bun-argon2 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Aissam Irhir
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,246 @@
+# bun-argon2
+
+High-performance Argon2 password hashing for Bun and Node.js, built with Rust and napi-rs.
+
+[![npm version](https://badge.fury.io/js/bun-argon2.svg)](https://www.npmjs.com/package/bun-argon2)
+[![CI](https://github.com/nexus-aissam/bun-argon2/workflows/CI/badge.svg)](https://github.com/nexus-aissam/bun-argon2/actions)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Why bun-argon2?
+
+The popular `argon2` npm package has broken native bindings when installed with Bun. This library provides a Bun-first alternative that's:
+
+- **Fast** - **1.33x faster** than the `argon2` npm package
+- **Safe** - Uses the battle-tested `argon2` Rust crate
+- **Typed** - Full TypeScript support with strict types
+- **Compatible** - Works with both Bun and Node.js
+
+## Benchmarks
+
+Tested on Apple M1 Pro with Bun 1.3.3:
+
+| Operation | bun-argon2 | argon2 (npm) | Difference |
+|-----------|------------|--------------|------------|
+| Hash (async) | 3.31 ms | 4.40 ms | **1.33x faster** |
+| Hash (sync) | 3.20 ms | N/A | - |
+| Verify (async) | 3.28 ms | 4.35 ms | **1.33x faster** |
+| Verify (sync) | 3.23 ms | N/A | - |
+
+> Benchmark settings: memoryCost=4096 KB, timeCost=2, parallelism=1
+>
+> Run benchmarks yourself: `bun run benchmarks/bench.ts`
+
+## Installation
+
+```bash
+# Using Bun (recommended)
+bun add bun-argon2
+
+# Using npm
+npm install bun-argon2
+
+# Using yarn
+yarn add bun-argon2
+
+# Using pnpm
+pnpm add bun-argon2
+```
+
+## Quick Start
+
+```typescript
+import { hash, verify } from 'bun-argon2';
+
+// Hash a password
+const hashed = await hash('myPassword123');
+// $argon2id$v=19$m=65536,t=3,p=4$...
+
+// Verify a password
+const isValid = await verify(hashed, 'myPassword123');
+// true
+```
+
+## API Reference
+
+### `hash(password, options?)`
+
+Hash a password asynchronously (recommended).
+
+```typescript
+import { hash } from 'bun-argon2';
+
+// Basic usage
+const hashed = await hash('password');
+
+// With custom options
+const hashed = await hash('password', {
+  type: 'argon2id',      // 'argon2d' | 'argon2i' | 'argon2id'
+  memoryCost: 65536,     // Memory in KB (default: 64MB)
+  timeCost: 3,           // Iterations (default: 3)
+  parallelism: 4,        // Threads (default: 4)
+  hashLength: 32,        // Output length in bytes
+  salt: customSalt,      // Custom salt (optional)
+});
+```
+
+### `verify(hash, password)`
+
+Verify a password against a hash asynchronously.
+
+```typescript
+import { verify } from 'bun-argon2';
+
+const isValid = await verify(hash, 'password');
+```
+
+### `hashSync(password, options?)`
+
+Hash a password synchronously (blocking).
+
+```typescript
+import { hashSync } from 'bun-argon2';
+
+const hashed = hashSync('password');
+```
+
+### `verifySync(hash, password)`
+
+Verify a password synchronously (blocking).
+
+```typescript
+import { verifySync } from 'bun-argon2';
+
+const isValid = verifySync(hash, 'password');
+```
+
+### `hashRaw(password, options?)`
+
+Get raw hash and salt as Buffers (for custom storage).
+
+```typescript
+import { hashRaw } from 'bun-argon2';
+
+const { hash, salt } = await hashRaw('password');
+console.log(hash.toString('hex'));
+console.log(salt.toString('hex'));
+```
+
+### `needsRehash(hash, options?)`
+
+Check if a hash needs to be rehashed (e.g., after changing parameters).
+
+```typescript
+import { needsRehash } from 'bun-argon2';
+
+const oldHash = '$argon2id$v=19$m=4096,t=1,p=1$...';
+
+if (needsRehash(oldHash, { memoryCost: 65536, timeCost: 3 })) {
+  // Re-hash with new parameters on next login
+}
+```
+
+## Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `type` | `'argon2d' \| 'argon2i' \| 'argon2id'` | `'argon2id'` | Algorithm variant |
+| `memoryCost` | `number` | `65536` | Memory usage in KB (64MB default) |
+| `timeCost` | `number` | `3` | Number of iterations |
+| `parallelism` | `number` | `4` | Number of threads |
+| `hashLength` | `number` | `32` | Output hash length in bytes |
+| `salt` | `Buffer` | auto-generated | Custom salt (16+ bytes recommended) |
+
+## Algorithm Variants
+
+- **argon2id** (recommended) - Hybrid of argon2i and argon2d, best for password hashing
+- **argon2i** - Data-independent, resistant to side-channel attacks
+- **argon2d** - Data-dependent, faster but vulnerable to side-channel attacks
+
+## Security Recommendations
+
+For password hashing, OWASP recommends:
+
+```typescript
+// Minimum recommended settings
+const options = {
+  type: 'argon2id',
+  memoryCost: 19456,  // 19MB
+  timeCost: 2,
+  parallelism: 1,
+};
+
+// Stronger settings (if resources allow)
+const strongerOptions = {
+  type: 'argon2id',
+  memoryCost: 65536,  // 64MB
+  timeCost: 3,
+  parallelism: 4,
+};
+```
+
+## Comparison
+
+| Feature | bun-argon2 | argon2 (npm) | @node-rs/argon2 |
+|---------|------------|--------------|-----------------|
+| Bun Support | Native | Broken | Partial |
+| Node.js Support | Yes | Yes | Yes |
+| Async API | Yes | Yes | Yes |
+| Sync API | Yes | Yes | Yes |
+| TypeScript | Full | Basic | Full |
+| Implementation | Pure Rust | C | Pure Rust |
+| Prebuilt Binaries | Yes | Yes | Yes |
+
+## Supported Platforms
+
+| Platform | Architecture | Support |
+|----------|--------------|---------|
+| macOS | ARM64 (M1/M2/M3) | Yes |
+| macOS | x64 (Intel) | Yes |
+| Linux | x64 (glibc) | Yes |
+| Linux | x64 (musl/Alpine) | Yes |
+| Linux | ARM64 (glibc) | Yes |
+| Linux | ARM64 (musl) | Yes |
+| Windows | x64 | Yes |
+
+## Development
+
+```bash
+# Clone the repository
+git clone https://github.com/nexus-aissam/bun-argon2.git
+cd bun-argon2
+
+# Install dependencies
+bun install
+
+# Build native module (requires Rust)
+bun run build
+
+# Build TypeScript
+bun run build:ts
+
+# Run tests
+bun test
+```
+
+### Requirements
+
+- Bun 1.0+ or Node.js 18+
+- Rust 1.70+ (for building from source)
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+## Author
+
+Aissam Irhir ([@nexus-aissam](https://github.com/nexus-aissam))
+
+## Contributing
+
+Contributions are welcome! Please read our contributing guidelines before submitting a PR.
+
+## Acknowledgments
+
+- [argon2](https://crates.io/crates/argon2) - Rust Argon2 implementation
+- [napi-rs](https://napi.rs/) - Rust bindings for Node.js
+- [Bun](https://bun.sh/) - Fast JavaScript runtime

package/dist/index.d.mts

@@ -0,0 +1,158 @@
+import { Argon2Options, RawHashResult } from './types.mjs';
+export { Argon2Type } from './types.mjs';
+
+/**
+ * bun-argon2 - High-performance Argon2 password hashing for Bun and Node.js
+ *
+ * @module bun-argon2
+ * @author Aissam Irhir <aissamirhir@gmail.com>
+ *
+ * @example
+ * ```typescript
+ * import { hash, verify } from 'bun-argon2';
+ *
+ * // Hash a password
+ * const hashed = await hash('myPassword123');
+ *
+ * // Verify a password
+ * const isValid = await verify(hashed, 'myPassword123');
+ * ```
+ */
+
+/**
+ * Hash a password asynchronously (recommended)
+ *
+ * Returns a PHC-formatted hash string like:
+ * `$argon2id$v=19$m=65536,t=3,p=4$...`
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Promise resolving to the hashed password string
+ *
+ * @example
+ * ```typescript
+ * // Basic usage
+ * const hashed = await hash('myPassword123');
+ *
+ * // With custom options
+ * const hashed = await hash('myPassword123', {
+ *   type: 'argon2id',
+ *   memoryCost: 65536,
+ *   timeCost: 3,
+ *   parallelism: 4,
+ * });
+ * ```
+ */
+declare function hash(password: string, options?: Argon2Options): Promise<string>;
+/**
+ * Verify a password against a hash asynchronously (recommended)
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param password - The password to verify
+ * @returns Promise resolving to true if password matches
+ *
+ * @example
+ * ```typescript
+ * const hashed = await hash('myPassword123');
+ * const isValid = await verify(hashed, 'myPassword123');
+ * console.log(isValid); // true
+ * ```
+ */
+declare function verify(encoded: string, password: string): Promise<boolean>;
+/**
+ * Hash a password synchronously (blocking)
+ *
+ * Use this only when async is not available (e.g., in constructors).
+ * Prefer `hash()` for better performance.
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns The hashed password string
+ *
+ * @example
+ * ```typescript
+ * const hashed = hashSync('myPassword123');
+ * ```
+ */
+declare function hashSync(password: string, options?: Argon2Options): string;
+/**
+ * Verify a password against a hash synchronously (blocking)
+ *
+ * Use this only when async is not available.
+ * Prefer `verify()` for better performance.
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param password - The password to verify
+ * @returns True if password matches
+ *
+ * @example
+ * ```typescript
+ * const isValid = verifySync(hashed, 'myPassword123');
+ * ```
+ */
+declare function verifySync(encoded: string, password: string): boolean;
+/**
+ * Get raw hash and salt as Buffers asynchronously
+ *
+ * Unlike `hash()` which returns a PHC string, this returns raw bytes.
+ * Useful for custom storage or when you need direct access to the hash bytes.
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Promise resolving to object with hash and salt Buffers
+ *
+ * @example
+ * ```typescript
+ * const { hash, salt } = await hashRaw('myPassword123');
+ * console.log(hash.toString('hex')); // Raw hash as hex
+ * console.log(salt.toString('hex')); // Salt as hex
+ * ```
+ */
+declare function hashRaw(password: string, options?: Argon2Options): Promise<RawHashResult>;
+/**
+ * Get raw hash and salt as Buffers synchronously
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Object with hash and salt Buffers
+ */
+declare function hashRawSync(password: string, options?: Argon2Options): RawHashResult;
+/**
+ * Check if a hash needs to be rehashed
+ *
+ * Useful when you've upgraded your hashing parameters and want to
+ * gradually migrate existing hashes.
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param options - The current hashing parameters to compare against
+ * @returns True if the hash uses different parameters
+ *
+ * @example
+ * ```typescript
+ * const oldHash = '$argon2id$v=19$m=4096,t=1,p=1$...';
+ * const newOptions = { memoryCost: 65536, timeCost: 3 };
+ *
+ * if (needsRehash(oldHash, newOptions)) {
+ *   // Re-hash with new parameters on next login
+ * }
+ * ```
+ */
+declare function needsRehash(encoded: string, options?: Argon2Options): boolean;
+/**
+ * Get the native library version
+ *
+ * @returns Version string
+ */
+declare function version(): string;
+declare const _default: {
+    hash: typeof hash;
+    verify: typeof verify;
+    hashSync: typeof hashSync;
+    verifySync: typeof verifySync;
+    hashRaw: typeof hashRaw;
+    hashRawSync: typeof hashRawSync;
+    needsRehash: typeof needsRehash;
+    version: typeof version;
+};
+
+export { Argon2Options, RawHashResult, _default as default, hash, hashRaw, hashRawSync, hashSync, needsRehash, verify, verifySync, version };

package/dist/index.d.ts

@@ -0,0 +1,158 @@
+import { Argon2Options, RawHashResult } from './types.js';
+export { Argon2Type } from './types.js';
+
+/**
+ * bun-argon2 - High-performance Argon2 password hashing for Bun and Node.js
+ *
+ * @module bun-argon2
+ * @author Aissam Irhir <aissamirhir@gmail.com>
+ *
+ * @example
+ * ```typescript
+ * import { hash, verify } from 'bun-argon2';
+ *
+ * // Hash a password
+ * const hashed = await hash('myPassword123');
+ *
+ * // Verify a password
+ * const isValid = await verify(hashed, 'myPassword123');
+ * ```
+ */
+
+/**
+ * Hash a password asynchronously (recommended)
+ *
+ * Returns a PHC-formatted hash string like:
+ * `$argon2id$v=19$m=65536,t=3,p=4$...`
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Promise resolving to the hashed password string
+ *
+ * @example
+ * ```typescript
+ * // Basic usage
+ * const hashed = await hash('myPassword123');
+ *
+ * // With custom options
+ * const hashed = await hash('myPassword123', {
+ *   type: 'argon2id',
+ *   memoryCost: 65536,
+ *   timeCost: 3,
+ *   parallelism: 4,
+ * });
+ * ```
+ */
+declare function hash(password: string, options?: Argon2Options): Promise<string>;
+/**
+ * Verify a password against a hash asynchronously (recommended)
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param password - The password to verify
+ * @returns Promise resolving to true if password matches
+ *
+ * @example
+ * ```typescript
+ * const hashed = await hash('myPassword123');
+ * const isValid = await verify(hashed, 'myPassword123');
+ * console.log(isValid); // true
+ * ```
+ */
+declare function verify(encoded: string, password: string): Promise<boolean>;
+/**
+ * Hash a password synchronously (blocking)
+ *
+ * Use this only when async is not available (e.g., in constructors).
+ * Prefer `hash()` for better performance.
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns The hashed password string
+ *
+ * @example
+ * ```typescript
+ * const hashed = hashSync('myPassword123');
+ * ```
+ */
+declare function hashSync(password: string, options?: Argon2Options): string;
+/**
+ * Verify a password against a hash synchronously (blocking)
+ *
+ * Use this only when async is not available.
+ * Prefer `verify()` for better performance.
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param password - The password to verify
+ * @returns True if password matches
+ *
+ * @example
+ * ```typescript
+ * const isValid = verifySync(hashed, 'myPassword123');
+ * ```
+ */
+declare function verifySync(encoded: string, password: string): boolean;
+/**
+ * Get raw hash and salt as Buffers asynchronously
+ *
+ * Unlike `hash()` which returns a PHC string, this returns raw bytes.
+ * Useful for custom storage or when you need direct access to the hash bytes.
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Promise resolving to object with hash and salt Buffers
+ *
+ * @example
+ * ```typescript
+ * const { hash, salt } = await hashRaw('myPassword123');
+ * console.log(hash.toString('hex')); // Raw hash as hex
+ * console.log(salt.toString('hex')); // Salt as hex
+ * ```
+ */
+declare function hashRaw(password: string, options?: Argon2Options): Promise<RawHashResult>;
+/**
+ * Get raw hash and salt as Buffers synchronously
+ *
+ * @param password - The password to hash
+ * @param options - Optional hashing parameters
+ * @returns Object with hash and salt Buffers
+ */
+declare function hashRawSync(password: string, options?: Argon2Options): RawHashResult;
+/**
+ * Check if a hash needs to be rehashed
+ *
+ * Useful when you've upgraded your hashing parameters and want to
+ * gradually migrate existing hashes.
+ *
+ * @param encoded - The PHC-formatted hash string
+ * @param options - The current hashing parameters to compare against
+ * @returns True if the hash uses different parameters
+ *
+ * @example
+ * ```typescript
+ * const oldHash = '$argon2id$v=19$m=4096,t=1,p=1$...';
+ * const newOptions = { memoryCost: 65536, timeCost: 3 };
+ *
+ * if (needsRehash(oldHash, newOptions)) {
+ *   // Re-hash with new parameters on next login
+ * }
+ * ```
+ */
+declare function needsRehash(encoded: string, options?: Argon2Options): boolean;
+/**
+ * Get the native library version
+ *
+ * @returns Version string
+ */
+declare function version(): string;
+declare const _default: {
+    hash: typeof hash;
+    verify: typeof verify;
+    hashSync: typeof hashSync;
+    verifySync: typeof verifySync;
+    hashRaw: typeof hashRaw;
+    hashRawSync: typeof hashRawSync;
+    needsRehash: typeof needsRehash;
+    version: typeof version;
+};
+
+export { Argon2Options, RawHashResult, _default as default, hash, hashRaw, hashRawSync, hashSync, needsRehash, verify, verifySync, version };

package/dist/index.js

@@ -0,0 +1,145 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  default: () => index_default,
+  hash: () => hash,
+  hashRaw: () => hashRaw,
+  hashRawSync: () => hashRawSync,
+  hashSync: () => hashSync,
+  needsRehash: () => needsRehash,
+  verify: () => verify,
+  verifySync: () => verifySync,
+  version: () => version
+});
+module.exports = __toCommonJS(index_exports);
+var import_fs = require("fs");
+var import_path = require("path");
+var import_url = require("url");
+var import_meta = {};
+var getCurrentDir = () => {
+  try {
+    return (0, import_path.dirname)((0, import_url.fileURLToPath)(import_meta.url));
+  } catch {
+    return __dirname;
+  }
+};
+function loadNativeBinding() {
+  const platform = process.platform;
+  const arch = process.arch;
+  let targetName;
+  switch (platform) {
+    case "darwin":
+      targetName = arch === "arm64" ? "darwin-arm64" : "darwin-x64";
+      break;
+    case "linux":
+      const isMusl = (0, import_fs.existsSync)("/etc/alpine-release") || process.env.npm_config_libc === "musl";
+      if (arch === "arm64") {
+        targetName = isMusl ? "linux-arm64-musl" : "linux-arm64-gnu";
+      } else {
+        targetName = isMusl ? "linux-x64-musl" : "linux-x64-gnu";
+      }
+      break;
+    case "win32":
+      targetName = "win32-x64-msvc";
+      break;
+    default:
+      throw new Error(`Unsupported platform: ${platform}-${arch}`);
+  }
+  const currentDir = getCurrentDir();
+  const possiblePaths = [
+    // Same directory as this file (dist/)
+    (0, import_path.join)(currentDir, `argon2.${targetName}.node`),
+    // Parent directory (package root)
+    (0, import_path.join)(currentDir, "..", `argon2.${targetName}.node`),
+    // CWD (development)
+    (0, import_path.join)(process.cwd(), `argon2.${targetName}.node`)
+  ];
+  for (const modulePath of possiblePaths) {
+    try {
+      if ((0, import_fs.existsSync)(modulePath)) {
+        return require(modulePath);
+      }
+    } catch {
+      continue;
+    }
+  }
+  throw new Error(
+    `Failed to load native binding for ${platform}-${arch}. Tried: ${possiblePaths.join(", ")}`
+  );
+}
+var native = loadNativeBinding();
+function toNapiOptions(options) {
+  if (!options) return void 0;
+  return {
+    algorithm: options.type,
+    memoryCost: options.memoryCost,
+    timeCost: options.timeCost,
+    parallelism: options.parallelism,
+    hashLength: options.hashLength,
+    salt: options.salt
+  };
+}
+async function hash(password, options) {
+  return native.hash(password, toNapiOptions(options));
+}
+async function verify(encoded, password) {
+  return native.verify(encoded, password);
+}
+function hashSync(password, options) {
+  return native.hashSync(password, toNapiOptions(options));
+}
+function verifySync(encoded, password) {
+  return native.verifySync(encoded, password);
+}
+async function hashRaw(password, options) {
+  return native.hashRaw(password, toNapiOptions(options));
+}
+function hashRawSync(password, options) {
+  return native.hashRawSync(password, toNapiOptions(options));
+}
+function needsRehash(encoded, options) {
+  return native.needsRehash(encoded, toNapiOptions(options));
+}
+function version() {
+  return native.version();
+}
+var index_default = {
+  hash,
+  verify,
+  hashSync,
+  verifySync,
+  hashRaw,
+  hashRawSync,
+  needsRehash,
+  version
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  hash,
+  hashRaw,
+  hashRawSync,
+  hashSync,
+  needsRehash,
+  verify,
+  verifySync,
+  version
+});

package/dist/index.mjs

@@ -0,0 +1,119 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/index.ts
+import { existsSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+var getCurrentDir = () => {
+  try {
+    return dirname(fileURLToPath(import.meta.url));
+  } catch {
+    return __dirname;
+  }
+};
+function loadNativeBinding() {
+  const platform = process.platform;
+  const arch = process.arch;
+  let targetName;
+  switch (platform) {
+    case "darwin":
+      targetName = arch === "arm64" ? "darwin-arm64" : "darwin-x64";
+      break;
+    case "linux":
+      const isMusl = existsSync("/etc/alpine-release") || process.env.npm_config_libc === "musl";
+      if (arch === "arm64") {
+        targetName = isMusl ? "linux-arm64-musl" : "linux-arm64-gnu";
+      } else {
+        targetName = isMusl ? "linux-x64-musl" : "linux-x64-gnu";
+      }
+      break;
+    case "win32":
+      targetName = "win32-x64-msvc";
+      break;
+    default:
+      throw new Error(`Unsupported platform: ${platform}-${arch}`);
+  }
+  const currentDir = getCurrentDir();
+  const possiblePaths = [
+    // Same directory as this file (dist/)
+    join(currentDir, `argon2.${targetName}.node`),
+    // Parent directory (package root)
+    join(currentDir, "..", `argon2.${targetName}.node`),
+    // CWD (development)
+    join(process.cwd(), `argon2.${targetName}.node`)
+  ];
+  for (const modulePath of possiblePaths) {
+    try {
+      if (existsSync(modulePath)) {
+        return __require(modulePath);
+      }
+    } catch {
+      continue;
+    }
+  }
+  throw new Error(
+    `Failed to load native binding for ${platform}-${arch}. Tried: ${possiblePaths.join(", ")}`
+  );
+}
+var native = loadNativeBinding();
+function toNapiOptions(options) {
+  if (!options) return void 0;
+  return {
+    algorithm: options.type,
+    memoryCost: options.memoryCost,
+    timeCost: options.timeCost,
+    parallelism: options.parallelism,
+    hashLength: options.hashLength,
+    salt: options.salt
+  };
+}
+async function hash(password, options) {
+  return native.hash(password, toNapiOptions(options));
+}
+async function verify(encoded, password) {
+  return native.verify(encoded, password);
+}
+function hashSync(password, options) {
+  return native.hashSync(password, toNapiOptions(options));
+}
+function verifySync(encoded, password) {
+  return native.verifySync(encoded, password);
+}
+async function hashRaw(password, options) {
+  return native.hashRaw(password, toNapiOptions(options));
+}
+function hashRawSync(password, options) {
+  return native.hashRawSync(password, toNapiOptions(options));
+}
+function needsRehash(encoded, options) {
+  return native.needsRehash(encoded, toNapiOptions(options));
+}
+function version() {
+  return native.version();
+}
+var index_default = {
+  hash,
+  verify,
+  hashSync,
+  verifySync,
+  hashRaw,
+  hashRawSync,
+  needsRehash,
+  version
+};
+export {
+  index_default as default,
+  hash,
+  hashRaw,
+  hashRawSync,
+  hashSync,
+  needsRehash,
+  verify,
+  verifySync,
+  version
+};

package/dist/types.d.mts

@@ -0,0 +1,98 @@
+/**
+ * bun-argon2 - TypeScript Type Definitions
+ *
+ * @module bun-argon2/types
+ * @author Aissam Irhir <aissamirhir@gmail.com>
+ */
+/**
+ * Argon2 algorithm variant
+ *
+ * - `argon2d`: Data-dependent, vulnerable to side-channel attacks but fastest
+ * - `argon2i`: Data-independent, secure against side-channel attacks
+ * - `argon2id`: Hybrid (recommended), combines benefits of both
+ */
+type Argon2Type = "argon2d" | "argon2i" | "argon2id";
+/**
+ * Argon2 hashing options
+ *
+ * @example
+ * ```typescript
+ * const options: Argon2Options = {
+ *   type: 'argon2id',
+ *   memoryCost: 65536,  // 64MB
+ *   timeCost: 3,
+ *   parallelism: 4,
+ * };
+ * ```
+ */
+interface Argon2Options {
+    /**
+     * Algorithm type
+     * @default 'argon2id'
+     */
+    type?: Argon2Type;
+    /**
+     * Memory cost in KB
+     * Higher values increase security but require more memory
+     * @default 65536 (64MB)
+     */
+    memoryCost?: number;
+    /**
+     * Time cost / iterations
+     * Higher values increase security but take longer
+     * @default 3
+     */
+    timeCost?: number;
+    /**
+     * Parallelism / threads
+     * Number of parallel threads to use
+     * @default 4
+     */
+    parallelism?: number;
+    /**
+     * Hash output length in bytes
+     * @default 32
+     */
+    hashLength?: number;
+    /**
+     * Custom salt as Buffer
+     * If not provided, a secure random salt is generated
+     * @default undefined (auto-generated)
+     */
+    salt?: Buffer;
+}
+/**
+ * Raw hash result containing hash and salt as Buffers
+ *
+ * @example
+ * ```typescript
+ * const result = await hashRaw('password');
+ * console.log(result.hash);  // Buffer
+ * console.log(result.salt);  // Buffer
+ * ```
+ */
+interface RawHashResult {
+    /**
+     * Raw hash bytes
+     */
+    hash: Buffer;
+    /**
+     * Salt used for hashing
+     */
+    salt: Buffer;
+}
+/**
+ * Internal options format for napi bindings
+ * napi-rs converts Rust snake_case to JS camelCase
+ * @internal
+ */
+interface NapiArgon2Options {
+    algorithm?: string;
+    memoryCost?: number;
+    timeCost?: number;
+    parallelism?: number;
+    hashLength?: number;
+    salt?: Buffer;
+}
+
+export type { Argon2Options, Argon2Type, NapiArgon2Options, RawHashResult };

package/dist/types.d.ts

@@ -0,0 +1,98 @@
+/**
+ * bun-argon2 - TypeScript Type Definitions
+ *
+ * @module bun-argon2/types
+ * @author Aissam Irhir <aissamirhir@gmail.com>
+ */
+/**
+ * Argon2 algorithm variant
+ *
+ * - `argon2d`: Data-dependent, vulnerable to side-channel attacks but fastest
+ * - `argon2i`: Data-independent, secure against side-channel attacks
+ * - `argon2id`: Hybrid (recommended), combines benefits of both
+ */
+type Argon2Type = "argon2d" | "argon2i" | "argon2id";
+/**
+ * Argon2 hashing options
+ *
+ * @example
+ * ```typescript
+ * const options: Argon2Options = {
+ *   type: 'argon2id',
+ *   memoryCost: 65536,  // 64MB
+ *   timeCost: 3,
+ *   parallelism: 4,
+ * };
+ * ```
+ */
+interface Argon2Options {
+    /**
+     * Algorithm type
+     * @default 'argon2id'
+     */
+    type?: Argon2Type;
+    /**
+     * Memory cost in KB
+     * Higher values increase security but require more memory
+     * @default 65536 (64MB)
+     */
+    memoryCost?: number;
+    /**
+     * Time cost / iterations
+     * Higher values increase security but take longer
+     * @default 3
+     */
+    timeCost?: number;
+    /**
+     * Parallelism / threads
+     * Number of parallel threads to use
+     * @default 4
+     */
+    parallelism?: number;
+    /**
+     * Hash output length in bytes
+     * @default 32
+     */
+    hashLength?: number;
+    /**
+     * Custom salt as Buffer
+     * If not provided, a secure random salt is generated
+     * @default undefined (auto-generated)
+     */
+    salt?: Buffer;
+}
+/**
+ * Raw hash result containing hash and salt as Buffers
+ *
+ * @example
+ * ```typescript
+ * const result = await hashRaw('password');
+ * console.log(result.hash);  // Buffer
+ * console.log(result.salt);  // Buffer
+ * ```
+ */
+interface RawHashResult {
+    /**
+     * Raw hash bytes
+     */
+    hash: Buffer;
+    /**
+     * Salt used for hashing
+     */
+    salt: Buffer;
+}
+/**
+ * Internal options format for napi bindings
+ * napi-rs converts Rust snake_case to JS camelCase
+ * @internal
+ */
+interface NapiArgon2Options {
+    algorithm?: string;
+    memoryCost?: number;
+    timeCost?: number;
+    parallelism?: number;
+    hashLength?: number;
+    salt?: Buffer;
+}
+
+export type { Argon2Options, Argon2Type, NapiArgon2Options, RawHashResult };

package/dist/types.js

@@ -0,0 +1,18 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/types.ts
+var types_exports = {};
+module.exports = __toCommonJS(types_exports);

package/package.json

@@ -0,0 +1,89 @@
+{
+  "name": "bun-argon2",
+  "version": "1.0.0",
+  "description": "High-performance Argon2 password hashing for Bun and Node.js",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "napi": {
+    "name": "argon2",
+    "triples": {
+      "defaults": true,
+      "additional": [
+        "aarch64-apple-darwin",
+        "aarch64-unknown-linux-gnu",
+        "aarch64-unknown-linux-musl"
+      ]
+    }
+  },
+  "scripts": {
+    "build": "napi build --platform --release",
+    "build:debug": "napi build --platform",
+    "build:ts": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "build:all": "bun run build && bun run build:ts",
+    "prepublishOnly": "napi prepublish -t npm",
+    "test": "bun test",
+    "bench": "bun run benchmarks/bench.ts",
+    "lint": "eslint src",
+    "clean": "rm -rf dist *.node npm"
+  },
+  "keywords": [
+    "argon2",
+    "argon2id",
+    "argon2i",
+    "argon2d",
+    "password",
+    "hash",
+    "hashing",
+    "crypto",
+    "security",
+    "bun",
+    "nodejs",
+    "rust",
+    "napi",
+    "native"
+  ],
+  "author": "Aissam Irhir <aissamirhir@gmail.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nexus-aissam/bun-argon2.git"
+  },
+  "bugs": {
+    "url": "https://github.com/nexus-aissam/bun-argon2/issues"
+  },
+  "homepage": "https://github.com/nexus-aissam/bun-argon2#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@napi-rs/cli": "^2.18.4",
+    "@types/bun": "latest",
+    "argon2": "^0.44.0",
+    "tsup": "^8.4.0",
+    "typescript": "^5.9.0"
+  },
+  "optionalDependencies": {
+    "bun-argon2-win32-x64-msvc": "1.0.0",
+    "bun-argon2-darwin-x64": "1.0.0",
+    "bun-argon2-linux-x64-gnu": "1.0.0",
+    "bun-argon2-darwin-arm64": "1.0.0",
+    "bun-argon2-linux-arm64-gnu": "1.0.0",
+    "bun-argon2-linux-arm64-musl": "1.0.0"
+  }
+}