from the link: "I want to make sure that the Node / io community has a password security library they can trust. In 2013, I researched all of the libs I could find and found serious security flaws in all of them. I know it's impossible to make it perfect, but we need to ensure that there is something that at least raises the bar enough that a random script kiddie can't cause multi-million dollar disaster, PR nightmares, and personal loss to users.<p>I'm not a password security expert. I'm asking for your help. This has already been reviewed by many security experts, but I know there is room for improvement, and I want to make sure that users have a clear indication about which library author they can count on to really work to make their users more secure. Please review this code carefully. Attack it with everything you've got, and then file issues here. I'll give you public credit, and you'll be helping millions of people have a more security online profile."