Critiq Docs
Get started
security.cryptography

Avoid legacy Argon2 password hash modes

Password hashing should not use `argon2i` or `argon2d` when safer modern modes are available.

#Metadata

Rule ID
ts.security.insecure-password-hash-configuration
Severity
high
Confidence
0.9
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
cryptography, password-storage, rules-catalog, security

#Why it matters

Older Argon2 modes are weaker choices for password storage than the modern hybrid mode.

#Remediation

Prefer `argon2id` and keep the password hash configuration aligned with current password-storage guidance.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.insecure-password-hash-configuration.rule.yaml.

Back to registryOpen rule in repository