README.md
# pw-hash
Easy and secure password hashing with salt.
[](https://circleci.com/gh/robojones/pw-hash/tree/master)
[](https://codeclimate.com/github/robojones/pw-hash/coverage)
[](https://opensource.org/licenses/MIT)
[](https://www.bithound.io/github/robojones/pw-hash)
[](https://www.bithound.io/github/robojones/pw-hash)
[](https://www.bithound.io/github/robojones/pw-hash/master/dependencies/npm)
## Highlights
- __100%__ tested.
- No __dependencies__.
- Uses a __strong hash algorithm__ by default (sha256).
- Appends a random string (salt) to each password before hashing it (for extra security).
- JSDoc documentation for __completion__ in editors like VS Code.
## Installation
```
npm i pw-hash
```
## Usage
```javascript
const hash = require('pw-hash')
// hash a password:
const hashString = hash.create('example password')
// verify if a password matches
hash.verify('wrong password', hashString) // false
hash.verify('example password', hashString) // true
```
## API
### hash.create(password)
- password `<string>` - A string containing the password.
__Returns__ a string that can be stored in the database. It can be used with the verify method to check if a password matches.
### hash.verify(password, hashString)
- password `<string>` - A string containing the password.
- hashString `<string>` - A string that was created with the .create() method.
This method verifies if the password is the same password that you passed to the .create() method.
It __Returns__ `true` if the password matches or `false` if it doesn't.