXhHnNLoK6Ui4z2\nB+wuIneEpuJ4K5NGYNZucyVml9aWqjfIFnxC+9GEdIc+UFSbA+QKQrU4YYSj\n0OqPns0dhOc7OPdesB85/28mO25H80GBhCY8qu8+elgOa267YWin0qmLws8T\nlxybC5xe3wTR9Cvw3ieFDfiFBml+bEupDJuIegskXZIaOeEMWwljbaTebpcc\nsDN6yo4gtSEt5ewpaHYdaUIFpcBp0mZ/9z8e8Oyz7MtLfiiUkHWuZxlXaelb\ndmkpY7bbJQPBYD4483YxhBBW+yOVJU/ZMCruYtbkbFZxQzAZIpo2qxuYaj62\n4S4PWJ4rS6RpQLP8WI+Nng1xksJOgeginYpNK1xiqZal7hKHEJUeZxbwsg24\nUzMY\r\n=4KWc\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEQCIFjhQP0FlM3byQeSl6p27gNlAx4bn+2bbKKVCpPXXxhAAiBoaulfb82qjG4AWBR9Z307fWyWILglrjI2SG4cvnBPVw=="}]},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/credentials_3.0.1_1538392338277_0.7691326606665414"},"_hasShrinkwrap":false},"3.0.2":{"name":"credentials","version":"3.0.2","description":"Secure password hashing and verification","bin":{"credentials":"bin/cmd.js"},"dependencies":{"commander":"^2.18.0"},"devDependencies":{"bluebird":"^3.5.2","prettier":"^1.14.3","tape":"^4.9.1"},"scripts":{"test":"node test"},"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"license":"MIT","prettier":{"semi":false,"singleQuote":true,"useTabs":true,"bracketSpacing":false,"trailingComma":"es5","tabWidth":4,"overrides":[{"files":"*.md","options":{"tabWidth":2}}]},"gitHead":"3785cd1f6f8922f2b6948dc94e4f34ac9af74779","bugs":{"url":"https://github.com/srcagency/credentials/issues"},"homepage":"https://github.com/srcagency/credentials#readme","_id":"credentials@3.0.2","_npmVersion":"6.4.1","_nodeVersion":"10.8.0","_npmUser":{"name":"thomas-jensen","email":"thomas@src.agency"},"dist":{"integrity":"sha512-sXRowWaF1BkaB/2XMxyH2Q9jrHPTR1pCPr13FR8AreVQiYpLOwikCqatD8rFDsbMV/n/z0ZPBUFF6/tdIACHYA==","shasum":"91918c7b80f4d9f3a2395240ff492bbdf9bee2eb","tarball":"https://registry.npmjs.org/credentials/-/credentials-3.0.2.tgz","fileCount":4,"unpackedSize":7599,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJbsoOMCRA9TVsSAnZWagAASlAP/AuAYuVGr5ZngpQpZ/AV\nGaYA3wTudtrvwN17a5jMDfrel5EXt3wHW787XaiqTdes5VhbF/TOxc4vLRfp\n+iTHBkVFCNUmKBM+Cdj/oThhJhxvWJleMc4O7yr7DlZUzPx9aypbjqGbzC1M\n5Bmif4O6ffZUwnZzgknlWl3tPTd9QbdQzxKdlNtiCgmoqxELQLbbH/TQVVlj\n3JIxydxMEqmkPbpT6mpPU2DHGqz15cWpVeiyk5V7hue1Rz5AUjybTfRctLl3\n0X6BjqIZoW/EV6jT+WrDCwN9Jbd7vwESUuGLlqrrjMsLfnT9liV6y2M0LUMi\nIQzgnJFQFftXWxgLRDrHFiZN/1TyRUO5/0LMAhkxuEN/4Tz9cC2STrvyPXoa\nA5rspzR3C7O8FHYiNuX6N9vLfk61z8Br7dA5bjE/obaXFVnN8JnhnUKvtt5J\nvKOoLmDRyDAeBAEgpDmNVs6pDYKpyUZQbDPKVIAZFRgvGSvWY8k4AHzLMVRu\ndXAmBjuWR/rPPWEnvq94s9t33iidRiL4AvcXWTSFMfKxSFqheJ+rdZn3medF\n5VZGu764KccqDe+VAkygO/7Hn+ujuFens52R+w8Z6ozH/1ZjckcQayygebtb\nbW3l4RwIEXeC7WrxT2ljct1sJM13WqkMg3o/rlBgLZy/thZ/XDWjqOiWOCs9\nCrc6\r\n=EkHn\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEUCIEHrMa7QC7NBIx2CkgpWfLbRpMzM2bpDNl2eUh0+sO+2AiEAqHAuZo59pAs0aFXIYF6Y6sx+ztoKz9jKTfCFMq44gSE="}]},"maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/credentials_3.0.2_1538425739551_0.6399167623830082"},"_hasShrinkwrap":false}},"readme":"# Credentials\n\nSecure password hashing and verification with core Node.js modules.\n\n- Time consuming hashing (PBKDF2 with SHA-512) to combat brute force\n- Per password salt to combat rainbow tables\n- Incrementing work/complexity to combat future computing advances\n- Constant time equality check to combat timing attacks\n\n```js\nconst {hash, verify} = require('credentials')\n\nverify(hash('password'), 'password') // → true\n```\n\nIf you find a security flaw in this code, please contact security@src.agency.\n\n## Usage\n\n```shell\nnpm install credentials\n```\n\n```js\nconst {hash, verify, expired} = require('credentials')\n\nhash(password /*[, opts]*/) // → hashed (string), ready for storage\nverify(hashed, password) // → isValid (Boolean)\nexpired(hashed /*[, days[, opts]]*/) // → isExpired (Boolean)\n```\n\n`hash` optionally accepts an object literal of configuration values. Defaults\nto:\n\n```js\n{\n  keyLength: 64,  // length of salt\n  work: 1,        // relative work load (0.5 for half the work)\n}\n```\n\n`expired` optionally accepts an object literal of configuration values.\nDefaults to:\n\n```js\n{\n  work: 1,\n}\n```\n\nPreconfigured functions:\n\n```js\nconst {hash, verify, expired} = require('credentials').configure({\n  // defaults:\n  keyLength: 64,\n  work: 1,\n  expiry: 90,\n})\n```\n\n## Examples\n\n### Sign up\n\n```js\nconst {hash} = require('credentials')\n\nhash(userInput).then(hashed => saveHash(hashed))\n```\n\n### Sign in\n\n```js\nconst {verify} = require('credentials')\n\nverify(hashed, userInput).then(isValid => {\n  if (!isValid) throw new Error('Bad credentials')\n\n  // allow access\n})\n```\n\n## CLI\n\n```shell\n$ credentials --help\n\n  Usage: cmd [options] [command]\n\n\n  Commands:\n\n    hash [options] [password]  Hash password\n    verify [hash] <password>   Verify password\n\n  Options:\n\n    -h, --help  output usage information\n```\n\n```shell\n$ credentials hash --help\n\n  Usage: hash [options] [password]\n\n  Hash password\n\n  Options:\n\n    -h, --help                    output usage information\n    -w --work <work>              relative work load (0.5 for half the work)\n    -k --key-length <key-length>  length of salt\n```\n\nThe `password` argument for `hash` and the `hash` argument for `verify` both\nsupport piping by replacing with a dash (`-`):\n\n```shell\n$ echo -n \"my password\" | credentials hash - | credentials verify - \"my password\"\nVerified\n```\n\nExit codes `0` and `1` are used to communicate verified or invalid as well.\n\n## Expiry\n\nThe `expiry` configuration value is used entirely by the `expired` method.\n`verify` does not check if a password is expired.\n\nThe main purpose of this concept is to tell the user to update their password.\n\n# Inspiration\n\nThis was initially a fork of @ericelliott's great effort at\nhttps://github.com/ericelliott/credential with the main differences being:\n\n- Better default values (SHA-512 and a key length of 64 bytes)\n- Promises\n- There's a [CLI](#cli)\n- Each instance is separate - no globals or leak to other instances\n\nProduced hashes are compatible.\n\nA merge was not possible due to differences discovered in\nhttps://github.com/ericelliott/credential/issues/25\n","maintainers":[{"name":"thomas-jensen","email":"thomas@src.agency"}],"time":{"modified":"2022-06-14T03:20:32.889Z","created":"2015-07-08T11:54:33.613Z","1.0.0":"2015-07-08T11:54:33.613Z","1.0.1":"2015-11-29T13:53:52.203Z","2.0.0":"2016-05-27T17:47:13.092Z","3.0.0":"2018-10-01T10:55:37.470Z","3.0.1":"2018-10-01T11:12:18.411Z","3.0.2":"2018-10-01T20:28:59.669Z"},"homepage":"https://github.com/srcagency/credentials#readme","keywords":["password","passwords","hash","auth","authorization","authentication","security","login","sign in","salt","rainbow","brute","stretching","PBKDF2"],"repository":{"type":"git","url":"git+https://github.com/srcagency/credentials.git"},"author":{"name":"Thomas Jensen","email":"thomas@src.agency","url":"http://src.agency"},"bugs":{"url":"https://github.com/srcagency/credentials/issues"},"license":"MIT","readmeFilename":"README.md"}