{"id":10513,"library":"argon2","title":"Argon2 Hashing for Node.js","description":"node-argon2 is a Node.js library providing native bindings to the reference Argon2 hashing algorithm, which is a key derivation function designed to be memory-hard and suitable for password hashing. The library is actively maintained with frequent minor and patch releases, currently stable at version 0.44.0. It aims to simplify the use of Argon2 in Node.js applications by offering prebuilt binaries for common platforms (since v0.26.0, expanded significantly in v0.40.0), reducing the need for local compilation. Key differentiators include robust TypeScript support, flexibility in configuring Argon2 parameters (e.g., time cost, memory cost, parallelism), and the ability to choose between Argon2i, Argon2d, or Argon2id variants, making it a secure choice for password storage. It requires Node.js >= 16.17.0, with Node 18 or 20 being recommended.","status":"active","version":"0.44.0","language":"javascript","source_language":"en","source_url":"https://github.com/ranisalt/node-argon2","tags":["javascript","argon2","crypto","encryption","hashing","password","typescript"],"install":[{"cmd":"npm install argon2","lang":"bash","label":"npm"},{"cmd":"yarn add argon2","lang":"bash","label":"yarn"},{"cmd":"pnpm add argon2","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Named import for the 'hash' function, common in ESM and TypeScript. Prefer named imports for clarity.","wrong":"import argon2 from 'argon2'; argon2.hash(...);","symbol":"hash","correct":"import { hash } from 'argon2';"},{"note":"Named import for the 'verify' function. The `require` syntax is for CommonJS environments.","wrong":"const argon2 = require('argon2'); argon2.verify(...);","symbol":"verify","correct":"import { verify } from 'argon2';"},{"note":"Standard TypeScript/ESM import for all exports under a namespace. For CommonJS, use `const argon2 = require('argon2');` to access methods like `argon2.hash()`.","wrong":"const { hash, verify } = require('argon2');","symbol":"argon2 (all exports)","correct":"import * as argon2 from 'argon2';"}],"quickstart":{"code":"import { hash, verify } from 'argon2';\n\nasync function main() {\n  const password = process.env.USER_PASSWORD ?? 'mySecurePassword';\n  let hashedPassword: string;\n\n  try {\n    // Hash a password with default options (Argon2id)\n    hashedPassword = await hash(password);\n    console.log('Hashed password:', hashedPassword);\n\n    // Verify a password against a hash\n    if (await verify(hashedPassword, password)) {\n      console.log('Password matched!');\n    } else {\n      console.error('Password did not match.');\n    }\n\n    // Example of hashing with custom options (e.g., Argon2i, higher memory cost)\n    const customHashedPassword = await hash(password, {\n      type: 1, // argon2.ArgonType.Argon2i\n      memoryCost: 1024,\n      timeCost: 4,\n      parallelism: 2\n    });\n    console.log('Custom hashed password:', customHashedPassword);\n\n  } catch (err) {\n    console.error('An error occurred:', err);\n  }\n}\n\nmain();","lang":"typescript","description":"Demonstrates how to hash a password using default settings, verify a password against a hash, and hash with custom Argon2 parameters."},"warnings":[{"fix":"Upgrade your Node.js runtime to version 18 or 20 (preferably) to ensure compatibility and receive security updates.","message":"Node.js 16 is no longer supported after version 0.31.2 due to its End-of-Life. Users on Node.js 16 will experience build or runtime failures.","severity":"breaking","affected_versions":">=0.31.2"},{"fix":"Update to `argon2@0.31.0` or newer immediately to mitigate the security risk associated with the `node-pre-gyp` dependency.","message":"Older versions of `argon2` (<=0.30.3) had a security vulnerability in their dependency `@mapbox/node-pre-gyp`.","severity":"breaking","affected_versions":"<=0.30.3"},{"fix":"Install `node-gyp` globally (`npm install -g node-gyp`) and ensure you have a suitable C++ toolchain. For macOS, use `brew install gcc`. For manual compilation, you might need to specify `CXX=g++-12 npm install argon2`.","message":"Installing `argon2` on platforms without prebuilt binaries or specific environments requires a global `node-gyp` installation and a compatible C++ compiler (GCC >= 5 / Clang >= 3.3, or Visual Studio 2015+ on Windows).","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Upgrade to `argon2@0.40.0` or newer to leverage prebuilt binaries, which significantly reduces installation complexity and build errors for most users.","message":"Before version 0.40.0, `argon2` did not ship prebuilt binaries for all platforms, leading to frequent compilation issues for users with diverse environments.","severity":"gotcha","affected_versions":"<0.40.0"},{"fix":"Update to `argon2@0.41.1` or newer to resolve type declaration inconsistencies for byte-related inputs.","message":"TypeScript type definitions for byte inputs were incorrect (`any` instead of `Buffer`) in versions prior to 0.41.1, leading to type-checking issues.","severity":"gotcha","affected_versions":"<0.41.1"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure your Node.js version meets the package requirements (>=16.17.0, preferably 18/20). If using a non-standard environment or an older `argon2` version, try manually rebuilding: `npx @mapbox/node-pre-gyp rebuild -C ./node_modules/argon2`.","cause":"The prebuilt binary (or a locally compiled one) is incompatible with your current Node.js version or operating system/architecture.","error":"Error: The module '\\path\\to\\node_modules\\argon2\\lib\\binding\\napi-vX\\argon2.node' was compiled against a different Node.js version. ... Module parse failed: Unexpected character '�' (1:0)"},{"fix":"Upgrade to `argon2@0.43.1` or newer. This version specifically addresses compatibility issues with TypeScript 5.7's `Buffer` type changes.","cause":"TypeScript 5.7 introduced changes to how `Buffer` types are handled, causing type mismatches with older `argon2` versions that weren't updated for this change.","error":"Argument of type 'Buffer' is not assignable to parameter of type 'string'."},{"fix":"Upgrade to `argon2@0.41.0` or newer. This version disables LTO to prevent such symbol-related compilation errors.","cause":"Link-Time Optimization (LTO) can sometimes cause symbol resolution issues in certain compilation environments.","error":"Error: Missing symbols, such as `_ZNSt ...` or `undefined symbol: ` (linker errors during compilation/runtime)"},{"fix":"Upgrade to `argon2@0.41.1` or newer to get corrected TypeScript type declarations for inputs like passwords and salts.","cause":"TypeScript definitions in `argon2` prior to v0.41.1 incorrectly typed byte inputs (e.g., `Buffer`) as `any` or had other inconsistencies.","error":"TS2345: Argument of type 'string | Buffer' is not assignable to parameter of type 'string'."}],"ecosystem":"npm"}