npm - ts-packages - Versions diffs - 1.0.0 → 3.0.0 - Mend

ts-packages 1.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (781) hide show

package/packages/security/dist/cjs/core/jwt/jwtManager.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { type JwtPayload, type Secret } from 'jsonwebtoken';
+import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface';
+export declare class JWTManager implements ITokenManager {
+    private accessSecret;
+    private refreshSecret;
+    private accessExpiry;
+    private refreshExpiry;
+    private cache?;
+    private cacheTTL;
+    constructor(config: JWTConfig);
+    /** Generate both access and refresh tokens */
+    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
+    /** Generate access token */
+    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
+    /** Generate refresh token */
+    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
+    /** Verify access token */
+    verifyAccessToken(token: string): Promise<JwtPayload>;
+    /** Verify refresh token */
+    verifyRefreshToken(token: string): Promise<JwtPayload>;
+    /** Decode token without verification */
+    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
+    /** Extract token from Authorization header */
+    extractTokenFromHeader(authHeader: string): string | null;
+    /** Validate token without throwing exceptions */
+    validateToken(token: string, secret: Secret): boolean;
+    /** Rotate refresh token */
+    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
+    /** Check if token is expired */
+    isTokenExpired(token: string): boolean;
+    /** Get token expiration date */
+    getTokenExpiration(token: string): Date | null;
+    /** Clear token cache */
+    clearCache(): void;
+    /** Get cache statistics */
+    getCacheStats(): {
+        size: number;
+        maxSize: number;
+    } | null;
+    /** Private helper methods */
+    private validatePayload;
+    private verifyTokenWithCache;
+}

package/packages/security/dist/cjs/core/jwt/jwtManager.js ADDED Viewed

@@ -0,0 +1,188 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTManager = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const signToken_1 = require("./signToken");
+const verify_1 = require("./verify");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const js_extensions_1 = require("@naman_deep_singh/js-extensions");
+class JWTManager {
+    constructor(config) {
+        this.accessSecret = config.accessSecret;
+        this.refreshSecret = config.refreshSecret;
+        this.accessExpiry = config.accessExpiry || '15m';
+        this.refreshExpiry = config.refreshExpiry || '7d';
+        this.cacheTTL = 5 * 60 * 1000; // 5 minutes
+        if (config.enableCaching) {
+            this.cache = new js_extensions_1.LRUCache(config.maxCacheSize || 100);
+        }
+    }
+    /** Generate both access and refresh tokens */
+    async generateTokens(payload) {
+        try {
+            this.validatePayload(payload);
+            const accessToken = await this.generateAccessToken(payload);
+            const refreshToken = await this.generateRefreshToken(payload);
+            return { accessToken, refreshToken };
+        }
+        catch (error) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
+                throw error;
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate tokens' }, error instanceof Error ? error : undefined);
+        }
+    }
+    /** Generate access token */
+    async generateAccessToken(payload) {
+        try {
+            this.validatePayload(payload);
+            const token = (0, signToken_1.signToken)(payload, this.accessSecret, this.accessExpiry, {
+                algorithm: 'HS256',
+            });
+            return token;
+        }
+        catch (error) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
+                throw error;
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate access token' }, error instanceof Error ? error : undefined);
+        }
+    }
+    /** Generate refresh token */
+    async generateRefreshToken(payload) {
+        try {
+            this.validatePayload(payload);
+            const token = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry, {
+                algorithm: 'HS256',
+            });
+            return token;
+        }
+        catch (error) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
+                throw error;
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate refresh token' }, error instanceof Error ? error : undefined);
+        }
+    }
+    /** Verify access token */
+    async verifyAccessToken(token) {
+        return this.verifyTokenWithCache(token, this.accessSecret, 'access');
+    }
+    /** Verify refresh token */
+    async verifyRefreshToken(token) {
+        return this.verifyTokenWithCache(token, this.refreshSecret, 'refresh');
+    }
+    /** Decode token without verification */
+    decodeToken(token, complete = false) {
+        if (!token || typeof token !== 'string')
+            return null;
+        return jsonwebtoken_1.default.decode(token, { complete });
+    }
+    /** Extract token from Authorization header */
+    extractTokenFromHeader(authHeader) {
+        if (!authHeader || typeof authHeader !== 'string')
+            return null;
+        const parts = authHeader.split(' ');
+        if (parts.length !== 2 || parts[0] !== 'Bearer')
+            return null;
+        return parts[1];
+    }
+    /** Validate token without throwing exceptions */
+    validateToken(token, secret) {
+        if (!token || typeof token !== 'string')
+            return false;
+        return (0, verify_1.safeVerifyToken)(token, secret).valid;
+    }
+    /** Rotate refresh token */
+    async rotateRefreshToken(oldToken) {
+        if (!oldToken || typeof oldToken !== 'string') {
+            throw new errors_utils_1.ValidationError({
+                reason: 'Old refresh token must be a non-empty string',
+            });
+        }
+        const decoded = await this.verifyRefreshToken(oldToken);
+        const payload = { ...decoded };
+        delete payload.iat;
+        delete payload.exp;
+        const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
+        return newToken;
+    }
+    /** Check if token is expired */
+    isTokenExpired(token) {
+        try {
+            const decoded = this.decodeToken(token);
+            if (!decoded || !decoded.exp)
+                return true;
+            return decoded.exp < Math.floor(Date.now() / 1000);
+        }
+        catch {
+            return true;
+        }
+    }
+    /** Get token expiration date */
+    getTokenExpiration(token) {
+        try {
+            const decoded = this.decodeToken(token);
+            if (!decoded || !decoded.exp)
+                return null;
+            return new Date(decoded.exp * 1000);
+        }
+        catch {
+            return null;
+        }
+    }
+    /** Clear token cache */
+    clearCache() {
+        this.cache?.clear();
+    }
+    /** Get cache statistics */
+    getCacheStats() {
+        if (!this.cache)
+            return null;
+        return { size: -1, maxSize: this.cache.maxSize };
+    }
+    /** Private helper methods */
+    validatePayload(payload) {
+        if (!payload || typeof payload !== 'object') {
+            throw new errors_utils_1.ValidationError({
+                reason: 'Payload must be a non-null object',
+            });
+        }
+        if (Object.keys(payload).length === 0) {
+            throw new errors_utils_1.ValidationError({ reason: 'Payload cannot be empty' });
+        }
+    }
+    async verifyTokenWithCache(token, secret, type) {
+        if (!token || typeof token !== 'string') {
+            throw new errors_utils_1.ValidationError({
+                reason: `${type} token must be a non-empty string`,
+            });
+        }
+        const cacheKey = `${type}_${token}`;
+        if (this.cache) {
+            const cached = this.cache.get(cacheKey);
+            if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
+                if (!cached.valid)
+                    throw new errors_utils_1.UnauthorizedError({
+                        reason: `${type} token is invalid or expired`,
+                    });
+                return cached.payload;
+            }
+        }
+        const { valid, payload, error } = (0, verify_1.safeVerifyToken)(token, secret);
+        if (!valid || !payload || typeof payload === 'string') {
+            this.cache?.set(cacheKey, {
+                valid: false,
+                payload: {},
+                timestamp: Date.now(),
+            });
+            throw new errors_utils_1.UnauthorizedError({
+                reason: `${type} token is invalid or expired`,
+                cause: error,
+            });
+        }
+        this.cache?.set(cacheKey, { valid: true, payload, timestamp: Date.now() });
+        return payload;
+    }
+}
+exports.JWTManager = JWTManager;

package/packages/security/dist/cjs/core/jwt/parseDuration.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function parseDuration(input: string \| number): number;

package/packages/security/dist/cjs/core/jwt/parseDuration.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseDuration = parseDuration;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const TIME_UNITS = {
+    s: 1,
+    m: 60,
+    h: 3600,
+    d: 86400,
+    w: 604800,
+};
+function parseDuration(input) {
+    if (typeof input === 'number')
+        return input;
+    const regex = /(\d+)\s*(s|m|h|d|w)/gi;
+    let totalSeconds = 0;
+    let match;
+    while ((match = regex.exec(input)) !== null) {
+        const value = Number.parseInt(match[1], 10);
+        const unit = match[2].toLowerCase();
+        if (!TIME_UNITS[unit]) {
+            throw new errors_utils_1.ValidationError({ reason: `Invalid time unit: ${unit}` });
+        }
+        totalSeconds += value * TIME_UNITS[unit];
+    }
+    if (totalSeconds === 0) {
+        throw new errors_utils_1.ValidationError({ reason: `Invalid expiry format: "${input}"` });
+    }
+    return totalSeconds;
+}

package/packages/security/dist/cjs/core/jwt/signToken.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { type Secret, type SignOptions } from 'jsonwebtoken';
2	+ export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string \| number, options?: SignOptions) => string;

package/packages/security/dist/cjs/core/jwt/signToken.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signToken = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const jsonwebtoken_1 = require("jsonwebtoken");
+const parseDuration_1 = require("./parseDuration");
+function getExpiryTimestamp(seconds) {
+    return Math.floor(Date.now() / 1000) + seconds;
+}
+const signToken = (payload, secret, expiresIn = '1h', options = {}) => {
+    const seconds = (0, parseDuration_1.parseDuration)(expiresIn);
+    if (!seconds || seconds < 10) {
+        throw new errors_utils_1.ValidationError({ reason: 'Token expiry too small' });
+    }
+    const tokenPayload = {
+        ...payload,
+    };
+    if (!('exp' in payload))
+        tokenPayload.exp = getExpiryTimestamp(seconds);
+    if (!('iat' in payload))
+        tokenPayload.iat = Math.floor(Date.now() / 1000);
+    return (0, jsonwebtoken_1.sign)(tokenPayload, secret, {
+        algorithm: 'HS256',
+        ...options,
+    });
+};
+exports.signToken = signToken;

package/packages/security/dist/cjs/core/jwt/types.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { JwtPayload } from 'jsonwebtoken';
+export interface AccessTokenBrand {
+    readonly access: unique symbol;
+}
+export interface RefreshTokenBrand {
+    readonly refresh: unique symbol;
+}
+export type AccessToken = string & AccessTokenBrand;
+export type RefreshToken = string & RefreshTokenBrand;
+export interface TokenPair {
+    accessToken: AccessToken;
+    refreshToken: RefreshToken;
+}
+export interface VerificationResult<T = JwtPayload> {
+    valid: boolean;
+    payload?: T | string;
+    error?: Error;
+}
+export interface TokenValidationOptions {
+    ignoreExpiration?: boolean;
+    ignoreIssuedAt?: boolean;
+}

package/packages/security/dist/cjs/core/jwt/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/packages/security/dist/cjs/core/jwt/validateToken.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { JwtPayload } from 'jsonwebtoken';
+export interface TokenRequirements {
+    requiredFields?: string[];
+    forbiddenFields?: string[];
+    validateTypes?: Record<string, 'string' | 'number' | 'boolean'>;
+}
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): void;
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
+export declare function isTokenExpired(payload: JwtPayload): boolean;

package/packages/security/dist/cjs/core/jwt/validateToken.js ADDED Viewed

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateTokenPayload = validateTokenPayload;
+exports.isTokenExpired = isTokenExpired;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+function validateTokenPayload(payload, rules = { requiredFields: ['exp', 'iat'] }) {
+    const { requiredFields = [], forbiddenFields = [], validateTypes = {}, } = rules;
+    // 1. Required fields
+    for (const field of requiredFields) {
+        if (!(field in payload)) {
+            throw new errors_utils_1.ValidationError({
+                reason: `Missing required field: ${field}`,
+            });
+        }
+    }
+    // 2. Forbidden fields
+    for (const field of forbiddenFields) {
+        if (field in payload) {
+            throw new errors_utils_1.ValidationError({
+                reason: `Forbidden field in token: ${field}`,
+            });
+        }
+    }
+    // 3. Type validation
+    for (const key in validateTypes) {
+        const expectedType = validateTypes[key];
+        if (key in payload && typeof payload[key] !== expectedType) {
+            throw new errors_utils_1.ValidationError({
+                reason: `Invalid type for ${key}. Expected ${expectedType}, got ${typeof payload[key]}`,
+            });
+        }
+    }
+}
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
+function isTokenExpired(payload) {
+    if (!payload.exp)
+        return true;
+    return Date.now() >= payload.exp * 1000;
+}

package/packages/security/dist/cjs/core/jwt/verify.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { type JwtPayload, type Secret, type VerifyOptions } from 'jsonwebtoken';
+import type { VerificationResult } from './types';
+/**
+ * Verify token (throws UnauthorizedError if invalid or expired)
+ */
+export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
+/**
+ * Verify token with options
+ */
+export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => string | JwtPayload;
+/**
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
+ */
+export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
+/**
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
+ */
+export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => VerificationResult;

package/packages/security/dist/cjs/core/jwt/verify.js ADDED Viewed

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.safeVerifyTokenWithOptions = exports.safeVerifyToken = exports.verifyTokenWithOptions = exports.verifyToken = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const jsonwebtoken_1 = require("jsonwebtoken");
+/**
+ * Verify token (throws UnauthorizedError if invalid or expired)
+ */
+const verifyToken = (token, secret) => {
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ reason: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ reason: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ reason: 'Failed to verify token' }, error);
+    }
+};
+exports.verifyToken = verifyToken;
+/**
+ * Verify token with options
+ */
+const verifyTokenWithOptions = (token, secret, options = {}) => {
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret, options);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ reason: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ reason: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ reason: 'Failed to verify token' }, error);
+    }
+};
+exports.verifyTokenWithOptions = verifyTokenWithOptions;
+/**
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
+ */
+const safeVerifyToken = (token, secret) => {
+    try {
+        const decoded = (0, jsonwebtoken_1.verify)(token, secret);
+        return { valid: true, payload: decoded };
+    }
+    catch (error) {
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ reason: 'Token has expired' }, error);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ reason: 'Invalid token' }, error);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ reason: 'Failed to verify token' }, error);
+        }
+        return { valid: false, error: wrappedError };
+    }
+};
+exports.safeVerifyToken = safeVerifyToken;
+/**
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
+ */
+const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
+    try {
+        const decoded = (0, jsonwebtoken_1.verify)(token, secret, options);
+        return { valid: true, payload: decoded };
+    }
+    catch (error) {
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ reason: 'Token has expired' }, error instanceof Error ? error : undefined);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({
+                reason: 'Invalid token',
+            }, error instanceof Error ? error : undefined);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ reason: 'Failed to verify token' }, error instanceof Error ? error : undefined);
+        }
+        return { valid: false, error: wrappedError };
+    }
+};
+exports.safeVerifyTokenWithOptions = safeVerifyTokenWithOptions;

package/packages/security/dist/cjs/core/password/hash.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
+export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/packages/security/dist/cjs/core/password/hash.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashPasswordSync = exports.hashPassword = void 0;
+exports.hashPasswordWithPepper = hashPasswordWithPepper;
+exports.hashPasswordWithPepperSync = hashPasswordWithPepperSync;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const utils_1 = require("./utils");
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+const hashPassword = async (password, saltRounds = 10) => {
+    try {
+        (0, utils_1.ensureValidPassword)(password);
+        const salt = await bcryptjs_1.default.genSalt(saltRounds);
+        return bcryptjs_1.default.hash(password, salt);
+    }
+    catch (error) {
+        throw new errors_utils_1.InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+    }
+};
+exports.hashPassword = hashPassword;
+function hashPasswordWithPepper(password, pepper) {
+    return (0, exports.hashPassword)(password + pepper);
+}
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+const hashPasswordSync = (password, saltRounds = 10) => {
+    try {
+        (0, utils_1.ensureValidPassword)(password);
+        const salt = bcryptjs_1.default.genSaltSync(saltRounds);
+        return bcryptjs_1.default.hashSync(password, salt);
+    }
+    catch (error) {
+        throw new errors_utils_1.InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+    }
+};
+exports.hashPasswordSync = hashPasswordSync;
+function hashPasswordWithPepperSync(password, pepper) {
+    return (0, exports.hashPasswordSync)(password + pepper);
+}

package/packages/security/dist/cjs/core/password/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './hash';
+export * from './strength';
+export * from './verify';

package/packages/security/dist/cjs/core/password/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./hash"), exports);
+__exportStar(require("./strength"), exports);
+__exportStar(require("./verify"), exports);

package/packages/security/dist/cjs/core/password/passwordManager.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { HashedPassword, IPasswordManager, PasswordConfig, PasswordStrength, PasswordValidationResult } from '../../interfaces/password.interface';
+export declare class PasswordManager implements IPasswordManager {
+    private defaultConfig;
+    constructor(config?: PasswordConfig);
+    /**
+     * Hash a password asynchronously using bcrypt
+     */
+    hash(password: string, salt?: string): Promise<HashedPassword>;
+    /**
+     * Verify password against hash and salt
+     */
+    verify(password: string, hash: string, salt: string): Promise<boolean>;
+    /**
+     * Generate a random password
+     */
+    generate(length?: number, options?: PasswordConfig): string;
+    /**
+     * Validate password against configuration
+     */
+    validate(password: string, config?: PasswordConfig): PasswordValidationResult;
+    /**
+     * Check password strength
+     */
+    checkStrength(password: string): PasswordStrength;
+    /**
+     * Check if password hash needs upgrade (saltRounds change)
+     */
+    needsUpgrade(_hash: string, _currentConfig: PasswordConfig): boolean;
+}