Verify password hash in nodejs which was generated in php

Replace $2y$ in the hashed password with $2a$，then bcrypt.compare should give you correct result.

var hash = '$2y$08$9TTThrthZhTOcoHELRjuN.3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2';var bcrypt = require('bcrypt');hash = hash.replace(/^\$2y(.+)$/i, '$2a$1');bcrypt.compare("secret", hash, function(err, res) {    console.log(res);});

on ES6:

import bcrypt from 'bcrypt';let hash = '$2y$08$9TTThrthZhTOcoHELRjuN.3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2';hash = hash.replace(/^\$2y(.+)$/i, '$2a$1');bcrypt.compare('secret', hash, function(err, res) {    console.log(res);});

I know this has been answered, but it seems from the comments that a little more detail is required.

Bcrypt hashes produced by the php password_hash() function are split as follows:

$2y$ 08$ 9TTThrthZhTOcoHELRjuN. 3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2

|     |     |                     ||     |     Salt                  Hashed Password|     ||     Algorithm options (cost, in this case)|Algorithm type

It seems from other answers here on SO that while the PHP and Node versions of Bcrypt use different algorithms, the only difference in the hash output is the prefix. So all that is required is, as mentioned by @Sudesh, to swap the $2y$ for a $2a$ and Bob's your uncle.

Sources

http://php.net/manual/en/faq.passwords.php

$2y bcrypt hashes in Node.js

Comparing BCrypt hash between PHP and NodeJS