This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

📦 bcrypt

A bcrypt library for NodeJS.

Author

Nick Campbell

License

MIT

Unpacked Size

1.06 MB

Packed Size

472.13 KB

Last Activity

5 months ago

Wkly Downloads

322K

Unpacked Size

1.06 MB

Packed Size

472.13 KB

License

MIT

Author

Nick Campbell

Last Activity

5 months ago

Dependencies Overview

Dependencies (2)

node-addon-api ^8.3.0 node-gyp-build ^4.8.4

Peer Dependencies (0)

There are not dependencies

Dev Dependencies (2)

jest ^29.7.0 prebuildify ^6.0.1

Versions Overview

Last Version

6.0.0

Last Version Released

5 months ago

N. of Versions

Security Overview

Vulnerabilities

Last Version with Vulnerabilities

4.0.1

Vulnerabilities Tracker

Historycal data about package vulnerabilities across all the stable versions

Vulnerabilites Summary

The bcrypt npm package has a history of security vulnerabilities. Every version from 0.1.2 to 4.0.1 has at least one vulnerability. Versions 5.0.0 and later have no reported vulnerabilities.

Complete Security Overview

Popularity Overview

GH Stars

7.7K

GH Forks

540

GH Watchers

Downloads History

Historycal data about package downloads in the last 18 months

Popularity Summary

Bcrypt npm package downloads show a generally increasing trend from March 2024 to August 2025, peaking at over 11 million. However, September 2025 downloads are significantly lower, around 3 million, likely due to the month being incomplete. Downloads consistently remained above 7 million since April 2024

Repository Overview

Default Branch

master

Is Archived?

Is Disabled?

Is Fork?

Is Locked?

Security Policy Enabled?

YES

Latest Commits

Last 10 commits in the repository

Top Contributors

The top contributors considering the last 100 commits & PRs

recrsn

thom-nic

laijonathan

cokia

alete89

Open PRs (4)

Currently active PR in the repository

clarified timing attack note in README

awrreny

about 1 month ago

chore: fix typos in docs

noritaka1166

4 months ago

fix: apply let for changing variable

ggomma

over 1 year ago

[FEATURE] Hash by max time allotted #787

sujal-ux

about 4 years ago

Open Issues (20)

Currently active PR in the repository

getting deprecation errors

Stargate-a11y

about 1 month ago

MODULE_NOT_FOUND: bcrypt_lib.node after build on server (locally works fine)

mahamodulhasanmoon

4 months ago

installation instructions for Alpine Linux images

miparnisari

4 months ago

node-abi error

cyhnkckali

5 months ago

[bug] bcrypt.compare always returns "true"

D50000

6 months ago

Bcrypt exits with code 0 after calling hash method

0xtcb

7 months ago

Lack of Support for $2y$ Hashing Algorithm in bcrypt Module

Alekseyfgl

11 months ago

bycryptjs compare password return false every time

Mehroz101

about 1 year ago

bcrypt.compare() always return false even when it´s supposed to be true

s-pl

over 1 year ago

Cannot use 'throw' with exceptions disabled & NAPI exception support not detected

lmarcelocc

over 1 year ago

Open Discussions (4)

Currently open discussions in the repository

5 months ago

7 months ago

Status of this project

jankapunkt

9 months ago

Why bcrypt.compare function no need to use salt, when compare with origin password?

xgqfrms

almost 3 years ago

Package Summary

Bcrypt is a widely used and secure password hashing algorithm. It's invaluable for protecting user credentials in applications. The package offers a robust and adaptive hashing function, making it computationally expensive to crack passwords. Bcrypt's slow hashing process increases security by making brute-force attacks less feasible, protecting against common cyber threats. It is easy to integrate to many kinds of web applications.

Release Frequency

Historycal data about package versions

Releases Summary

Bcrypt's release frequency is sporadic. It had bursts of activity in 2011-2013 and 2018-2020. The period between 2013 to 2017 saw sparse releases. After 2020, releases became even less frequent, with only one release per year in 2021 and beyond, until May 2025. Some months saw multiple releases, while many had none.

All Versions

Popularity Overview

GH Stars

7.7K

GH Forks

540

GH Watchers

Downloads History

Historycal data about package downloads in the last 18 months

Popularity Summary

Security Overview

Vulnerabilities

Last Version with Vulnerabilities

4.0.1

Vulnerabilities Tracker

Historycal data about package vulnerabilities across all the stable versions

Vulnerabilites Summary

The bcrypt npm package has a history of security vulnerabilities. Every version from 0.1.2 to 4.0.1 has at least one vulnerability. Versions 5.0.0 and later have no reported vulnerabilities.

Complete Security Overview