bcrypt.js is an optimized bcrypt implementation in JavaScript with zero dependencies and TypeScript support, compatible with the C++ bcrypt binding on Node.js and also usable in the browser. It provides functions to generate salts and password hashes, and to compare a password against a stored hash, including sync and async APIs.
Project status
- Actively maintained: the repo shows a recent upstream push on 2026-05-08, and prior tagged updates (v3.0.3, v3.0.2, v3.0.1) include bug fix and packaging/typing improvements.
- Update cadence appears irregular, based on the available tags, with a tight pair (v3.0.2 and v3.0.1 on 2025-02-18 and 2025-02-17) and a longer gap before v3.0.3 (2025-11-02).
AI summary generated Today
Recent updates
v3.0.3
7 months agoRelease v3.0.3 contains a scheduling-related bug fix centered on how the library defers callbacks. The code changes the internal "nextTick" mechanism to better ensure callbacks yield to the event loop.
v3.0.2
2/18/2025v3.0.2 is a small update described as a bug fix to emit interop helpers, likely affecting the generated UMD/CommonJS build output. The code diff also includes a dev-tool version bump and a minor internal change in PRNG fallback initialization, plus expanded tests for the CommonJS/UMD entry.
v3.0.1
2/17/2025v3.0.1 is a small packaging and typing-related bug fix. It updates the UMD TypeScript declarations so UMD uses its own type definition file, and it introduces a new build script to generate the UMD bundle and copy the corresponding UMD type file.
2.4.3
2/13/2025v2.4.3 ships with internal performance-oriented changes to the bcrypt implementation (notably, an unrolled encipher routine and the use of typed arrays). The release notes only mention this being the last v2 before an upcoming ESM default export restructure, but the actual code diff includes behavior changes around argument validation in genSalt and several packaging/build metadata updates.
v3.0.0
2/13/2025v3.0.0 modernizes the bcrypt.js package structure to ship an ESM-first entrypoint (with UMD fallback) and adds TypeScript types. It also changes the default bcrypt hash generation to use $2b$ salts by default, and introduces a helper for checking password input length.
BreakingFeatures2.4.0
1/4/2017Release 2.4.0 (2017-01-04) has no publisher release notes provided. The code diff from 2.0.0 to 2.4.0 shows substantial changes around packaging/UMD wrapping, randomness handling, and asynchronous API behavior, including changes that are likely to affect consumers even though nothing is documented in the release notes.
SecurityFeatures2.0.0
7/15/2014Version 2.0.0 does not include any publisher-provided release notes in the provided data. The code diff shows a substantial internal refactor of the bcrypt implementation, plus new build/distribution outputs, notably an ISAAC-based PRNG fallback build and associated fallback plumbing.
BreakingFeatures1.0.1
6/9/2014Version 1.0.1 is a small patch release that mainly touches code style (switching loose comparisons to strict comparisons) and build output formatting. The only notable behavioral change in runtime code is in bcrypt.compareSync, where invalid hash length handling is changed.
Breaking1.0.0
6/8/2014Release 1.0.0 was published on 2014-06-08. No release notes were provided, so there is no documented information about new features, bug fixes, breaking changes, or migration steps.