npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mwcrypt

v1.0.0

Published

A lightweight bcrypt alternative for password hashing and verification

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

abdulwajid76abdulwajid76

Keywords

hashpasswordmwcryptsecurity

Readme

mwcrypt

mwcrypt is a modern, ultra-secure, and developer-friendly password hashing library for Node.js.

Why mwcrypt?

  • Security First: Uses PBKDF2 with SHA-512, customizable rounds, and strong random salts.
  • Sync & Async: All operations are available in both synchronous and asynchronous forms.
  • No Dependencies: Relies only on Node.js built-in crypto module.
  • Feature Rich: Includes password strength checking, timing-safe comparisons, hash versioning, and more.
  • Easy to Use: Simple API, clear error messages, and ready for production.

Features

  • Powerful password hashing and verification
  • Custom salt generation (sync/async)
  • Custom rounds (work factor)
  • Sync and async API for all operations
  • Timing-safe password comparison
  • Password strength checker
  • Hash version extraction
  • Extract rounds from hash
  • No external dependencies
  • Fast, secure, and easy to use

Installation

Install locally:

npm install ./mwcrypt

Or from npm:

npm install mwcrypt

Getting Started

Importing

const mwcrypt = require('./mwcrypt'); // Local
// OR
// const mwcrypt = require('mwcrypt'); // From npm

Generate a Salt

Sync:

const salt = mwcrypt.genSaltSync(12); // 12 rounds
console.log('Salt:', salt);

Async:

mwcrypt.genSalt(12, (err, salt) => {
	if (err) throw err;
	console.log('Salt:', salt);
});

Hash a Password

Sync:

const password = 'MySuperSecret!123';
const salt = mwcrypt.genSaltSync();
const hash = mwcrypt.hashSync(password, salt);
console.log('Hash:', hash);

Async:

mwcrypt.genSalt(10, (err, salt) => {
	mwcrypt.hash('MySuperSecret!123', salt, (err, hash) => {
		if (err) throw err;
		console.log('Hash:', hash);
	});
});

Compare Passwords

Sync:

const isMatch = mwcrypt.compareSync('MySuperSecret!123', hash);
console.log('Password match:', isMatch); // true

Async:

mwcrypt.compare('MySuperSecret!123', hash, (err, matched) => {
	if (err) throw err;
	console.log('Password match:', matched); // true or false
});

Check Password Strength

const strong = mwcrypt.checkPasswordStrength('MySuperSecret!123');
console.log('Is strong password?', strong); // true or false

Timing-Safe Comparison

const safe = mwcrypt.timingSafeEqual(hash, hash2);
console.log('Timing safe equal:', safe);

Get Rounds from Hash

const rounds = mwcrypt.getRounds(hash);
console.log('Rounds used:', rounds);

Get Hash Version

const version = mwcrypt.getHashVersion(hash);
console.log('Hash version:', version); // e.g. '2b'

API Reference

genSaltSync(rounds)

Generates a salt synchronously. rounds is the work factor (default: 10).

genSalt(rounds, cb)

Generates a salt asynchronously. Callback receives (err, salt).

hashSync(password, salt)

Hashes a password synchronously with the given salt.

hash(password, salt, cb)

Hashes a password asynchronously. Callback receives (err, hash).

compareSync(password, hash)

Compares a password to a hash synchronously. Returns true or false.

compare(password, hash, cb)

Compares a password to a hash asynchronously. Callback receives (err, matched).

getRounds(hash)

Extracts the number of rounds used from a hash.

timingSafeEqual(a, b)

Performs a timing-safe comparison between two strings or buffers.

checkPasswordStrength(password)

Checks if a password is strong (min 8 chars, upper, lower, number, special).

getHashVersion(hash)

Returns the hash version (e.g. '2b') from a hash string.

Best Practices

  • Always use a strong password (at least 8 characters, mix of upper/lowercase, numbers, and symbols).
  • Use a high number of rounds for better security (e.g., 12 or more for production).
  • Store only the final hash string in your database.
  • Never log or expose raw passwords or salts.
  • Use timing-safe comparison for authentication checks.

Project Structure

  • mwcrypt.js: Main entry point (exports everything from src/index.js)
  • src/index.js: All core logic and features
  • README.md: Full documentation
  • package.json: Project metadata and scripts

License

MIT — Free for personal and commercial use.

Author & Credits

Developed by Muhammad Wajid Ashraf — Software Engineer

Made with ❤️ by Muhammad Wajid Ashraf