@radzor/password-hash

Secure password hashing with bcrypt or Argon2id. Includes strength validation, comparison timing-safe, and configurable cost parameters. Zero external dependencies for bcrypt (uses Node.js crypto).

Securityv0.1.0typescriptpythonServerpasswordhashbcryptargon2securityauthcryptoby Radzor

Install

View source on GitHub →

$npx radzor@latest add password-hash

⚠ Constraints: Never log or transmit plain-text passwords. Always call checkStrength() before hash() to enforce minimum strength. bcrypt truncates passwords beyond 72 bytes — use argon2id for longer passphrases.

Inputs

Name	Type	Default	Description
algorithm	'bcrypt' \| 'argon2id'	bcrypt	Hashing algorithm. bcrypt is widely supported; argon2id is the current OWASP recommendation.
rounds	number	12	bcrypt cost factor (rounds). Higher = slower = more secure. Recommended: 10-14.
memoryCost	number	65536	Argon2id memory cost in KiB (default: 64MB).
timeCost	number	3	Argon2id iteration count.

algorithm'bcrypt' | 'argon2id'

Hashing algorithm. bcrypt is widely supported; argon2id is the current OWASP recommendation.

default: bcrypt

roundsnumber

{ "llm": { "constraints": "Never log or transmit plain-text passwords. Always call checkStrength() before hash() to enforce minimum strength. bcrypt truncates passwords beyond 72 bytes — use argon2id for longer passphrases.", "usageExamples": "llm/examples.md", "integrationPrompt": "llm/integration.md" }, "name": "@radzor/password-hash", "tags": [ "password", "hash", "bcrypt", "argon2", "security", "auth", "crypto" ], "events": [ { "name": "onHashed", "payload": { "algorithm": "string", "durationMs": "number" }, "description": "Fired when a password is hashed." }, { "name": "onVerified", "payload": { "match": "boolean" }, "description": "Fired when a password is compared against a hash." }, { "name": "onError", "payload": { "code": "string", "message": "string" }, "description": "Fired on hashing or comparison error." } ], "inputs": [ { "name": "algorithm", "type": "'bcrypt' | 'argon2id'", "default": "bcrypt", "required": false, "description": "Hashing algorithm. bcrypt is widely supported; argon2id is the current OWASP recommendation." }, { "name": "rounds", "type": "number", "default": 12, "required": false, "description": "bcrypt cost factor (rounds). Higher = slower = more secure. Recommended: 10-14." }, { "name": "memoryCost", "type": "number", "default": 65536, "required": false, "description": "Argon2id memory cost in KiB (default: 64MB)." }, { "name": "timeCost", "type": "number", "default": 3, "required": false, "description": "Argon2id iteration count." } ], "radzor": "1.0.0", "actions": [ { "name": "hash", "params": [ { "name": "password", "type": "string", "description": "Plain-text password to hash." } ], "returns": "Promise<string>", "description": "Hash a plain-text password. Store the returned string in your database." }, { "name": "verify", "params": [ { "name": "password", "type": "string", "description": "Plain-text password to check." }, { "name": "hash", "type": "string", "description": "Previously hashed password from your database." } ], "returns": "Promise<boolean>", "description": "Timing-safe comparison of a password against its hash." }, { "name": "checkStrength", "params": [ { "name": "password", "type": "string", "description": "Password to evaluate." } ], "returns": "{ score: number; feedback: string[]; strong: boolean }", "description": "Evaluate password strength (0-4 score). Returns improvement suggestions." } ], "outputs": [ { "name": "hash", "type": "string", "description": "Formatted password hash string (includes algorithm and parameters)." }, { "name": "strengthReport", "type": "{ score: number; feedback: string[]; strong: boolean }", "description": "Password strength analysis result." } ], "runtime": "server", "version": "0.1.0", "category": "security", "languages": [ "typescript", "python" ], "description": "Secure password hashing with bcrypt or Argon2id. Includes strength validation, comparison timing-safe, and configurable cost parameters. Zero external dependencies for bcrypt (uses Node.js crypto).", "dependencies": { "packages": {} }, "composability": { "connectsTo": [ { "output": "hashResult", "compatibleWith": [ "@radzor/kv-store.action.set.value" ] }, { "event": "onError", "description": "Track hashing errors", "compatibleWith": [ "@radzor/error-tracker.action.captureMessage.message" ] } ] } }

@radzor/password-hash

Install

Inputs

Outputs

Actions

Events

Composability

radzor.manifest.json

Version History

Name	Type	Description
hash	string	Formatted password hash string (includes algorithm and parameters).
strengthReport	{ score: number; feedback: string[]; strong: boolean }	Password strength analysis result.