npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@rccyx/scrypt

v1.0.1

Published

Minimal, dependency-free password hashing library built on Node's native crypto.scrypt. Timing-safe, typed, and production-ready.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rccyxrccyx

Keywords

scryptcryptohashpasswordsecurityencryptiontypescriptnodejs

Readme

scrypt

This package is built directly on Node's native crypto.scrypt, dependency-free, timing-safe, stable, and fully typed. It's made for real-world apps that need secure defaults and clean DX out of the box, without pointless config or runtime issues. Simple API, predictable behavior, works everywhere a supported Node runs.

install

pnpm add @rccyx/scrypt

usage

Basic Example (Synchronous)

import { hashSync, verifySync } from "@rccyx/scrypt";

// Hash a password
const hashed = hashSync({ plaintext: "password123" });
// Returns: "salt:key" (hex-encoded, e.g., "a1b2c3d4...:e5f6g7h8...")

// Verify a password
const isValid = verifySync({ hash: hashed, plaintext: "password123" });
// Returns: true

Basic Example (Asynchronous)

import { hash, verify } from "@rccyx/scrypt";

// Hash a password
const hashed = await hash({ plaintext: "password123" });

// Verify a password
const isValid = await verify({ hash: hashed, plaintext: "password123" });

Custom Key Length

Each hash uses a random 16-byte salt and a default 64-byte derived key. You can customize the key length:

import { hashSync } from "@rccyx/scrypt";

// Use a longer key for enhanced security
const hashed = hashSync({ 
  plaintext: "password123", 
  keyLength: 256 
});

Valid key lengths: 64 (default) | 128 | 256 | 512 | 1024 bytes.

API

hash(options)

Asynchronously hashes a plaintext password using scrypt.

Parameters:

  • options.plaintext (string): The plaintext password to hash
  • options.keyLength (optional, KeyLength): The length of the derived key in bytes (default: 64)

Returns: Promise<string> - A hash string in the format "salt:key" (hex-encoded)

Example:

const hashString = await hash({ plaintext: "mySecurePassword" });
const hashString256 = await hash({ plaintext: "mySecurePassword", keyLength: 256 });

hashSync(options)

Synchronously hashes a plaintext password using scrypt.

Parameters:

  • options.plaintext (string): The plaintext password to hash
  • options.keyLength (optional, KeyLength): The length of the derived key in bytes (default: 64)

Returns: string - A hash string in the format "salt:key" (hex-encoded)

Example:

const hashString = hashSync({ plaintext: "mySecurePassword" });
const hashString256 = hashSync({ plaintext: "mySecurePassword", keyLength: 256 });

verify(options)

Asynchronously verifies a plaintext password against a stored hash. Uses timing-safe comparison to prevent timing attacks.

Parameters:

  • options.hash (string): The stored hash string to compare against
  • options.plaintext (string): The plaintext password to verify

Returns: Promise<boolean> - true if the password matches, false otherwise

Example:

const isValid = await verify({
  hash: storedHash,
  plaintext: userInput
});
if (isValid) {
  console.log("Password is correct");
}

verifySync(options)

Synchronously verifies a plaintext password against a stored hash. Uses timing-safe comparison to prevent timing attacks.

Parameters:

  • options.hash (string): The stored hash string to compare against
  • options.plaintext (string): The plaintext password to verify

Returns: boolean - true if the password matches, false otherwise

Example:

const isValid = verifySync({
  hash: storedHash,
  plaintext: userInput
});
if (isValid) {
  console.log("Password is correct");
}

KeyLength

Type definition for valid key lengths: 64 | 128 | 256 | 512 | 1024

Hash Format

Each hash is stored as salt:key in hexadecimal format, where:

  • salt: A random 16-byte value (32 hex characters)
  • key: The derived key from scrypt (default 64 bytes = 128 hex characters)

Example: "a1b2c3d4e5f6...32chars...:e7f8g9h0...128chars..."

license

MIT