Modern apps win trust by keeping passwords safe. In this Node.js bcrypt tutorial, you’ll Use bcrypt with Sequelize Models Node.js to hash passwords, verify credentials, and protect your users with clean production-ready patterns.
For small marketplace or a community app, the same rules apply. You’ll set up a Sequelize User model, install bcrypt, use Sequelize hooks for hashing, and handle login flows that feel fast and secure.
Setting Up Sequelize Models
First, create a minimal User model with just an email and a hashed password, keeping the validation tight. Such a structure would work for most real-world use cases, like user signup for a task manager or booking application.
const { Sequelize, DataTypes, Model } = require('sequelize')
const sequelize = new Sequelize('sqlite::memory:')
class User extends Model {}
User.init(
{
email: { type: DataTypes.STRING, allowNull: false, unique: true, validate: { isEmail: true } },
password: { type: DataTypes.STRING, allowNull: false }
},
{ sequelize, modelName: 'User' }
)
module.exports = { sequelize, User }Installing Package
Install the packages you need. For a quick start, SQLite keeps setup simple. Use a different driver if you prefer Postgres or MySQL.
npm init -y
npm install sequelize bcrypt sqlite3This stack covers bcrypt Sequelize models nodejs without extra tooling.
Password Hashing with Bcrypt For Sequelize Model
We will use Sequelize hooks bcrypt to hash the password whenever password changes. This pattern ensures you never store a plain password.
const { Sequelize, DataTypes, Model } = require('sequelize')
const bcrypt = require('bcrypt')
const sequelize = new Sequelize('sqlite::memory:')
class User extends Model {
checkPassword(password) {
return bcrypt.compare(password, this.password)
}
}
User.init(
{
email: { type: DataTypes.STRING, allowNull: false, unique: true, validate: { isEmail: true } },
password: { type: DataTypes.STRING, allowNull: false }
},
{ sequelize, modelName: 'User' }
)
User.addHook('beforeSave', async user => {
if (user.changed('password')) {
user.password = await bcrypt.hash(user.password, 10)
}
})
module.exports = { sequelize, User }In this example, The beforeSave hook hashes on create and on updates. Here, rounds set to 10 balance security and speed. You can call user.checkPassword to verify later.
Handling Authentication Using Bcrypt
Let’s setup basic signup and login. In a real case like a course platform, this lets a new learner create an account and sign in securely.
const express = require('express')
const { sequelize, User } = require('./user')
const app = express()
app.use(express.json())
app.post('/signup', async (req, res) => {
const { email, password } = req.body
const user = await User.create({ email, password })
res.json({ id: user.id, email: user.email })
})
app.post('/login', async (req, res) => {
const { email, password } = req.body
const user = await User.findOne({ where: { email } })
if (!user) return res.status(401).json({ error: 'Invalid credentials' })
const valid = await user.checkPassword(password)
if (!valid) return res.status(401).json({ error: 'Invalid credentials' })
res.json({ id: user.id, email: user.email })
})
;(async () => {
await sequelize.sync()
app.listen(3000)
})()This flow hashes passwords on signup and uses bcrypt to verify on login. You can add rate limiting and sessions or JWT. The core stays the same: hash and verify passwords with bcrypt for every account.
Conclusion
You now know how to use bcrypt with Sequelize Models in Node.js for secure, reliable authentication. You know how to add hooks for automatic hashing, verify with bcrypt.compare, and keep your model clean. This will scale from side projects to production apps with minimal changes.
Looking for a lightweight, Sequelize-free approach? Explore Encrypt Passwords in Node.js Using bcryptjs for a simple guide to installing bcryptjs, encrypting passwords, and verifying hashes in plain Node.js.