{"id":21373188,"url":"https://github.com/nasriyasoftware/authcrypto","last_synced_at":"2026-01-20T13:01:21.801Z","repository":{"id":251030378,"uuid":"836168426","full_name":"nasriyasoftware/AuthCrypto","owner":"nasriyasoftware","description":"AuthCrypto is a versatile cryptographic toolkit for handling JSON Web Tokens (JWT), password hashing, and secure token generation and verification. It provides robust methods for creating and managing JWTs, hashing and verifying passwords with secure algorithms, and generating cryptographically strong random values for various use cases.","archived":false,"fork":false,"pushed_at":"2024-10-02T15:17:46.000Z","size":108,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-18T18:40:25.713Z","etag":null,"topics":["authentication","cryptography","encryption","hashing","hashing-library","hashing-passwords","jwt","jwt-auth","jwt-authentication","jwt-token","md5","sha1","sha256","sha512","token","token-generator"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@nasriya/authcrypto","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nasriyasoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-31T09:37:58.000Z","updated_at":"2024-10-02T15:17:22.000Z","dependencies_parsed_at":"2024-11-22T08:40:51.483Z","dependency_job_id":null,"html_url":"https://github.com/nasriyasoftware/AuthCrypto","commit_stats":null,"previous_names":["nasriyasoftware/authcrypto"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/nasriyasoftware/AuthCrypto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nasriyasoftware%2FAuthCrypto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nasriyasoftware%2FAuthCrypto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nasriyasoftware%2FAuthCrypto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nasriyasoftware%2FAuthCrypto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nasriyasoftware","download_url":"https://codeload.github.com/nasriyasoftware/AuthCrypto/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nasriyasoftware%2FAuthCrypto/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28603402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cryptography","encryption","hashing","hashing-library","hashing-passwords","jwt","jwt-auth","jwt-authentication","jwt-token","md5","sha1","sha256","sha512","token","token-generator"],"created_at":"2024-11-22T08:26:13.550Z","updated_at":"2026-01-20T13:01:21.779Z","avatar_url":"https://github.com/nasriyasoftware.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![N|Solid](https://static.wixstatic.com/media/72ffe6_da8d2142d49c42b29c96ba80c8a91a6c~mv2.png)](https://nasriya.net)\n# AuthCrypto.\n[![Static Badge](https://img.shields.io/badge/license-Free_(Restricted)-blue)](https://github.com/nasriyasoftware/AuthCrypto?tab=License-1-ov-file) ![Repository Size](https://img.shields.io/github/repo-size/nasriyasoftware/AuthCrypto.svg) ![Last Commit](https://img.shields.io/github/last-commit/nasriyasoftware/AuthCrypto.svg) [![Status](https://img.shields.io/badge/Status-Stable-green.svg)](link-to-your-status-page)\n##### Visit us at [www.nasriya.net](https://nasriya.net).\n\nA powerful library for handling cryptographic operations and JWT.\n\nMade with ❤️ in **Palestine** 🇵🇸\n___\n## Overview\n**AuthCrypto** is a powerful library for handling cryptographic operations and JWT (JSON Web Tokens) in Node.js applications. It provides utilities for hashing passwords, generating JWT tokens, and more.\n\n\u003e [!IMPORTANT]\n\u003e \n\u003e 🌟 **Support Our Open-Source Development!** 🌟\n\u003e We need your support to keep our projects going! If you find our work valuable, please consider contributing. Your support helps us continue to develop and maintain these tools.\n\u003e \n\u003e **[Click here to support us!](https://fund.nasriya.net/)**\n\u003e \n\u003e Every contribution, big or small, makes a difference. Thank you for your generosity and support!\n___\n## Features\n\n- **Password Hashing**: Securely hash and verify passwords with support for salts and multiple hashing algorithms.\n- **JWT Management**: Easily create and verify JSON Web Tokens for secure authentication.\n- **Customizable Options**: Configure hashing and JWT options to fit your application's needs.\n\n___\n## Installation\n\nYou can install `AuthCrypto` via npm:\n\n```bash\nnpm install @nasriya/authcrypto\n```\n\nOr using yarn:\n\n```bash\nyarn add @nasriya/authcrypto\n```\n___\n## Importing\nImport in **ESM** module\n```ts\nimport authCrypto from '@nasriya/authcrypto';\n```\n\nImport in **CommonJS (CJS)**\n```js\nconst authCrypto = require('@nasriya/authcrypto').default;\n```\n___\n\n## Configuration\n\n**AuthCrypto** reads configuration values from environment variables or by setting them up manually:\n\n### A) Environment Variables\nIf you have full control over the source code, you can setup a `.env` file with the following properties:\n\n```env\nAuthCrypto_ROUNDS=10\nAuthCrypto_PASSWORDS_MIN=8\nAuthCrypto_PASSWORDS_MAX=32\nAuthCrypto_SECRET=Your_secret\n```\n\n- `AuthCrypto_ROUNDS`: The number of hashing rounds for password hashing.\n- `AuthCrypto_PASSWORDS_MIN`: Minimum length for passwords (default: `8`, min: `8`).\n- `AuthCrypto_PASSWORDS_MAX`: Maximum length for passwords (default: `32`).\n- `AuthCrypto_SECRET`**`*`**: A secret phrase to generate and verify JWT. Can be generated from [crypto.generateSecret()](#generating-secrets).\n\n### B) Manual Configuration\nYou can manually set some or all configurations using the `config` module as follows:\n\n```js\nauthCrypto.config.hashingRounds = 500;\nauthCrypto.config.minPasswordLength = 10;\nauthCrypto.config.maxPasswordLength = 32;\nauthCrypto.config.jwtSecret = '\u003ca 64 bytes secret\u003e';\n```\n\nOr you can configure them all like this:\n\n```js\nauthCrypto.config.set({\n    hashingRounds: 500,\n    minPasswordLength: 10,\n    maxPasswordLength: 32,\n    jwtSecret: '\u003ca 64 bytes secret\u003e'\n})\n```\n\u003e **:warning: Important Note**\n\u003e \n\u003e You must specify the `Crypto JWT_SECRET` variable in your environment, or set it using `authCrypto.config.jwtSecret`, otherwise, your system might be at risk of forgery\n___\n\n## Usage\n\n### Hashing \n\nTo hash strings, use the `crypto` API:\n\n#### Hashing\n```ts\nconst value = 'Something to hash';\nauthCrypto.crypto.hash(value);               // ⇨ b633c3e9f63478eb1fd0d311b1c35050644bf39d03e6f138a9ecf9ba2bc44cb77241dc5e08da50acb46053cafd11ac593a34d074d81c6b9b63a38e116ea14cba\nauthCrypto.crypto.hash(value, 'SHA512');     // ⇨ b633c3e9f63478eb1fd0d311b1c35050644bf39d03e6f138a9ecf9ba2bc44cb77241dc5e08da50acb46053cafd11ac593a34d074d81c6b9b63a38e116ea14cba\nauthCrypto.crypto.hash(value, 'SHA256');     // ⇨ ff75b3f89087a50f82c5fe8698d65a8ca8b2fdb9ddd698f8d0930b5ff963826d\nauthCrypto.crypto.hash(value, 'MD5');        // ⇨ b642e7e30f7eb096f02f02384163b1d8\nauthCrypto.crypto.hash(value, 'SHA1');       // ⇨ 2d7cb72b42172a3cb55b1db09fb4d96fcad14563\n```\n\n#### Generating Salt\n```ts\n// A 512-char salt\nauthCrypto.crypto.generateSalt();\n// ⇨ a05c9ae0c36e82a09e4fb947c744701f498069816af016a0b6c233a3291cecaa3e1b12d7059a1eac93ea828aedb94de13347c50610e06514f495f9989f0182f1b2e283a4f95d61691784a77576f7e5f5318030707146a5547aca0ef9177eb996ef21f9be20c4f4a82ad8191d35c46a4d24f6c0460f7a025eb41c0ef6388f8fe79ea5b393c28b719734a842982bdd750e66ae84d74feea21b7ebfc8ba2a507011bffe54c2ebe7e09e529724ad49fc6623617f025a5acb8edc45348483471f5e5d97b7f7d93cc13aba90589be64b015faea678212ee61c40946c279c6436c5103cbe7805d09bd455005fbe08b4651c61f04d69d3299fcdcfc64b7f2293006b571d\n\n// A 32-char salt\nauthCrypto.crypto.generateSalt(32);\n// ⇨ a89cd25cc53ff2819e4916a54fffd474\n```\n\n#### Hashing + Salt\n```ts\nconst value = 'Something to hash';\nconst salt = authCrypto.crypto.generateSalt(8);\n\nauthCrypto.crypto.saltHash(value, salt);               // ⇨ 120294cb8e1a5f03a6204b2aa86d2a6c4ad7484eb97d550dda7e9bef61ff7bf68f26f2155d057f477857aaff2a2da5d40e1492a314958185ab3f1cf064763fee\nauthCrypto.crypto.saltHash(value, salt, 'SHA512');     // ⇨ 120294cb8e1a5f03a6204b2aa86d2a6c4ad7484eb97d550dda7e9bef61ff7bf68f26f2155d057f477857aaff2a2da5d40e1492a314958185ab3f1cf064763fee\nauthCrypto.crypto.saltHash(value, salt, 'SHA256');     // ⇨ 5607d5a6eabd064c30f582966df3c303fcd81731efbc548014267d58426abc1f\nauthCrypto.crypto.saltHash(value, salt, 'MD5');        // ⇨ 7ad52f0862c310a186138681524eadc3\nauthCrypto.crypto.saltHash(value, salt, 'SHA1');       // ⇨ ea8971d4fc8bf334bed9d5799314c62fb7337eb7\n```\n\n#### Generating Secrets\nYou can generate **64 bytes** (512 bit) secret keys using the **crypto** module.\n\n```ts\nauthCrypto.crypto.generateSecret()\n// ⇨ b7f8de80f54fb1e95597497fd19ff05319d02e6ebc4a0a762e291dbfa650ed05cdf226dfdbfa59a6059815333465c4303888cea666a1f75d9492a30773b2017c\n```\n\n### Passwords\nThe `Passwords` module provides functionality for generating and verifying passwords with configurable options. Here's a detailed explanation of its features and how to use them.\n\n#### 1. Generating a Random Password\nThe `generate` method creates a random password based on the specified `length` and `options`.\n\nExample Usage:\n```ts\nconst password = authCrypto.passwords.generate(32, {\n    includeNumbers: true,\n    includeLetters: true,\n    includeSymbols: true,\n    beginWithLetter: true,\n    noSimilarChars: true,\n    noDuplicateChars: true,\n    noSequentialChars: true\n});\n\nconsole.log(password);  // ⇨ ysYT\"2U=Ekx|?}G!K{9#NIHP4d'fQ.b8\n```\n\nExplanation:\n\n- `length`: The length of the password, which must be between 8 and 32 characters.\n- `options`: An object to configure password generation:\n    - `includeNumbers`: Whether to include numbers in the password.\n    - `includeLetters`: Whether to include letters in the password.\n    - `includeSymbols`: Whether to include symbols in the password.\n    - `beginWithLetter`: If true, the password will start with a letter.\n    - `noSimilarChars`: If true, avoids similar characters like 'i', 'l', '1', 'O'.\n    - `noDuplicateChars`: If true, avoids duplicate characters in the password.\n    - `noSequentialChars`: If true, avoids sequential characters.\n\n#### 2. Verifying a Password\nThe `verify` method checks if a provided password matches a previously hashed password.\n\nExample Usage:\n```js\nconst plainPassword = 'mySecretPassword';\nconst hashedPassword = 'hashedPasswordFromDatabase'; // Assume this is a valid hashed password\n\nconst isMatch = Passwords.verify(plainPassword, hashedPassword);\n\nconsole.log(isMatch); // ⇨ true if the password matches, otherwise false\n```\n\nExample with different algorith:\n```js\nconst options = {\n    algorithm: 'SHA256' // Default: SHA512\n}\n\nconst isMatch = Passwords.verify(plainPassword, hashedPassword, options);\n\nconsole.log(isMatch); // ⇨ true if the password matches, otherwise false\n```\nExample Usage with **salting**:\n```ts\nconst plainPassword = 'mySecretPassword';\nconst hashedPassword = 'hashedPasswordFromDatabase'; // Assume this is a valid hashed password\nconst options = {\n    salt: 'optionalSalt', // If a salt was used during hashing\n}\n\nconst isMatch = Passwords.verify(plainPassword, hashedPassword, options);\n\nconsole.log(isMatch); // ⇨ true if the password matches, otherwise false\n```\n\nExplanation:\n\n- `password`: The plain text password to be verified.\n- `hashedPassword`: The previously hashed password to compare against.\n- `salt`: An optional salt that may have been used in the hashing process.\n\nValidation:\n- Ensures that the minimum length is not greater than the maximum length.\n- Throws errors if the provided lengths are invalid or if they do not meet the required constraints.\n\n### Generating \u0026 Verifying JWT\nThe `JWTManager` module provides functionality for generating and verifying JSON Web Tokens (JWTs). It uses HMAC with the SHA-512 hash algorithm for signing tokens and offers robust methods for handling JWT operations.\n\n#### 1. Generating a JWT\nThe `generate` method creates a JWT token by encoding the header and payload, and then signing the token with a secret key.\n\nExample Usage:\n```ts\nconst token = authCrypto.jwt.generate({\n    iss: 'auth.domain.com',\n    exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24, // 24 hours from now or any time you want\n    userid: 'a user id',\n    sessionId: 'a session id',\n    roles: ['user']\n});\n\nconsole.log(token); // Outputs the generated JWT token\n```\n\nExplanation:\n- `payload`: An object containing the claims you want to include in the JWT.\n    - `iat` (issued at): Automatically set to the current time.\n    - `exp` (expiration): Optional. If not provided, defaults to 24 hours from the current time.\n    - `iss` (issuer): Optional. If not provided, defaults to 'auth.nasriya.net'.\n\nValidation:\n- `exp` must be a number and should be at least 5 minutes in the future if provided.\n- `iss` must be a non-empty string if provided.\n\n### 2. Verifying a JWT\nThe `verify` method checks the validity of a JWT token, including verifying its signature and expiration.\n\nExample Usage:\n```ts\nconst token = 'your.jwt.token'; // Replace with an actual JWT token\n\nconst result = authCrypto.jwt.verify(token);\n\nif (result.valid) {\n    console.log('Token is valid:', result.payload);\n} else {\n    throw new Error(result.message);\n}\n```\n\nExplanation:\n- `token`: The JWT token to verify. It must be in the format `header.payload.signature`.\n- Returns: An object indicating the result of the verification:\n    - `valid`: `true` if the token is valid, `false` otherwise.\n    - `payload`: The decoded payload if the token is **valid**.\n    - `message`: A description of why the token is **invalid**, if applicable.\n\n___\n## License\nPlease read the license from [here](https://github.com/nasriyasoftware/AuthCrypto?tab=License-1-ov-file).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnasriyasoftware%2Fauthcrypto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnasriyasoftware%2Fauthcrypto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnasriyasoftware%2Fauthcrypto/lists"}