Bindings to the reference Argon2 implementation.
It's possible to hash using either Argon2i, Argon2d or Argon2id (default), and verify if a password matches a hash.
To hash a password:
const argon2 = require('argon2');
try {
const hash = await argon2.hash("password");
} catch (err) {
//...
}
To see how you can modify the output (hash length, encoding) and parameters (time cost, memory cost and parallelism), read the wiki
To verify a password:
try {
if (await argon2.verify("<big long hash>", "password")) {
// password match
} else {
// password did not match
}
} catch (err) {
// internal failure
}
See this article on the wiki for steps on how to migrate your existing code to Argon2. It's easy!
A TypeScript type declaration file is published with this module. If you are using TypeScript 2.0.0 or later, that means you do not need to install any additional typings in order to get access to the strongly typed interface. Simply use the library as mentioned above.
import * as argon2 from "argon2";
const hash = await argon2.hash(..);
node-argon2 provides prebuilt binaries from v0.26.0
onwards. They are
built every release using GitHub Actions.
The current prebuilt binaries are built and tested with the following systems:
Binaries should also work for any version more recent than the ones listed above. For example, the binary for Ubuntu 20.04 also works on Ubuntu 22.04, or any other Linux system that ships a newer version of glibc; the binary for MacOS 11 also works on MacOS 12. If your platform is below the above requirements, you can follow the Before installing section below to manually compile from source. It is also always recommended to build from source to ensure consistency of the compiled module.
You can skip this section if the prebuilt binaries work for you.
You MUST have a node-gyp global install before proceeding with the install, along with GCC >= 5 / Clang >= 3.3. On Windows, you must compile under Visual Studio 2015 or newer.
node-argon2 works only and is tested against Node >=18.0.0.
To install GCC >= 5 on OSX, use homebrew:
$ brew install gcc
Once you've got GCC installed and ready to run, you then need to install node-gyp, you must do this globally:
$ npm install -g node-gyp
Finally, once node-gyp is installed and ready to go, you can install this library, specifying the GCC or Clang binary to use:
$ CXX=g++-12 npm install argon2
NOTE: If your GCC or Clang binary is named something different than g++-12
,
you'll need to specify that in the command.
The interface of both are very similar, notably, node-argon2-ffi splits the
argon2i and argon2d function set, but this module also has the argon2id option,
which node-argon2-ffi does not support. Also, while node-argon2-ffi
suggests you promisify crypto.randomBytes
, node-argon2 library does that
internally.
node-argon2 is much lighter than node-argon2-ffi, at 184 KB for argon2@0.29.1 against 2.56 MB for argon2-ffi@1.2.0. Performance-wise, the libraries are equal. You can run the same benchmark suite if you are curious, but both can perform around 130 hashes/second on an Intel Core i5-4460 @ 3.2GHz with default options.
This library is implemented natively, meaning it is an extension to the node engine. Thus, half of the code is C++ bindings, the other half is Javascript functions. node-argon2-ffi uses ffi, a mechanism to call functions from one language in another, and handles the type bindings (e.g. JS Number -> C++ int).
This project exists thanks to all the people who contribute. [Contribute].
Become a financial contributor and help us sustain our community. [Contribute]
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]
Work licensed under the MIT License. Please check P-H-C/phc-winner-argon2 for license over Argon2 and the reference implementation.