Skip to content

feat(preferred): add bcrypt replacements and docs #642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
43081j merged 2 commits into from
Apr 29, 2026
Merged

feat(preferred): add bcrypt replacements and docs #642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1e2617f
feat(preferred): add `bcrypt` replacements and docs
dreyfus92 Apr 29, 2026
1d3059d
Apply suggestions from code review
43081j Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions docs/modules/bcrypt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
description: Modern alternatives to the bcrypt package for password hashing
---

# Replacements for `bcrypt`

The `bcrypt` package can be replaced by native functionality in most runtimes, or more performant packages.

## `bcryptjs`

[`bcryptjs`](https://github.com/dcodeIO/bcrypt.js) is a widely used pure JavaScript implementation with a very similar API surface to `bcrypt`.

```ts
import bcrypt from 'bcrypt' // [!code --]
import bcrypt from 'bcryptjs' // [!code ++]

const salt = await bcrypt.genSalt(10)

const hash = await bcrypt.hash('password', salt)
```

## `node:crypto` (native, Node.js built-in)

Node provides [`node:crypto`](https://nodejs.org/api/crypto.html) for secure password hashing primitives (for example `scrypt` and `pbkdf2`). This is not a drop-in `bcrypt` API replacement, but is a good option if you can switch to a more secure cryptographic algorithm it supports.

## Web Crypto API (native)

The [Web Crypto API](https://developer.mozilla.org/docs/Web/API/Web_Crypto_API) provides native functionality for cryptographic operations in both web browsers and Node.

> [!NOTE]
> A few legacy algorithms are intentionally omitted for security reasons (e.g. MD5).

## Bun (built-in)

Bun supports the Web Crypto API natively, and also provides support for streaming hashing via [`Bun.CryptoHasher`](https://bun.sh/docs/api/hashing).

As with the Web Crypto API, many legacy algorithms are intentionally omitted for security reasons (e.g. MD5).
11 changes: 11 additions & 0 deletions manifests/preferred.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@
"replacements": ["fetch", "ofetch", "ky"],
"url": {"type": "e18e", "id": "fetch"}
},
"bcrypt": {
"type": "module",
"moduleName": "bcrypt",
"replacements": ["bcryptjs", "node:crypto", "crypto", "Bun.CryptoHasher"],
"url": {"type": "e18e", "id": "bcrypt"}
},
"bluebird": {
"type": "module",
"moduleName": "bluebird",
Expand Down Expand Up @@ -2905,6 +2911,11 @@
"type": "documented",
"replacementModule": "ansis"
},
"bcryptjs": {
"id": "bcryptjs",
"type": "documented",
"replacementModule": "bcryptjs"
},
"betterknown": {
"id": "betterknown",
"type": "documented",
Expand Down