Node Argon2 Password Hashing

Node Argon2 is a native Node.js addon that provides bindings to the reference C implementation of Argon2, the algorithm that won the 2015 Password Hashing Competition organized by an academic panel of cryptography researchers. The package exposes two primary functions: hash, which accepts a plaintext password and returns a PHC-formatted string containing the algorithm identifier, version, memory cost, time cost, parallelism parameter, salt, and derived hash; and verify, which takes a previously generated hash and a candidate password, returning a boolean match result. The default parameters follow the security recommendations published by the Argon2 development team, using Argon2id with a memory cost of 19456 kilobytes, a time cost of 2 iterations, and a parallelism of 1, producing hashes that resist both GPU and ASIC brute-force attacks. Developers can override these defaults to tune memory consumption, iteration count, hash length, salt length, and parallelism threads based on their hardware constraints and threat model. The library supports all three Argon2 variants: Argon2i for side-channel-resistant hashing, Argon2d for maximum resistance against GPU cracking, and Argon2id as the recommended hybrid. A needsRehash function detects when stored hashes use outdated parameters, enabling gradual parameter upgrades during login without forcing password resets. Prebuilt binaries are distributed through npm for Linux x86-64 and ARM64, macOS Intel and Apple Silicon, Windows x86-64, Alpine Linux, and FreeBSD, eliminating compilation requirements on supported platforms. The package ships with TypeScript type definitions, supports both CommonJS and ESM import syntax, and requires Node.js version 22 or later. Over two thousand GitHub stars and fifty-one contributors reflect its adoption as the standard Argon2 library in the Node.js ecosystem.