bcrypt

bcrypt is a library for hashing passwords using the bcrypt algorithm, which is specifically designed for secure password storage. Unlike general-purpose hash functions (MD5, SHA-256) that are designed to be fast, bcrypt is intentionally slow and computationally expensive, making brute-force attacks impractical. The algorithm incorporates a configurable work factor (salt rounds) that determines the computational cost — each increment doubles the time required, allowing the cost to increase as hardware improves. bcrypt automatically generates and embeds a random salt in the hash output, preventing rainbow table attacks without requiring separate salt storage. The library provides both synchronous and asynchronous APIs: bcrypt.hash(password, saltRounds) creates a hash, and bcrypt.compare(password, hash) verifies a password against a stored hash. The output is a 60-character string containing the algorithm version, cost factor, salt, and hash in a self-describing format. bcrypt uses native C++ bindings through N-API for optimal performance. For environments where native compilation is not possible, bcryptjs provides a pure JavaScript implementation with the same API. bcrypt is the most widely recommended password hashing library for Node.js applications.