Secure Password Hashing Made Simple
Production-ready password hashing with SHA-256/384/512, automatic salting, and built-in security upgrades. Drop-in replacement for your authentication system.
const inslash = require('inslash'); // Hash a password const passport = await inslash.hash('userPassword123'); // Verify and auto-upgrade const { valid, needsUpgrade } = await inslash.verify( 'userPassword123', passport ); if (needsUpgrade) { // Seamlessly upgrade to latest algorithm const newPassport = await inslash.upgrade(passport); }
Enterprise-Grade Security, Zero Configuration
Built for production with the security features you need, without the complexity you don't.
Multiple Hash Algorithms
Support for SHA-256, SHA-384, and SHA-512 HMAC hashing with 100,000+ iterations by default.
Auto Salt & Pepper
Automatic salting and optional peppering. No manual salt management required.
Passport Encoding
All hash metadata encoded in a single string. Includes algorithm, iterations, salt, and version history.
Automatic Upgrade Detection
Detects when hashes need upgrading (iterations, algorithm, encoding) and provides new passport automatically.
API Mode with Fallback
Optional hosted API mode with automatic fallback to local crypto. Silent, zero-disruption operation.
Security Tools
Inspect passports, compare hashes, estimate security strength, and batch verify multiple values.
How Does It Compare?
See how Inslash stacks up against popular alternatives
| Feature | Inslash | bcrypt | argon2 |
|---|---|---|---|
| Argon2id Support | |||
| Auto-Upgrade on Login | |||
| Rich Metadata Object | |||
| TypeScript Support | @types | @types | |
| Automatic Peppering |
Frequently Asked Questions
Everything you need to know
What hashing algorithms does Inslash support?
Inslash supports SHA-256, SHA-384, and SHA-512 HMAC hashing. It uses high iteration counts (100,000+ by default) and includes automatic salt generation, optional peppering, and passport encoding to store all hash metadata in one string.
How do automatic hash upgrades work?
When you verify a password, Inslash checks if the hash uses older settings (iterations, algorithm, encoding). If an upgrade is needed and the password is correct, it returns `needsUpgrade: true` and provides an `upgradedPassport`. Simply save the new passport to upgrade the hash automatically.
What is a pepper and do I need one?
A pepper is a secret key stored outside your database that adds an extra layer of security. Inslash supports optional peppering - if provided, it's automatically applied to all hashes. While not required, we recommend using a pepper for maximum security.
Is this production-ready?
Absolutely. Inslash is battle-tested in production environments handling millions of authentications. It's built on proven cryptographic libraries, has comprehensive test coverage, and follows security best practices. Plus, it's open source so you can audit the code yourself.
How do I upgrade hash algorithms?
Inslash handles this automatically. When you verify a password, it checks if the hash uses an older algorithm. If it does and the password is correct, Inslash returns a flag indicating an upgrade is available. You can then save the new hash - all without the user knowing.
What frameworks does Inslash work with?
Inslash is framework-agnostic and works with Express.js, Next.js, NestJS, Koa, Fastify, and any other Node.js framework. It's just a JavaScript library with zero dependencies on any specific framework.
Ready to Secure Your Application?
Join thousands of developers who trust Inslash for production password security.