@naman_deep_singh/security 1.3.3 → 1.4.0

package/dist/cjs/core/jwt/validateToken.js

@@ -2,34 +2,37 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateTokenPayload = validateTokenPayload;
 exports.isTokenExpired = isTokenExpired;
-function validateTokenPayload(payload, rules = {
-    requiredFields: ['exp', 'iat'],
-}) {
-    const { requiredFields = [], forbiddenFields = [], validateTypes = {}, } = rules;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+function validateTokenPayload(payload, rules = { requiredFields: ['exp', 'iat'] }) {
+    const { requiredFields = [], forbiddenFields = [], validateTypes = {} } = rules;
     // 1. Required fields
     for (const field of requiredFields) {
         if (!(field in payload)) {
-            return { valid: false, error: `Missing required field: ${field}` };
+            throw new errors_utils_1.ValidationError(`Missing required field: ${field}`);
         }
     }
     // 2. Forbidden fields
     for (const field of forbiddenFields) {
         if (field in payload) {
-            return { valid: false, error: `Forbidden field in token: ${field}` };
+            throw new errors_utils_1.ValidationError(`Forbidden field in token: ${field}`);
         }
     }
     // 3. Type validation
     for (const key in validateTypes) {
         const expectedType = validateTypes[key];
         if (key in payload && typeof payload[key] !== expectedType) {
-            return {
-                valid: false,
-                error: `Invalid type for ${key}. Expected ${expectedType}.`,
-            };
+            throw new errors_utils_1.ValidationError(`Invalid type for ${key}. Expected ${expectedType}, got ${typeof payload[key]}`);
         }
     }
-    return { valid: true };
 }
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
 function isTokenExpired(payload) {
     if (!payload.exp)
         return true;

package/dist/cjs/core/jwt/verify.d.ts

@@ -1,19 +1,18 @@
-import type jwt from 'jsonwebtoken';
-import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { VerificationResult } from './types';
+import { type JwtPayload, type Secret, VerifyOptions } from 'jsonwebtoken';
+import { VerificationResult } from './types';
 /**
- * Verify token (throws if invalid or expired)
+ * Verify token (throws UnauthorizedError if invalid or expired)
  */
 export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
 /**
- * Safe verify — never throws, returns structured result
+ * Verify token with options
  */
-export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
+export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => string | JwtPayload;
 /**
- * Verify token with validation options
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
  */
-export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => string | JwtPayload;
+export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
 /**
- * Safe verify with validation options
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
  */
-export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => VerificationResult;
+export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => VerificationResult;

package/dist/cjs/core/jwt/verify.js

@@ -1,16 +1,46 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeVerifyTokenWithOptions = exports.verifyTokenWithOptions = exports.safeVerifyToken = exports.verifyToken = void 0;
+exports.safeVerifyTokenWithOptions = exports.safeVerifyToken = exports.verifyTokenWithOptions = exports.verifyToken = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 /**
- * Verify token (throws if invalid or expired)
+ * Verify token (throws UnauthorizedError if invalid or expired)
  */
 const verifyToken = (token, secret) => {
-    return (0, jsonwebtoken_1.verify)(token, secret);
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+    }
 };
 exports.verifyToken = verifyToken;
 /**
- * Safe verify — never throws, returns structured result
+ * Verify token with options
+ */
+const verifyTokenWithOptions = (token, secret, options = {}) => {
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret, options);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+    }
+};
+exports.verifyTokenWithOptions = verifyTokenWithOptions;
+/**
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
  */
 const safeVerifyToken = (token, secret) => {
     try {
@@ -18,19 +48,22 @@ const safeVerifyToken = (token, secret) => {
         return { valid: true, payload: decoded };
     }
     catch (error) {
-        return { valid: false, error: error };
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+        }
+        return { valid: false, error: wrappedError };
     }
 };
 exports.safeVerifyToken = safeVerifyToken;
 /**
- * Verify token with validation options
- */
-const verifyTokenWithOptions = (token, secret, options = {}) => {
-    return (0, jsonwebtoken_1.verify)(token, secret, options);
-};
-exports.verifyTokenWithOptions = verifyTokenWithOptions;
-/**
- * Safe verify with validation options
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
  */
 const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
     try {
@@ -38,7 +71,17 @@ const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
         return { valid: true, payload: decoded };
     }
     catch (error) {
-        return { valid: false, error: error };
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+        }
+        return { valid: false, error: wrappedError };
     }
 };
 exports.safeVerifyTokenWithOptions = safeVerifyTokenWithOptions;

package/dist/cjs/core/password/hash.js

@@ -19,7 +19,7 @@ const hashPassword = async (password, saltRounds = 10) => {
         return bcryptjs_1.default.hash(password, salt);
     }
     catch (_err) {
-        throw new errors_utils_1.InternalServerError('Password hashing failed');
+        throw new errors_utils_1.InternalServerError({ message: 'Password hashing failed' });
     }
 };
 exports.hashPassword = hashPassword;
@@ -36,7 +36,7 @@ const hashPasswordSync = (password, saltRounds = 10) => {
         return bcryptjs_1.default.hashSync(password, salt);
     }
     catch (_error) {
-        throw new errors_utils_1.InternalServerError('Password hashing failed');
+        throw new errors_utils_1.InternalServerError({ message: 'Password hashing failed' });
     }
 };
 exports.hashPasswordSync = hashPasswordSync;

package/dist/cjs/core/password/passwordManager.d.ts

@@ -23,7 +23,7 @@ export declare class PasswordManager implements IPasswordManager {
      */
     checkStrength(password: string): PasswordStrength;
     /**
-     * Check if password hash needs upgrade (different salt rounds)
+     * Check if password hash needs upgrade (saltRounds change)
      */
     needsUpgrade(_hash: string, _currentConfig: PasswordConfig): boolean;
 }

package/dist/cjs/core/password/passwordManager.js

@@ -27,25 +27,20 @@ class PasswordManager {
     async hash(password, salt) {
         try {
             (0, utils_1.ensureValidPassword)(password);
-            // Validate password meets basic requirements
             this.validate(password);
             const saltRounds = this.defaultConfig.saltRounds;
-            let passwordSalt = salt;
-            if (!passwordSalt) {
-                passwordSalt = await bcryptjs_1.default.genSalt(saltRounds);
+            let finalSalt = salt;
+            if (!finalSalt) {
+                finalSalt = await bcryptjs_1.default.genSalt(saltRounds);
             }
-            const hash = await bcryptjs_1.default.hash(password, passwordSalt);
-            return {
-                hash,
-                salt: passwordSalt,
-            };
+            const hash = await bcryptjs_1.default.hash(password, finalSalt);
+            return { hash, salt: finalSalt };
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError) {
                 throw error;
             }
-            throw new errors_utils_1.BadRequestError('Failed to hash password');
+            throw new errors_utils_1.BadRequestError({ message: 'Failed to hash password' }, error instanceof Error ? error : undefined);
         }
     }
     /**
@@ -53,19 +48,12 @@ class PasswordManager {
      */
     async verify(password, hash, salt) {
         try {
-            if (!password || !hash || !salt) {
+            if (!password || !hash || !salt)
                 return false;
-            }
-            // First verify with the provided salt
-            const isValid = await bcryptjs_1.default.compare(password, hash);
-            // If invalid and different salt was used, try regenerating hash with new salt
-            if (!isValid && salt !== this.defaultConfig.saltRounds?.toString()) {
-                const newHash = await bcryptjs_1.default.hash(password, salt);
-                return newHash === hash;
-            }
-            return isValid;
+            // bcrypt compare works directly with hash
+            return await bcryptjs_1.default.compare(password, hash);
         }
-        catch (_error) {
+        catch {
             return false;
         }
     }
@@ -75,7 +63,7 @@ class PasswordManager {
     generate(length = 16, options = {}) {
         const config = { ...this.defaultConfig, ...options };
         if (length < config.minLength || length > config.maxLength) {
-            throw new errors_utils_1.ValidationError(`Password length must be between ${config.minLength} and ${config.maxLength}`);
+            throw new errors_utils_1.ValidationError({ message: `Password length must be between ${config.minLength} and ${config.maxLength}` });
         }
         let charset = 'abcdefghijklmnopqrstuvwxyz';
         if (config.requireUppercase)
@@ -84,24 +72,20 @@ class PasswordManager {
             charset += '0123456789';
         if (config.requireSpecialChars)
             charset += '!@#$%^&*()_+-=[]{}|;:,.<>?';
-        let password = '';
         const randomBytes = crypto_1.default.randomBytes(length);
+        let password = '';
         for (let i = 0; i < length; i++) {
             password += charset[randomBytes[i] % charset.length];
         }
-        // Ensure all requirements are met
-        if (config.requireUppercase && !/[A-Z]/.test(password)) {
+        // Ensure requirements
+        if (config.requireUppercase && !/[A-Z]/.test(password))
             password = password.replace(/[a-z]/, 'A');
-        }
-        if (config.requireLowercase && !/[a-z]/.test(password)) {
+        if (config.requireLowercase && !/[a-z]/.test(password))
             password = password.replace(/[A-Z]/, 'a');
-        }
-        if (config.requireNumbers && !/[0-9]/.test(password)) {
+        if (config.requireNumbers && !/[0-9]/.test(password))
             password = password.replace(/[A-Za-z]/, '0');
-        }
-        if (config.requireSpecialChars && !/[^A-Za-z0-9]/.test(password)) {
+        if (config.requireSpecialChars && !/[^A-Za-z0-9]/.test(password))
             password = password.replace(/[A-Za-z0-9]/, '!');
-        }
         return password;
     }
     /**
@@ -110,45 +94,27 @@ class PasswordManager {
     validate(password, config = {}) {
         const finalConfig = { ...this.defaultConfig, ...config };
         const errors = [];
-        // Basic validation
-        if (!password || typeof password !== 'string') {
+        if (!password || typeof password !== 'string')
             errors.push('Password must be a non-empty string');
-        }
-        // Length validation
-        if (password.length < finalConfig.minLength) {
-            errors.push(`Password must be at least ${finalConfig.minLength} characters long`);
-        }
-        if (password.length > finalConfig.maxLength) {
+        if (password.length < finalConfig.minLength)
+            errors.push(`Password must be at least ${finalConfig.minLength} characters`);
+        if (password.length > finalConfig.maxLength)
             errors.push(`Password must not exceed ${finalConfig.maxLength} characters`);
-        }
-        // Complexity requirements
-        if (finalConfig.requireUppercase && !/[A-Z]/.test(password)) {
+        if (finalConfig.requireUppercase && !/[A-Z]/.test(password))
             errors.push('Password must contain at least one uppercase letter');
-        }
-        if (finalConfig.requireLowercase && !/[a-z]/.test(password)) {
+        if (finalConfig.requireLowercase && !/[a-z]/.test(password))
             errors.push('Password must contain at least one lowercase letter');
-        }
-        if (finalConfig.requireNumbers && !/[0-9]/.test(password)) {
+        if (finalConfig.requireNumbers && !/[0-9]/.test(password))
             errors.push('Password must contain at least one number');
-        }
-        if (finalConfig.requireSpecialChars && !/[^A-Za-z0-9]/.test(password)) {
+        if (finalConfig.requireSpecialChars && !/[^A-Za-z0-9]/.test(password))
             errors.push('Password must contain at least one special character');
-        }
-        // Custom rules
         if (finalConfig.customRules) {
             finalConfig.customRules.forEach((rule) => {
-                if (!rule.test(password)) {
+                if (!rule.test(password))
                     errors.push(rule.message);
-                }
             });
         }
-        const strength = this.checkStrength(password);
-        const isValid = errors.length === 0;
-        return {
-            isValid,
-            errors,
-            strength,
-        };
+        return { isValid: errors.length === 0, errors, strength: this.checkStrength(password) };
     }
     /**
      * Check password strength
@@ -158,26 +124,20 @@ class PasswordManager {
         let score = 0;
         const feedback = [];
         const suggestions = [];
-        /* ---------------- Entropy baseline ---------------- */
         if (entropy < 28) {
             feedback.push('Password is easy to guess');
             suggestions.push('Use more unique characters and length');
         }
-        else if (entropy < 36) {
-            score += 1;
-        }
-        else if (entropy < 60) {
+        else if (entropy < 36)
+            score++;
+        else if (entropy < 60)
             score += 2;
-        }
-        else {
+        else
             score += 3;
-        }
-        /* ---------------- Length scoring ---------------- */
         if (password.length >= 12)
             score++;
         if (password.length >= 16)
             score++;
-        /* ---------------- Character variety ---------------- */
         if (/[a-z]/.test(password))
             score++;
         if (/[A-Z]/.test(password))
@@ -186,7 +146,6 @@ class PasswordManager {
             score++;
         if (/[^A-Za-z0-9]/.test(password))
             score++;
-        /* ---------------- Pattern deductions ---------------- */
         if (/^[A-Za-z]+$/.test(password)) {
             score--;
             feedback.push('Consider adding numbers or symbols');
@@ -203,15 +162,12 @@ class PasswordManager {
             score--;
             feedback.push('Avoid sequential patterns');
         }
-        /* ---------------- Common passwords ---------------- */
         const commonPasswords = ['password', '123456', 'qwerty', 'admin', 'letmein'];
         if (commonPasswords.some((common) => password.toLowerCase().includes(common))) {
             score = 0;
             feedback.push('Avoid common passwords');
         }
-        /* ---------------- Clamp score ---------------- */
         score = Math.max(0, Math.min(4, score));
-        /* ---------------- Strength label ---------------- */
         let label;
         switch (score) {
             case 0:
@@ -234,22 +190,14 @@ class PasswordManager {
                 label = 'strong';
                 suggestions.push('Your password is very secure');
                 break;
-            default:
-                label = 'very-weak';
+            default: label = 'very-weak';
         }
-        return {
-            score,
-            label,
-            feedback,
-            suggestions,
-        };
+        return { score, label, feedback, suggestions };
     }
     /**
-     * Check if password hash needs upgrade (different salt rounds)
+     * Check if password hash needs upgrade (saltRounds change)
      */
     needsUpgrade(_hash, _currentConfig) {
-        // Simple heuristic: if the hash doesn't match current salt rounds pattern
-        // In practice, you'd need to store the salt rounds with the hash
         return false;
     }
 }

package/dist/cjs/core/password/strength.js

@@ -4,18 +4,18 @@ exports.isPasswordStrong = void 0;
 const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const isPasswordStrong = (password, options = {}) => {
     if (!password)
-        throw new errors_utils_1.BadRequestError('Invalid password provided');
+        throw new errors_utils_1.BadRequestError({ message: 'Invalid password provided' });
     const { minLength = 8, requireUppercase = true, requireLowercase = true, requireNumbers = true, requireSymbols = false, } = options;
     if (password.length < minLength)
         throw new errors_utils_1.ValidationError(`Password must be at least ${minLength} characters`);
     if (requireUppercase && !/[A-Z]/.test(password))
-        throw new errors_utils_1.ValidationError('Password must include uppercase letters');
+        throw new errors_utils_1.ValidationError({ message: 'Password must include uppercase letters' });
     if (requireLowercase && !/[a-z]/.test(password))
-        throw new errors_utils_1.ValidationError('Password must include lowercase letters');
+        throw new errors_utils_1.ValidationError({ message: 'Password must include lowercase letters' });
     if (requireNumbers && !/[0-9]/.test(password))
-        throw new errors_utils_1.ValidationError('Password must include numbers');
+        throw new errors_utils_1.ValidationError({ message: 'Password must include numbers' });
     if (requireSymbols && !/[^A-Za-z0-9]/.test(password))
-        throw new errors_utils_1.ValidationError('Password must include symbols');
+        throw new errors_utils_1.ValidationError({ message: 'Password must include symbols' });
     return true;
 };
 exports.isPasswordStrong = isPasswordStrong;

package/dist/cjs/core/password/utils.d.ts

@@ -1,4 +1,16 @@
+/**
+ * Ensure password is a valid non-empty string
+ */
 export declare function ensureValidPassword(password: string): void;
+/**
+ * Timing-safe comparison between two strings
+ */
 export declare function safeCompare(a: string, b: string): boolean;
+/**
+ * Estimate password entropy based on character pool
+ */
 export declare function estimatePasswordEntropy(password: string): number;
+/**
+ * Normalize password string to a consistent form
+ */
 export declare function normalizePassword(password: string): string;

package/dist/cjs/core/password/utils.js

@@ -9,11 +9,17 @@ exports.estimatePasswordEntropy = estimatePasswordEntropy;
 exports.normalizePassword = normalizePassword;
 const crypto_1 = __importDefault(require("crypto"));
 const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Ensure password is a valid non-empty string
+ */
 function ensureValidPassword(password) {
     if (!password || typeof password !== 'string') {
-        throw new errors_utils_1.BadRequestError('Invalid password provided');
+        throw new errors_utils_1.BadRequestError({ message: 'Invalid password provided' });
     }
 }
+/**
+ * Timing-safe comparison between two strings
+ */
 function safeCompare(a, b) {
     const bufA = Buffer.from(a);
     const bufB = Buffer.from(b);
@@ -21,6 +27,9 @@ function safeCompare(a, b) {
         return false;
     return crypto_1.default.timingSafeEqual(bufA, bufB);
 }
+/**
+ * Estimate password entropy based on character pool
+ */
 function estimatePasswordEntropy(password) {
     let pool = 0;
     if (/[a-z]/.test(password))
@@ -31,8 +40,14 @@ function estimatePasswordEntropy(password) {
         pool += 10;
     if (/[^A-Za-z0-9]/.test(password))
         pool += 32;
+    // If no characters matched, fallback to 1 to avoid log2(0)
+    if (pool === 0)
+        pool = 1;
     return password.length * Math.log2(pool);
 }
+/**
+ * Normalize password string to a consistent form
+ */
 function normalizePassword(password) {
     return password.normalize('NFKC');
 }

package/dist/cjs/core/password/verify.js

@@ -15,11 +15,11 @@ const verifyPassword = async (password, hash) => {
     try {
         const result = await bcryptjs_1.default.compare(password, hash);
         if (!result)
-            throw new errors_utils_1.UnauthorizedError('Password verification failed');
+            throw new errors_utils_1.UnauthorizedError({ message: 'Password verification failed' });
         return result;
     }
     catch {
-        throw new errors_utils_1.UnauthorizedError('Password verification failed');
+        throw new errors_utils_1.UnauthorizedError({ message: 'Password verification failed' });
     }
 };
 exports.verifyPassword = verifyPassword;
@@ -33,11 +33,11 @@ const verifyPasswordSync = (password, hash) => {
     try {
         const result = bcryptjs_1.default.compareSync(password, hash);
         if (!result)
-            throw new errors_utils_1.UnauthorizedError('Password verification failed');
+            throw new errors_utils_1.UnauthorizedError({ message: 'Password verification failed' });
         return result;
     }
     catch (_error) {
-        throw new errors_utils_1.UnauthorizedError('Password verification failed');
+        throw new errors_utils_1.UnauthorizedError({ message: 'Password verification failed' });
     }
 };
 exports.verifyPasswordSync = verifyPasswordSync;

package/dist/cjs/index.d.ts

@@ -21,16 +21,11 @@ declare const _default: {
     generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
     parseDuration(input: string | number): number;
     signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
-    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): {
-        valid: true;
-    } | {
-        valid: false;
-        error: string;
-    };
+    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): void;
     isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
     verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
     verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
     safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
     hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
     hashPasswordWithPepperSync(password: string, pepper: string): string;