Bcrypt is a package used to hash & compare string values. It's mostly used for passwords. It hashes & adds salt to your password making it harder to break. The hash is a scrambled representation of your password. The salt is a unique, random string of characters added to the beginning of the password, before it is hashed, known only to the key, which is the bcrypt package.

Bcrypt.hash() takes 3 parameters. The string that you want to hash. The number of rounds you want to run, known as saltRounds, the more rounds you do, the longer it takes the cpu to make the password, but it is also more difficult to break the password. Lastly, a callback function that takes an error object and the hash you created.

We can compare the original password to the hashed password by using bcrypt.compare(). If the passwords match it will return a boolean value of true, if they don't it will return false.

The first parameter is the original password. The second parameter is the hashed password. The last is a callback function that takes an error object & the result of the match.

I usually use bcrypt with express, whenever I need to compare the username & password of a user. You can use async, await with bcrypt.hash() & bcrypt.compare() to make it cleaner & nicer to look at it.

For more info on bcrypt, you can check out the docs here.