s3db.js 13.4.0 → 13.6.0

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "s3db.js",
-  "version": "13.4.0",
+  "version": "13.6.0",
   "description": "Use AWS S3, the world's most reliable document storage, as a database with this ORM.",
-  "main": "dist/s3db.cjs.js",
+  "main": "dist/s3db.cjs",
   "module": "dist/s3db.es.js",
   "types": "dist/s3db.d.ts",
   "author": "@stone/martech",
@@ -51,12 +51,16 @@
     ".": {
       "types": "./dist/s3db.d.ts",
       "import": "./dist/s3db.es.js",
-      "require": "./dist/s3db.cjs.js"
+      "require": "./dist/s3db.cjs"
     },
     "./typescript-generator": {
       "types": "./src/concerns/typescript-generator.d.ts",
       "import": "./src/concerns/typescript-generator.js",
       "require": "./src/concerns/typescript-generator.js"
+    },
+    "./concerns/guards-helpers": {
+      "import": "./src/concerns/guards-helpers.js",
+      "require": "./src/concerns/guards-helpers.js"
     }
   },
   "files": [
@@ -70,12 +74,13 @@
     "UNLICENSE"
   ],
   "dependencies": {
-    "@aws-sdk/client-s3": "^3.914.0",
-    "@modelcontextprotocol/sdk": "^1.20.1",
-    "@smithy/node-http-handler": "^4.4.2",
+    "@aws-sdk/client-s3": "^3.920.0",
+    "@aws-sdk/credential-providers": "^3.920.0",
+    "@aws-sdk/s3-request-presigner": "^3.920.0",
+    "@modelcontextprotocol/sdk": "^1.20.2",
+    "@smithy/node-http-handler": "^4.4.3",
     "@supercharge/promise-pool": "^3.2.0",
     "dotenv": "^17.2.3",
-    "express": "^5.1.0",
     "fastest-validator": "^1.19.1",
     "flat": "^6.0.1",
     "glob": "^11.0.3",
@@ -84,25 +89,165 @@
     "nanoid": "5.1.6"
   },
   "peerDependencies": {
+    "@aws-sdk/client-acm": "^3.0.0",
+    "@aws-sdk/client-api-gateway": "^3.0.0",
+    "@aws-sdk/client-apigatewayv2": "^3.0.0",
+    "@aws-sdk/client-backup": "^3.0.0",
+    "@aws-sdk/client-cloudfront": "^3.0.0",
+    "@aws-sdk/client-cloudtrail": "^3.0.0",
+    "@aws-sdk/client-cloudwatch": "^3.0.0",
+    "@aws-sdk/client-cloudwatch-logs": "^3.0.0",
+    "@aws-sdk/client-cognito-identity-provider": "^3.0.0",
+    "@aws-sdk/client-config-service": "^3.0.0",
+    "@aws-sdk/client-dynamodb": "^3.0.0",
+    "@aws-sdk/client-ec2": "^3.0.0",
+    "@aws-sdk/client-ecr": "^3.0.0",
+    "@aws-sdk/client-ecs": "^3.0.0",
+    "@aws-sdk/client-efs": "^3.0.0",
+    "@aws-sdk/client-eks": "^3.0.0",
+    "@aws-sdk/client-elastic-load-balancing": "^3.0.0",
+    "@aws-sdk/client-elastic-load-balancing-v2": "^3.0.0",
+    "@aws-sdk/client-elasticache": "^3.0.0",
+    "@aws-sdk/client-eventbridge": "^3.0.0",
+    "@aws-sdk/client-iam": "^3.0.0",
+    "@aws-sdk/client-kinesis": "^3.0.0",
+    "@aws-sdk/client-kms": "^3.0.0",
+    "@aws-sdk/client-lambda": "^3.0.0",
+    "@aws-sdk/client-rds": "^3.0.0",
+    "@aws-sdk/client-route-53": "^3.0.0",
+    "@aws-sdk/client-secrets-manager": "^3.0.0",
+    "@aws-sdk/client-sfn": "^3.0.0",
+    "@aws-sdk/client-sns": "^3.0.0",
     "@aws-sdk/client-sqs": "^3.0.0",
+    "@aws-sdk/client-ssm": "^3.0.0",
+    "@aws-sdk/client-sts": "^3.0.0",
+    "@aws-sdk/client-waf": "^3.0.0",
+    "@aws-sdk/client-wafv2": "^3.0.0",
     "@google-cloud/bigquery": "^7.0.0",
+    "google-auth-library": "^9.0.0 || ^10.0.0",
     "@hono/node-server": "^1.0.0",
-    "@hono/swagger-ui": "^0.5.0",
+    "@hono/swagger-ui": "^0.5.2",
     "@libsql/client": "^0.14.0",
     "@planetscale/database": "^1.0.0",
     "@tensorflow/tfjs-node": "^4.0.0",
     "amqplib": "^0.10.8",
+    "bcrypt": "^5.0.0 || ^6.0.0",
+    "express": "^4.0.0 || ^5.0.0",
     "hono": "^4.0.0",
+    "jose": "^5.0.0 || ^6.0.0",
     "node-cron": "^4.0.0",
+    "nodemailer": "^6.0.0 || ^7.0.0",
     "pg": "^8.0.0"
   },
   "peerDependenciesMeta": {
+    "@aws-sdk/client-acm": {
+      "optional": true
+    },
+    "@aws-sdk/client-api-gateway": {
+      "optional": true
+    },
+    "@aws-sdk/client-apigatewayv2": {
+      "optional": true
+    },
+    "@aws-sdk/client-backup": {
+      "optional": true
+    },
+    "@aws-sdk/client-cloudfront": {
+      "optional": true
+    },
+    "@aws-sdk/client-cloudtrail": {
+      "optional": true
+    },
+    "@aws-sdk/client-cloudwatch": {
+      "optional": true
+    },
+    "@aws-sdk/client-cloudwatch-logs": {
+      "optional": true
+    },
+    "@aws-sdk/client-cognito-identity-provider": {
+      "optional": true
+    },
+    "@aws-sdk/client-config-service": {
+      "optional": true
+    },
+    "@aws-sdk/client-dynamodb": {
+      "optional": true
+    },
+    "@aws-sdk/client-ec2": {
+      "optional": true
+    },
+    "@aws-sdk/client-ecr": {
+      "optional": true
+    },
+    "@aws-sdk/client-ecs": {
+      "optional": true
+    },
+    "@aws-sdk/client-efs": {
+      "optional": true
+    },
+    "@aws-sdk/client-eks": {
+      "optional": true
+    },
+    "@aws-sdk/client-elasticache": {
+      "optional": true
+    },
+    "@aws-sdk/client-elastic-load-balancing": {
+      "optional": true
+    },
+    "@aws-sdk/client-elastic-load-balancing-v2": {
+      "optional": true
+    },
+    "@aws-sdk/client-eventbridge": {
+      "optional": true
+    },
+    "@aws-sdk/client-iam": {
+      "optional": true
+    },
+    "@aws-sdk/client-kinesis": {
+      "optional": true
+    },
+    "@aws-sdk/client-kms": {
+      "optional": true
+    },
+    "@aws-sdk/client-lambda": {
+      "optional": true
+    },
+    "@aws-sdk/client-rds": {
+      "optional": true
+    },
+    "@aws-sdk/client-route-53": {
+      "optional": true
+    },
+    "@aws-sdk/client-secrets-manager": {
+      "optional": true
+    },
+    "@aws-sdk/client-sfn": {
+      "optional": true
+    },
+    "@aws-sdk/client-sns": {
+      "optional": true
+    },
     "@aws-sdk/client-sqs": {
       "optional": true
     },
+    "@aws-sdk/client-ssm": {
+      "optional": true
+    },
+    "@aws-sdk/client-sts": {
+      "optional": true
+    },
+    "@aws-sdk/client-waf": {
+      "optional": true
+    },
+    "@aws-sdk/client-wafv2": {
+      "optional": true
+    },
     "@google-cloud/bigquery": {
       "optional": true
     },
+    "google-auth-library": {
+      "optional": true
+    },
     "@hono/node-server": {
       "optional": true
     },
@@ -118,48 +263,99 @@
     "@tensorflow/tfjs-node": {
       "optional": true
     },
-    "pg": {
+    "amqplib": {
       "optional": true
     },
-    "amqplib": {
+    "bcrypt": {
+      "optional": true
+    },
+    "express": {
       "optional": true
     },
     "hono": {
       "optional": true
     },
+    "jose": {
+      "optional": true
+    },
     "node-cron": {
       "optional": true
+    },
+    "nodemailer": {
+      "optional": true
+    },
+    "pg": {
+      "optional": true
     }
   },
   "devDependencies": {
-    "@aws-sdk/client-sqs": "^3.914.0",
-    "@babel/core": "^7.28.4",
-    "@babel/preset-env": "^7.28.3",
+    "@aws-sdk/client-acm": "^3.920.0",
+    "@aws-sdk/client-api-gateway": "^3.920.0",
+    "@aws-sdk/client-apigatewayv2": "^3.920.0",
+    "@aws-sdk/client-backup": "^3.920.0",
+    "@aws-sdk/client-cloudfront": "^3.920.0",
+    "@aws-sdk/client-cloudtrail": "^3.920.0",
+    "@aws-sdk/client-cloudwatch": "^3.920.0",
+    "@aws-sdk/client-cloudwatch-logs": "^3.920.0",
+    "@aws-sdk/client-cognito-identity-provider": "^3.920.0",
+    "@aws-sdk/client-config-service": "^3.920.0",
+    "@aws-sdk/client-dynamodb": "^3.920.0",
+    "@aws-sdk/client-ec2": "^3.920.0",
+    "@aws-sdk/client-ecr": "^3.920.0",
+    "@aws-sdk/client-ecs": "^3.920.0",
+    "@aws-sdk/client-efs": "^3.920.0",
+    "@aws-sdk/client-eks": "^3.920.0",
+    "@aws-sdk/client-elastic-load-balancing": "^3.920.0",
+    "@aws-sdk/client-elastic-load-balancing-v2": "^3.920.0",
+    "@aws-sdk/client-elasticache": "^3.920.0",
+    "@aws-sdk/client-eventbridge": "^3.920.0",
+    "@aws-sdk/client-iam": "^3.920.0",
+    "@aws-sdk/client-kinesis": "^3.920.0",
+    "@aws-sdk/client-kms": "^3.920.0",
+    "@aws-sdk/client-lambda": "^3.920.0",
+    "@aws-sdk/client-rds": "^3.920.0",
+    "@aws-sdk/client-route-53": "^3.920.0",
+    "@aws-sdk/client-secrets-manager": "^3.920.0",
+    "@aws-sdk/client-sfn": "^3.920.0",
+    "@aws-sdk/client-sns": "^3.920.0",
+    "@aws-sdk/client-sqs": "^3.920.0",
+    "@aws-sdk/client-ssm": "^3.920.0",
+    "@aws-sdk/client-sts": "^3.920.0",
+    "@aws-sdk/client-waf": "^3.920.0",
+    "@aws-sdk/client-wafv2": "^3.920.0",
+    "@babel/core": "^7.28.5",
+    "@babel/preset-env": "^7.28.5",
     "@google-cloud/bigquery": "^7.9.4",
-    "@hono/node-server": "^1.13.7",
-    "@hono/swagger-ui": "^0.5.3",
+    "@hono/node-server": "^1.19.5",
+    "@hono/swagger-ui": "^0.5.2",
     "@libsql/client": "^0.14.0",
     "@planetscale/database": "^1.19.0",
-    "@rollup/plugin-commonjs": "^28.0.8",
+    "@rollup/plugin-commonjs": "^28.0.9",
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^16.0.3",
-    "@rollup/plugin-replace": "^6.0.2",
+    "@rollup/plugin-replace": "^6.0.3",
     "@rollup/plugin-terser": "^0.4.4",
     "@tensorflow/tfjs-node": "^4.22.0",
     "@types/node": "24.7.0",
     "@xenova/transformers": "^2.17.2",
-    "@yao-pkg/pkg": "^6.9.0",
+    "@yao-pkg/pkg": "^6.10.0",
     "amqplib": "^0.10.9",
     "babel-loader": "^10.0.0",
+    "bcrypt": "^6.0.0",
     "chalk": "^5.6.2",
     "cli-table3": "^0.6.5",
-    "commander": "^14.0.1",
+    "commander": "^14.0.2",
     "esbuild": "^0.25.11",
-    "hono": "^4.7.11",
+    "express": "^5.1.0",
+    "google-auth-library": "^10.4.2",
+    "hono": "^4.10.4",
     "inquirer": "^12.10.0",
     "jest": "^30.2.0",
+    "jose": "^6.1.0",
     "node-cron": "^4.2.1",
     "node-loader": "^2.1.0",
+    "nodemailer": "^7.0.10",
+    "nodemon": "^3.1.10",
     "ora": "^9.0.0",
     "pg": "^8.16.3",
     "rollup": "^4.52.5",
@@ -188,7 +384,7 @@
     "test:js": "node --no-warnings --experimental-vm-modules node_modules/jest/bin/jest.js",
     "test:quick": "node --no-warnings --experimental-vm-modules node_modules/jest/bin/jest.js --maxWorkers=2 --bail",
     "test:ts": "tsc --noEmit --project tests/typescript/tsconfig.json",
-    "test:coverage": "node --no-warnings --experimental-vm-modules node_modules/jest/bin/jest.js --coverage --maxWorkers=1",
+    "test:coverage": "pnpm run test:js -- --coverage --runInBand && pnpm run test:ts",
     "test:serial": "node --no-warnings --experimental-vm-modules node_modules/jest/bin/jest.js --runInBand",
     "test:plugins": "node --no-warnings --experimental-vm-modules node_modules/jest/bin/jest.js tests/plugins/ --testTimeout=60000",
     "test:full": "pnpm run test:js && pnpm run test:ts",
@@ -198,7 +394,7 @@
     "validate:types": "pnpm run test:ts && echo 'TypeScript definitions are valid!'",
     "test:ts:runtime": "tsx tests/typescript/types-runtime-simple.ts",
     "test:mcp": "node mcp/entrypoint.js --help",
-    "install:peers": "pnpm add -D @aws-sdk/client-sqs @google-cloud/bigquery @hono/node-server @hono/swagger-ui @libsql/client @planetscale/database @tensorflow/tfjs-node amqplib hono node-cron pg",
+    "install:peers": "pnpm add -D @aws-sdk/client-acm @aws-sdk/client-api-gateway @aws-sdk/client-apigatewayv2 @aws-sdk/client-backup @aws-sdk/client-cloudfront @aws-sdk/client-cloudtrail @aws-sdk/client-cloudwatch @aws-sdk/client-cloudwatch-logs @aws-sdk/client-cognito-identity-provider @aws-sdk/client-config-service @aws-sdk/client-dynamodb @aws-sdk/client-ec2 @aws-sdk/client-ecr @aws-sdk/client-ecs @aws-sdk/client-efs @aws-sdk/client-eks @aws-sdk/client-elasticache @aws-sdk/client-elastic-load-balancing @aws-sdk/client-elastic-load-balancing-v2 @aws-sdk/client-eventbridge @aws-sdk/client-iam @aws-sdk/client-kinesis @aws-sdk/client-kms @aws-sdk/client-lambda @aws-sdk/client-rds @aws-sdk/client-route-53 @aws-sdk/client-secrets-manager @aws-sdk/client-sfn @aws-sdk/client-sns @aws-sdk/client-sqs @aws-sdk/client-ssm @aws-sdk/client-sts @aws-sdk/client-waf @aws-sdk/client-wafv2 @google-cloud/bigquery google-auth-library @hono/node-server @hono/swagger-ui @libsql/client @planetscale/database @tensorflow/tfjs-node amqplib bcrypt express hono jose node-cron nodemailer pg",
     "install:peers:script": "./scripts/install-peer-deps.sh"
   }
 }

package/src/concerns/id.js

@@ -1,8 +1,92 @@
-import { customAlphabet, urlAlphabet } from 'nanoid'
+import { randomFillSync } from 'node:crypto';
 
-export const idGenerator = customAlphabet(urlAlphabet, 22)
+// Fallback URL alphabet taken from nanoid's source. Using it keeps generated IDs stable
+// even while we await the official nanoid implementation to load.
+const FALLBACK_URL_ALPHABET =
+  'useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict';
 
-// Password generator using nanoid with custom alphabet for better readability
-// Excludes similar characters (0, O, 1, l, I) to avoid confusion
-const passwordAlphabet = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789'
-export const passwordGenerator = customAlphabet(passwordAlphabet, 16)
+// Password generator using nanoid-style alphabet, excluding visually similar characters.
+const PASSWORD_ALPHABET = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789';
+
+const POOL_SIZE_MULTIPLIER = 128;
+let pool;
+let poolOffset = 0;
+
+function fillPool(bytes) {
+  if (!pool || pool.length < bytes) {
+    pool = Buffer.allocUnsafe(bytes * POOL_SIZE_MULTIPLIER);
+    randomFillSync(pool);
+    poolOffset = 0;
+  } else if (poolOffset + bytes > pool.length) {
+    randomFillSync(pool);
+    poolOffset = 0;
+  }
+  poolOffset += bytes;
+}
+
+function randomFromPool(bytes) {
+  fillPool((bytes |= 0));
+  return pool.subarray(poolOffset - bytes, poolOffset);
+}
+
+function customRandomFallback(alphabet, defaultSize, getRandom) {
+  const mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1;
+  const step = Math.ceil((1.6 * mask * defaultSize) / alphabet.length);
+
+  return (size = defaultSize) => {
+    if (!size) return '';
+
+    let id = '';
+    while (true) {
+      const bytes = getRandom(step);
+      let i = step;
+      while (i--) {
+        id += alphabet[bytes[i] & mask] || '';
+        if (id.length >= size) return id;
+      }
+    }
+  };
+}
+
+function customAlphabetFallback(alphabet, size = 21) {
+  return customRandomFallback(alphabet, size, randomFromPool);
+}
+
+let activeCustomAlphabet = customAlphabetFallback;
+let activeUrlAlphabet = FALLBACK_URL_ALPHABET;
+let idGeneratorImpl = activeCustomAlphabet(activeUrlAlphabet, 22);
+let passwordGeneratorImpl = activeCustomAlphabet(PASSWORD_ALPHABET, 16);
+let nanoidInitializationError = null;
+
+const nanoidReadyPromise = import('nanoid')
+  .then((mod) => {
+    const resolvedCustomAlphabet = mod?.customAlphabet ?? activeCustomAlphabet;
+    const resolvedUrlAlphabet = mod?.urlAlphabet ?? activeUrlAlphabet;
+
+    activeCustomAlphabet = resolvedCustomAlphabet;
+    activeUrlAlphabet = resolvedUrlAlphabet;
+    idGeneratorImpl = activeCustomAlphabet(activeUrlAlphabet, 22);
+    passwordGeneratorImpl = activeCustomAlphabet(PASSWORD_ALPHABET, 16);
+  })
+  .catch((error) => {
+    nanoidInitializationError = error;
+    if (typeof process !== 'undefined' && process?.env?.S3DB_DEBUG) {
+      console.warn('[s3db] Failed to dynamically import "nanoid". Using fallback implementation.', error);
+    }
+  });
+
+export function initializeNanoid() {
+  return nanoidReadyPromise;
+}
+
+export function getNanoidInitializationError() {
+  return nanoidInitializationError;
+}
+
+export const idGenerator = (...args) => idGeneratorImpl(...args);
+
+export const passwordGenerator = (...args) => passwordGeneratorImpl(...args);
+
+export const getUrlAlphabet = () => activeUrlAlphabet;
+
+export const createCustomGenerator = (alphabet, size) => activeCustomAlphabet(alphabet, size);

package/src/concerns/index.js

@@ -1,5 +1,6 @@
 export * from './base62.js';
-export * from './calculator.js'; 
+export * from './calculator.js';
 export * from './crypto.js';
+export * from './password-hashing.js';
 export * from './id.js';
 export * from './try-fn.js';

package/src/concerns/password-hashing.js

@@ -0,0 +1,150 @@
+/**
+ * Password Hashing with bcrypt
+ *
+ * Provides secure one-way password hashing with space optimization.
+ * Bcrypt hashes are 60 bytes, but we compact them to 52 bytes by removing
+ * the version/rounds prefix ($2b$10$) which we can reconstruct.
+ */
+
+import bcrypt from 'bcrypt';
+
+/**
+ * Hash a password using bcrypt (synchronous)
+ * @param {string} password - Plaintext password
+ * @param {number} [rounds=10] - Bcrypt cost factor (4-31, default 10)
+ * @returns {string} Bcrypt hash (60 bytes)
+ */
+export function hashPasswordSync(password, rounds = 10) {
+  if (!password || typeof password !== 'string') {
+    throw new Error('Password must be a non-empty string');
+  }
+
+  if (rounds < 4 || rounds > 31) {
+    throw new Error('Bcrypt rounds must be between 4 and 31');
+  }
+
+  return bcrypt.hashSync(password, rounds);
+}
+
+/**
+ * Hash a password using bcrypt
+ * @param {string} password - Plaintext password
+ * @param {number} [rounds=10] - Bcrypt cost factor (4-31, default 10)
+ * @returns {Promise<string>} Bcrypt hash (60 bytes)
+ */
+export async function hashPassword(password, rounds = 10) {
+  if (!password || typeof password !== 'string') {
+    throw new Error('Password must be a non-empty string');
+  }
+
+  if (rounds < 4 || rounds > 31) {
+    throw new Error('Bcrypt rounds must be between 4 and 31');
+  }
+
+  return await bcrypt.hash(password, rounds);
+}
+
+/**
+ * Verify a password against a bcrypt hash
+ * @param {string} plaintext - Plaintext password to verify
+ * @param {string} hash - Bcrypt hash (can be full 60-byte or compact 52-byte)
+ * @returns {Promise<boolean>} True if password matches
+ */
+export async function verifyPassword(plaintext, hash) {
+  if (!plaintext || typeof plaintext !== 'string') {
+    return false;
+  }
+
+  if (!hash || typeof hash !== 'string') {
+    return false;
+  }
+
+  try {
+    // If hash doesn't start with $, it's compacted - expand it first
+    const fullHash = hash.startsWith('$') ? hash : expandHash(hash);
+    return await bcrypt.compare(plaintext, fullHash);
+  } catch (error) {
+    // Invalid hash format
+    return false;
+  }
+}
+
+/**
+ * Compact a bcrypt hash by removing the prefix
+ *
+ * Bcrypt format: $2b$10$saltsaltsaltsaltsalthashhashhashhashhashhashhashh
+ * Compacted:     saltsaltsaltsaltsalthashhashhashhashhashhashhashh
+ *
+ * Saves 7 bytes (11.6% reduction: 60 → 53 bytes)
+ *
+ * @param {string} bcryptHash - Full bcrypt hash (60 bytes)
+ * @returns {string} Compacted hash (53 bytes)
+ */
+export function compactHash(bcryptHash) {
+  if (!bcryptHash || typeof bcryptHash !== 'string') {
+    throw new Error('Invalid bcrypt hash');
+  }
+
+  // Bcrypt format: $2a$10$ or $2b$10$ or $2y$10$
+  if (!bcryptHash.startsWith('$2')) {
+    throw new Error('Not a valid bcrypt hash');
+  }
+
+  // Remove prefix (e.g., "$2b$10$")
+  const parts = bcryptHash.split('$');
+  if (parts.length !== 4) {
+    throw new Error('Invalid bcrypt hash format');
+  }
+
+  // Return just the salt+hash part (last element after split)
+  return parts[3];
+}
+
+/**
+ * Expand a compacted bcrypt hash by restoring the prefix
+ *
+ * @param {string} compactHash - Compacted hash (53 bytes)
+ * @param {number} [rounds=10] - Bcrypt rounds used (default 10)
+ * @returns {string} Full bcrypt hash (60 bytes)
+ */
+export function expandHash(compactHash, rounds = 10) {
+  if (!compactHash || typeof compactHash !== 'string') {
+    throw new Error('Invalid compacted hash');
+  }
+
+  // If it's already a full hash, return as-is
+  if (compactHash.startsWith('$')) {
+    return compactHash;
+  }
+
+  // Reconstruct prefix: $2b${rounds}$
+  const roundsStr = rounds.toString().padStart(2, '0');
+  return `$2b$${roundsStr}$${compactHash}`;
+}
+
+/**
+ * Check if a string is a bcrypt hash (full or compact)
+ * @param {string} str - String to check
+ * @returns {boolean} True if it looks like a bcrypt hash
+ */
+export function isBcryptHash(str) {
+  if (!str || typeof str !== 'string') {
+    return false;
+  }
+
+  // Full hash: starts with $2
+  if (str.startsWith('$2')) {
+    return str.length === 60;
+  }
+
+  // Compact hash: 53 characters (22 salt + 31 hash)
+  return str.length === 53;
+}
+
+export default {
+  hashPassword,
+  verifyPassword,
+  compactHash,
+  expandHash,
+  isBcryptHash
+};

package/src/database.class.js

@@ -66,6 +66,7 @@ export class Database extends EventEmitter {
     this.plugins = this.pluginRegistry; // Alias for plugin registry
     this.cache = options.cache;
     this.passphrase = options.passphrase || "secret";
+    this.bcryptRounds = options.bcryptRounds || 10;
     this.versioningEnabled = options.versioningEnabled || false;
     this.persistHooks = options.persistHooks || false; // New configuration for hook persistence
     this.strictValidation = options.strictValidation !== false; // Enable strict validation by default
@@ -235,6 +236,7 @@ export class Database extends EventEmitter {
           behavior: versionData.behavior || 'user-managed',
           parallelism: this.parallelism,
           passphrase: this.passphrase,
+          bcryptRounds: this.bcryptRounds,
           observers: [this],
           cache: this.cache,
           timestamps: versionData.timestamps !== undefined ? versionData.timestamps : false,
@@ -967,6 +969,7 @@ export class Database extends EventEmitter {
       client: this.client,
       version: existingResource.version,
       passphrase: this.passphrase,
+      bcryptRounds: this.bcryptRounds,
       versioningEnabled: this.versioningEnabled
     });
     
@@ -1091,7 +1094,7 @@ export class Database extends EventEmitter {
       if (!existingVersionData || existingVersionData.hash !== newHash) {
         await this.uploadMetadataFile();
       }
-      this.emit("s3db.resourceUpdated", name);
+      this.emit("db:resource-updated", name);
       return existingResource;
     }
     const existingMetadata = this.savedMetadata?.resources?.[name];
@@ -1104,6 +1107,7 @@ export class Database extends EventEmitter {
       behavior,
       parallelism: this.parallelism,
       passphrase: config.passphrase !== undefined ? config.passphrase : this.passphrase,
+      bcryptRounds: config.bcryptRounds !== undefined ? config.bcryptRounds : this.bcryptRounds,
       observers: [this],
       cache: config.cache !== undefined ? config.cache : this.cache,
       timestamps: config.timestamps !== undefined ? config.timestamps : false,
@@ -1131,7 +1135,7 @@ export class Database extends EventEmitter {
     }
 
     await this.uploadMetadataFile();
-    this.emit("s3db.resourceCreated", name);
+    this.emit("db:resource-created", name);
     return resource;
   }