{"id":13507678,"url":"https://github.com/riverrun/comeonin","last_synced_at":"2025-12-17T12:03:18.771Z","repository":{"id":24809265,"uuid":"28223437","full_name":"riverrun/comeonin","owner":"riverrun","description":"Password hashing specification for the Elixir programming language","archived":false,"fork":false,"pushed_at":"2025-02-03T22:34:40.000Z","size":520,"stargazers_count":1317,"open_issues_count":2,"forks_count":65,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-09-27T01:29:54.286Z","etag":null,"topics":["argon2","bcrypt","elixir","pbkdf2"],"latest_commit_sha":null,"homepage":"https://hex.pm/packages/comeonin","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/riverrun.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-12-19T09:38:57.000Z","updated_at":"2025-08-22T07:41:42.000Z","dependencies_parsed_at":"2024-01-25T05:24:43.347Z","dependency_job_id":"b887d5cf-cd35-4891-9389-19d4ed0b20ac","html_url":"https://github.com/riverrun/comeonin","commit_stats":{"total_commits":344,"total_committers":30,"mean_commits":"11.466666666666667","dds":"0.17441860465116277","last_synced_commit":"57f994b68e04fb808ced5ae1eb716ca0ec99b7dd"},"previous_names":["elixircnx/comeonin"],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/riverrun/comeonin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riverrun%2Fcomeonin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riverrun%2Fcomeonin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riverrun%2Fcomeonin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riverrun%2Fcomeonin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/riverrun","download_url":"https://codeload.github.com/riverrun/comeonin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riverrun%2Fcomeonin/sbom","scorecard":{"id":777569,"data":{"date":"2025-08-11","repo":{"name":"github.com/riverrun/comeonin","commit":"2249af755395bbecbd089d71ccc7ce25dbfa591b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":3,"reason":"Found 7/23 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T03:59:55.683Z","repository_id":24809265,"created_at":"2025-08-23T03:59:55.684Z","updated_at":"2025-08-23T03:59:55.684Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27782844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-17T02:00:08.291Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argon2","bcrypt","elixir","pbkdf2"],"created_at":"2024-08-01T02:00:37.713Z","updated_at":"2025-12-17T12:03:18.453Z","avatar_url":"https://github.com/riverrun.png","language":"Elixir","funding_links":[],"categories":["Cryptography","1. language","Uncategorized"],"sub_categories":["1.3 elixir","Uncategorized"],"readme":"# Comeonin\n\n[![Build Status](https://travis-ci.com/riverrun/comeonin.svg?branch=master)](https://travis-ci.com/riverrun/comeonin)\n[![Module Version](https://img.shields.io/hexpm/v/comeonin.svg)](https://hex.pm/packages/comeonin)\n[![Hex Docs](https://img.shields.io/badge/hex-docs-lightgreen.svg)](https://hexdocs.pm/comeonin/)\n[![Total Download](https://img.shields.io/hexpm/dt/comeonin.svg)](https://hex.pm/packages/comeonin)\n[![License](https://img.shields.io/hexpm/l/comeonin.svg)](https://github.com/riverrun/comeonin/blob/master/LICENSE)\n[![Last Updated](https://img.shields.io/github/last-commit/riverrun/comeonin.svg)](https://github.com/riverrun/comeonin/commits/master)\n[![Join the chat at https://gitter.im/comeonin/Lobby](https://badges.gitter.im/comeonin/Lobby.svg)](https://gitter.im/comeonin/Lobby?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\nComeonin is a specification for password hashing libraries.\n\nFor information about hashing passwords in your app, see\n[Password hashing libraries](#password-hashing-libraries).\n\n## Changes in version 5\n\nIn version 5.0 and above, Comeonin now provides two behaviours, Comeonin and\nComeonin.PasswordHash, which password hash libraries then implement.\n\nWith these changes, Comeonin is now a dependency of the password hashing\nlibrary you choose to use, and in most cases, you will not use it\ndirectly.\n\nSee the [UPGRADE_v5 guide](https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md)\nfor information about you can upgrade to version 5.\n\n## Password hashing libraries\n\nThe following libraries all implement the Comeonin and Comeonin.PasswordHash\nbehaviours:\n\n* Argon2 - argon2_elixir\n  * [docs](https://hexdocs.pm/argon2_elixir)\n  * [source](https://github.com/riverrun/argon2_elixir)\n* Bcrypt - bcrypt_elixir\n  * [docs](https://hexdocs.pm/bcrypt_elixir)\n  * [source](https://github.com/riverrun/bcrypt_elixir)\n* Pbkdf2 - pbkdf2_elixir\n  * [docs](https://hexdocs.pm/pbkdf2_elixir)\n  * [source](https://github.com/riverrun/pbkdf2_elixir)\n\nArgon2 is currently considered to be the strongest password hashing function,\nand it is the one we recommend.\n\nBcrypt and Pbkdf2 are viable alternatives, but they are less resistant than Argon2,\nto attacks using GPUs or dedicated hardware.\n\n### Windows users\n\nOn Windows, it can be time-consuming and problematic to setup the environment needed\nto compile the C code in Argon2 and Bcrypt. For this reason, it is often easier to install\nPbkdf2, which has no C dependencies.\n\nFor more information, see\n[Choosing a library](https://github.com/riverrun/comeonin/wiki/Choosing-the-password-hashing-library).\n\n## Comeonin wiki\n\nSee the [Comeonin wiki](https://github.com/riverrun/comeonin/wiki) for more\ninformation on the following topics:\n\n* [Hashing passwords](https://github.com/riverrun/comeonin/wiki/Hashing-passwords) - a general guide to hashing passwords in your Elixir app\n* [Password hashing libraries](https://github.com/riverrun/comeonin/wiki/Choosing-the-password-hashing-library)\n* [Requirements](https://github.com/riverrun/comeonin/wiki/Requirements)\n* [Deployment](https://github.com/riverrun/comeonin/wiki/Deployment) - including information about using Docker\n* [References](https://github.com/riverrun/comeonin/wiki/References)\n\n## Contributing\n\nThere are many ways you can contribute to the development of Comeonin, including:\n\n* Reporting issues\n* Improving documentation\n* Sharing your experiences with others\n\n### License\n\nBSD. For full details, please read the LICENSE file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friverrun%2Fcomeonin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Friverrun%2Fcomeonin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friverrun%2Fcomeonin/lists"}