@naman_deep_singh/security 1.0.3 → 1.1.0

package/dist/esm/core/jwt/extractToken.js

@@ -0,0 +1,46 @@
+/**
+ * Universal token extractor
+ */
+export function extractToken(sources) {
+    const { header, cookies, query, body, wsMessage } = sources;
+    // 1. Authorization: Bearer <token>
+    if (header) {
+        const parts = header.split(" ");
+        if (parts.length === 2 && parts[0] === "Bearer")
+            return parts[1];
+    }
+    // 2. Cookies: token / accessToken
+    if (cookies) {
+        if (cookies["token"])
+            return cookies["token"];
+        if (cookies["accessToken"])
+            return cookies["accessToken"];
+    }
+    // 3. Query params: ?token=xxx
+    if (query?.token)
+        return query.token;
+    // 4. Body: { token: "" }
+    if (body?.token)
+        return body.token;
+    // 5. WebSocket message extraction (NEW)
+    if (wsMessage) {
+        try {
+            let msg = wsMessage;
+            // If it's a JSON string → parse safely
+            if (typeof wsMessage === "string") {
+                msg = JSON.parse(wsMessage);
+            }
+            // Direct token
+            if (typeof msg.token === "string")
+                return msg.token;
+            // Nested token: { auth: { token: "" } }
+            if (msg.auth && typeof msg.auth.token === "string") {
+                return msg.auth.token;
+            }
+        }
+        catch {
+            // Ignore parse errors gracefully
+        }
+    }
+    return null;
+}

package/dist/esm/core/jwt/generateTokens.d.ts

@@ -0,0 +1,7 @@
+import { Secret } from "jsonwebtoken";
+export interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+}
+export declare const generateTokens: (payload: object, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
+export declare function rotateRefreshToken(oldToken: string, secret: Secret): string;

package/dist/esm/core/jwt/generateTokens.js

@@ -0,0 +1,18 @@
+import { signToken } from "./signToken";
+import { verifyToken } from "./verify";
+export const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = "15m", refreshExpiry = "7d") => {
+    return {
+        accessToken: signToken(payload, accessSecret, accessExpiry, { algorithm: "HS256" }),
+        refreshToken: signToken(payload, refreshSecret, refreshExpiry, { algorithm: "HS256" }),
+    };
+};
+export function rotateRefreshToken(oldToken, secret) {
+    const decoded = verifyToken(oldToken, secret);
+    if (typeof decoded === "string") {
+        throw new Error("Invalid token payload — expected JWT payload object");
+    }
+    const payload = { ...decoded };
+    delete payload.iat;
+    delete payload.exp;
+    return signToken(payload, secret, "7d");
+}

package/dist/esm/core/jwt/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./decode";
+export * from "./extractToken";
+export * from "./generateTokens";
+export * from "./parseDuration";
+export * from "./signToken";
+export * from "./validateToken";
+export * from "./verify";

package/dist/esm/core/jwt/index.js

@@ -0,0 +1,7 @@
+export * from "./decode";
+export * from "./extractToken";
+export * from "./generateTokens";
+export * from "./parseDuration";
+export * from "./signToken";
+export * from "./validateToken";
+export * from "./verify";

package/dist/esm/core/jwt/parseDuration.d.ts

@@ -0,0 +1 @@
+export declare function parseDuration(input: string | number): number;

package/dist/esm/core/jwt/parseDuration.js

@@ -0,0 +1,26 @@
+const TIME_UNITS = {
+    s: 1,
+    m: 60,
+    h: 3600,
+    d: 86400,
+    w: 604800
+};
+export function parseDuration(input) {
+    if (typeof input === "number")
+        return input;
+    const regex = /(\d+)\s*(s|m|h|d|w)/gi;
+    let totalSeconds = 0;
+    let match;
+    while ((match = regex.exec(input)) !== null) {
+        const value = parseInt(match[1], 10);
+        const unit = match[2].toLowerCase();
+        if (!TIME_UNITS[unit]) {
+            throw new Error(`Invalid time unit: ${unit}`);
+        }
+        totalSeconds += value * TIME_UNITS[unit];
+    }
+    if (totalSeconds === 0) {
+        throw new Error(`Invalid expiry format: "${input}"`);
+    }
+    return totalSeconds;
+}

package/dist/esm/core/jwt/signToken.d.ts

@@ -0,0 +1,2 @@
+import { Secret, SignOptions } from "jsonwebtoken";
+export declare const signToken: (payload: Record<string, any>, secret: Secret, expiresIn?: string | number, options?: SignOptions) => string;

package/dist/esm/core/jwt/signToken.js

@@ -0,0 +1,22 @@
+import { sign } from "jsonwebtoken";
+import { parseDuration } from "./parseDuration";
+function getExpiryTimestamp(seconds) {
+    return Math.floor(Date.now() / 1000) + seconds;
+}
+export const signToken = (payload, secret, expiresIn = "1h", options = {}) => {
+    const seconds = parseDuration(expiresIn);
+    if (!seconds || seconds < 10) {
+        throw new Error("Token expiry too small");
+    }
+    const tokenPayload = {
+        ...payload
+    };
+    if (!("exp" in payload))
+        tokenPayload.exp = getExpiryTimestamp(seconds);
+    if (!("iat" in payload))
+        tokenPayload.iat = Math.floor(Date.now() / 1000);
+    return sign(tokenPayload, secret, {
+        algorithm: "HS256",
+        ...options
+    });
+};

package/dist/esm/core/jwt/validateToken.d.ts

@@ -0,0 +1,13 @@
+import { JwtPayload } from "node_modules/@types/jsonwebtoken";
+export interface TokenRequirements {
+    requiredFields?: string[];
+    forbiddenFields?: string[];
+    validateTypes?: Record<string, "string" | "number" | "boolean">;
+}
+export declare function validateTokenPayload(payload: Record<string, any>, rules?: TokenRequirements): {
+    valid: true;
+} | {
+    valid: false;
+    error: string;
+};
+export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/esm/core/jwt/validateToken.js

@@ -0,0 +1,33 @@
+export function validateTokenPayload(payload, rules = {
+    requiredFields: ["exp", "iat"]
+}) {
+    const { requiredFields = [], forbiddenFields = [], validateTypes = {} } = rules;
+    // 1. Required fields
+    for (const field of requiredFields) {
+        if (!(field in payload)) {
+            return { valid: false, error: `Missing required field: ${field}` };
+        }
+    }
+    // 2. Forbidden fields
+    for (const field of forbiddenFields) {
+        if (field in payload) {
+            return { valid: false, error: `Forbidden field in token: ${field}` };
+        }
+    }
+    // 3. Type validation
+    for (const key in validateTypes) {
+        const expectedType = validateTypes[key];
+        if (key in payload && typeof payload[key] !== expectedType) {
+            return {
+                valid: false,
+                error: `Invalid type for ${key}. Expected ${expectedType}.`
+            };
+        }
+    }
+    return { valid: true };
+}
+export function isTokenExpired(payload) {
+    if (!payload.exp)
+        return true;
+    return Date.now() >= payload.exp * 1000;
+}

package/dist/esm/core/jwt/verify.d.ts

@@ -0,0 +1,13 @@
+import { Secret, JwtPayload } from "jsonwebtoken";
+/**
+ * Verify token (throws if invalid or expired)
+ */
+export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
+/**
+ * Safe verify — never throws, returns { valid, payload?, error? }
+ */
+export declare const safeVerifyToken: (token: string, secret: Secret) => {
+    valid: boolean;
+    payload?: string | JwtPayload;
+    error?: unknown;
+};

package/dist/esm/core/jwt/verify.js

@@ -0,0 +1,19 @@
+import { verify } from "jsonwebtoken";
+/**
+ * Verify token (throws if invalid or expired)
+ */
+export const verifyToken = (token, secret) => {
+    return verify(token, secret);
+};
+/**
+ * Safe verify — never throws, returns { valid, payload?, error? }
+ */
+export const safeVerifyToken = (token, secret) => {
+    try {
+        const decoded = verify(token, secret);
+        return { valid: true, payload: decoded };
+    }
+    catch (error) {
+        return { valid: false, error };
+    }
+};

package/dist/esm/core/password/hash.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
+export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/esm/core/password/hash.js

@@ -0,0 +1,35 @@
+import bcrypt from "bcryptjs";
+import { ensureValidPassword } from "./utils";
+import { InternalServerError } from "@naman_deep_singh/errors-utils";
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export const hashPassword = async (password, saltRounds = 10) => {
+    try {
+        ensureValidPassword(password);
+        const salt = await bcrypt.genSalt(saltRounds);
+        return bcrypt.hash(password, salt);
+    }
+    catch (err) {
+        throw new InternalServerError('Password hashing failed');
+    }
+};
+export function hashPasswordWithPepper(password, pepper) {
+    return hashPassword(password + pepper);
+}
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export const hashPasswordSync = (password, saltRounds = 10) => {
+    try {
+        ensureValidPassword(password);
+        const salt = bcrypt.genSaltSync(saltRounds);
+        return bcrypt.hashSync(password, salt);
+    }
+    catch (error) {
+        throw new InternalServerError('Password hashing failed');
+    }
+};
+export function hashPasswordWithPepperSync(password, pepper) {
+    return hashPasswordSync(password + pepper);
+}

package/dist/esm/core/password/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./hash";
+export * from "./strength";
+export * from "./verify";

package/dist/esm/core/password/index.js

@@ -0,0 +1,3 @@
+export * from "./hash";
+export * from "./strength";
+export * from "./verify";

package/dist/esm/core/password/strength.d.ts

@@ -0,0 +1,2 @@
+import { PasswordStrengthOptions } from "./types";
+export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/esm/core/password/strength.js

@@ -0,0 +1,17 @@
+import { BadRequestError, ValidationError } from "@naman_deep_singh/errors-utils";
+export const isPasswordStrong = (password, options = {}) => {
+    if (!password)
+        throw new BadRequestError('Invalid password provided');
+    const { minLength = 8, requireUppercase = true, requireLowercase = true, requireNumbers = true, requireSymbols = false, } = options;
+    if (password.length < minLength)
+        throw new ValidationError(`Password must be at least ${minLength} characters`);
+    if (requireUppercase && !/[A-Z]/.test(password))
+        throw new ValidationError("Password must include uppercase letters");
+    if (requireLowercase && !/[a-z]/.test(password))
+        throw new ValidationError("Password must include lowercase letters");
+    if (requireNumbers && !/[0-9]/.test(password))
+        throw new ValidationError("Password must include numbers");
+    if (requireSymbols && !/[^A-Za-z0-9]/.test(password))
+        throw new ValidationError("Password must include symbols");
+    return true;
+};

package/dist/esm/core/password/types.d.ts

@@ -0,0 +1,7 @@
+export interface PasswordStrengthOptions {
+    minLength?: number;
+    requireUppercase?: boolean;
+    requireLowercase?: boolean;
+    requireNumbers?: boolean;
+    requireSymbols?: boolean;
+}

package/dist/esm/core/password/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/core/password/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function ensureValidPassword(password: string): void;
+export declare function safeCompare(a: string, b: string): boolean;
+export declare function estimatePasswordEntropy(password: string): number;
+export declare function normalizePassword(password: string): string;

package/dist/esm/core/password/utils.js

@@ -0,0 +1,29 @@
+import crypto from "crypto";
+import { BadRequestError } from "@naman_deep_singh/errors-utils";
+export function ensureValidPassword(password) {
+    if (!password || typeof password !== "string") {
+        throw new BadRequestError('Invalid password provided');
+    }
+}
+export function safeCompare(a, b) {
+    const bufA = Buffer.from(a);
+    const bufB = Buffer.from(b);
+    if (bufA.length !== bufB.length)
+        return false;
+    return crypto.timingSafeEqual(bufA, bufB);
+}
+export function estimatePasswordEntropy(password) {
+    let pool = 0;
+    if (/[a-z]/.test(password))
+        pool += 26;
+    if (/[A-Z]/.test(password))
+        pool += 26;
+    if (/[0-9]/.test(password))
+        pool += 10;
+    if (/[^A-Za-z0-9]/.test(password))
+        pool += 32;
+    return password.length * Math.log2(pool);
+}
+export function normalizePassword(password) {
+    return password.normalize("NFKC");
+}

package/dist/esm/core/password/verify.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
+export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
+export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;

package/dist/esm/core/password/verify.js

@@ -0,0 +1,36 @@
+import bcrypt from "bcryptjs";
+import { UnauthorizedError } from "@naman_deep_singh/errors-utils";
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+export const verifyPassword = async (password, hash) => {
+    try {
+        const result = await bcrypt.compare(password, hash);
+        if (!result)
+            throw new UnauthorizedError('Password verification failed');
+        return result;
+    }
+    catch {
+        throw new UnauthorizedError('Password verification failed');
+    }
+};
+export async function verifyPasswordWithPepper(password, pepper, hash) {
+    return verifyPassword(password + pepper, hash);
+}
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+export const verifyPasswordSync = (password, hash) => {
+    try {
+        const result = bcrypt.compareSync(password, hash);
+        if (!result)
+            throw new UnauthorizedError('Password verification failed');
+        return result;
+    }
+    catch (error) {
+        throw new UnauthorizedError('Password verification failed');
+    }
+};
+export async function verifyPasswordWithPepperSync(password, pepper, hash) {
+    return verifyPasswordSync(password + pepper, hash);
+}

package/dist/esm/index.d.ts

@@ -0,0 +1,43 @@
+export * from "./core/password";
+export * from "./core/jwt";
+export * from "./core/crypto";
+export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError } from "@naman_deep_singh/errors-utils";
+import * as JWTUtils from "./core/jwt";
+declare const _default: {
+    decrypt: (data: string, secret: string) => string;
+    encrypt: (text: string, secret: string) => string;
+    hmacSign: (message: string, secret: string) => string;
+    hmacVerify: (message: string, secret: string, signature: string) => boolean;
+    randomToken: (length?: number) => string;
+    generateStrongPassword: (length?: number) => string;
+    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
+    extractToken(sources: JWTUtils.TokenSources): string | null;
+    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): string;
+    generateTokens: (payload: object, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
+    parseDuration(input: string | number): number;
+    signToken: (payload: Record<string, any>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
+    validateTokenPayload(payload: Record<string, any>, rules?: JWTUtils.TokenRequirements): {
+        valid: true;
+    } | {
+        valid: false;
+        error: string;
+    };
+    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
+    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => {
+        valid: boolean;
+        payload?: string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+        error?: unknown;
+    };
+    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+    hashPasswordWithPepperSync(password: string, pepper: string): string;
+    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+    hashPasswordSync: (password: string, saltRounds?: number) => string;
+    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
+    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPassword: (password: string, hash: string) => Promise<boolean>;
+    verifyPasswordSync: (password: string, hash: string) => boolean;
+};
+export default _default;

package/dist/esm/index.js

@@ -0,0 +1,13 @@
+export * from "./core/password";
+export * from "./core/jwt";
+export * from "./core/crypto";
+// Re-export common errors for convenience
+export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError } from "@naman_deep_singh/errors-utils";
+import * as PasswordUtils from "./core/password";
+import * as JWTUtils from "./core/jwt";
+import * as CryptoUtils from "./core/crypto";
+export default {
+    ...PasswordUtils,
+    ...JWTUtils,
+    ...CryptoUtils,
+};

package/dist/types/core/crypto/decrypt.d.ts

@@ -0,0 +1 @@
+export declare const decrypt: (data: string, secret: string) => string;

package/dist/types/core/crypto/encrypt.d.ts

@@ -0,0 +1 @@
+export declare const encrypt: (text: string, secret: string) => string;

package/dist/types/core/crypto/hmac.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Sign message using HMAC SHA-256
+ */
+export declare const hmacSign: (message: string, secret: string) => string;
+/**
+ * Verify HMAC signature
+ */
+export declare const hmacVerify: (message: string, secret: string, signature: string) => boolean;

package/dist/types/core/crypto/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./decrypt";
+export * from "./encrypt";
+export * from "./hmac";
+export * from "./random";

package/dist/types/core/crypto/random.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Generate cryptographically secure random string
+ */
+export declare const randomToken: (length?: number) => string;
+/**
+ * Generate a strong random password
+ */
+export declare const generateStrongPassword: (length?: number) => string;

package/dist/types/core/jwt/decode.d.ts

@@ -0,0 +1,12 @@
+import { JwtPayload } from "jsonwebtoken";
+/**
+ * Flexible decode
+ * Returns: null | string | JwtPayload
+ * Mirrors jsonwebtoken.decode()
+ */
+export declare function decodeToken(token: string): null | string | JwtPayload;
+/**
+ * Strict decode
+ * Always returns JwtPayload or throws error
+ */
+export declare function decodeTokenStrict(token: string): JwtPayload;

package/dist/types/core/jwt/extractToken.d.ts

@@ -0,0 +1,11 @@
+export interface TokenSources {
+    header?: string | undefined | null;
+    cookies?: Record<string, string> | undefined;
+    query?: Record<string, string | undefined> | undefined;
+    body?: Record<string, any> | undefined;
+    wsMessage?: string | Record<string, any> | undefined;
+}
+/**
+ * Universal token extractor
+ */
+export declare function extractToken(sources: TokenSources): string | null;

package/dist/types/core/jwt/generateTokens.d.ts

@@ -0,0 +1,7 @@
+import { Secret } from "jsonwebtoken";
+export interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+}
+export declare const generateTokens: (payload: object, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
+export declare function rotateRefreshToken(oldToken: string, secret: Secret): string;

package/dist/types/core/jwt/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./decode";
+export * from "./extractToken";
+export * from "./generateTokens";
+export * from "./parseDuration";
+export * from "./signToken";
+export * from "./validateToken";
+export * from "./verify";

package/dist/types/core/jwt/parseDuration.d.ts

@@ -0,0 +1 @@
+export declare function parseDuration(input: string | number): number;

package/dist/types/core/jwt/signToken.d.ts

@@ -0,0 +1,2 @@
+import { Secret, SignOptions } from "jsonwebtoken";
+export declare const signToken: (payload: Record<string, any>, secret: Secret, expiresIn?: string | number, options?: SignOptions) => string;

package/dist/types/core/jwt/validateToken.d.ts

@@ -0,0 +1,13 @@
+import { JwtPayload } from "node_modules/@types/jsonwebtoken";
+export interface TokenRequirements {
+    requiredFields?: string[];
+    forbiddenFields?: string[];
+    validateTypes?: Record<string, "string" | "number" | "boolean">;
+}
+export declare function validateTokenPayload(payload: Record<string, any>, rules?: TokenRequirements): {
+    valid: true;
+} | {
+    valid: false;
+    error: string;
+};
+export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/types/core/jwt/verify.d.ts

@@ -0,0 +1,13 @@
+import { Secret, JwtPayload } from "jsonwebtoken";
+/**
+ * Verify token (throws if invalid or expired)
+ */
+export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
+/**
+ * Safe verify — never throws, returns { valid, payload?, error? }
+ */
+export declare const safeVerifyToken: (token: string, secret: Secret) => {
+    valid: boolean;
+    payload?: string | JwtPayload;
+    error?: unknown;
+};

package/dist/types/core/password/hash.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
+export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/types/core/password/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./hash";
+export * from "./strength";
+export * from "./verify";

package/dist/types/core/password/strength.d.ts

@@ -0,0 +1,2 @@
+import { PasswordStrengthOptions } from "./types";
+export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/types/core/password/types.d.ts

@@ -0,0 +1,7 @@
+export interface PasswordStrengthOptions {
+    minLength?: number;
+    requireUppercase?: boolean;
+    requireLowercase?: boolean;
+    requireNumbers?: boolean;
+    requireSymbols?: boolean;
+}

package/dist/types/core/password/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function ensureValidPassword(password: string): void;
+export declare function safeCompare(a: string, b: string): boolean;
+export declare function estimatePasswordEntropy(password: string): number;
+export declare function normalizePassword(password: string): string;

package/dist/types/core/password/verify.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
+export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
+export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;