simonepri · Cretezy · Nov 24, 2018 · Feb 21, 2019
diff --git a/.appveyor.yml b/.appveyor.yml
@@ -2,9 +2,8 @@ build: off
 version: '{build}'
 environment:
   matrix:
-    - nodejs_version: '10'
-    - nodejs_version: '8'
-    - nodejs_version: '6'
+    - nodejs_version: '11'
+    - nodejs_version: '10.5'
 platform:
   - x86
   - x64

diff --git a/.travis.yml b/.travis.yml
@@ -1,9 +1,8 @@
 sudo: false
 language: node_js
 node_js:
-  - '10'
-  - '8'
-  - '6'
+  - '11'
+  - '10.5'
 os:
   - linux
   - osx

diff --git a/index.js b/index.js
@@ -1,13 +1,19 @@
 /* eslint-disable capitalized-comments,complexity,prefer-destructuring */
 'use strict';
 
-const scrypt = require('scrypt');
+const crypto = require('crypto');
+const util = require('util');
 const tsse = require('tsse');
 const phc = require('@phc/format');
 const gensalt = require('@kdf/salt');
 
+const scryptPromisify = util.promisify(crypto.scrypt);
+
 const MAX_UINT32 = 4294967295; // 2**32 - 1
 
+// Max memory Node can use. Being generous to allow most usages, without abuse.
+const MAX_MEM = 128 * 1024 * 1024;
+
 /**
  * Default configurations used to generate a new hash.
  * @private
@@ -107,12 +113,13 @@ function hash(password, options) {
   const params = {
     N: Math.pow(2, cost),
     r: blocksize,
-    p: parallelism
+    p: parallelism,
+    maxmem: MAX_MEM
   };
   const keylen = 32;
 
   return gensalt(saltSize).then(salt => {
-    return scrypt.hash(password, params, keylen, salt).then(hash => {
+    return scryptPromisify(password, salt, keylen, params).then(hash => {
       const phcstr = phc.serialize({
         id: 'scrypt',
         params: {
@@ -207,7 +214,8 @@ function verify(phcstr, password) {
   const params = {
     N: Math.pow(2, phcobj.params.ln),
     r: phcobj.params.r,
-    p: phcobj.params.p
+    p: phcobj.params.p,
+    maxmem: MAX_MEM
   };
 
   // Salt Validation
@@ -223,7 +231,7 @@ function verify(phcstr, password) {
   const hash = phcobj.hash;
   const keylen = phcobj.hash.byteLength;
 
-  return scrypt.hash(password, params, keylen, salt).then(newhash => {
+  return scryptPromisify(password, salt, keylen, params).then(newhash => {
     const match = tsse(hash, newhash);
     return match;
   });

diff --git a/package.json b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.4",
+  "version": "2.0.0",
   "name": "@phc/scrypt",
   "description": "Node.JS scrypt password hashing algorithm following the PHC string format",
   "license": "MIT",
@@ -48,7 +48,7 @@
     "index.js"
   ],
   "engines": {
-    "node": ">=4"
+    "node": ">=10.5"
   },
   "scripts": {
     "bench": "node bench.js",
@@ -62,7 +62,6 @@
   "dependencies": {
     "@kdf/salt": "^1.0.1",
     "@phc/format": "^0.5.0",
-    "scrypt": "^6.0.3",
     "tsse": "^1.1.4"
   },
   "devDependencies": {

diff --git a/readme.md b/readme.md
@@ -94,6 +94,8 @@ For more details consult the scrypt paper [here][paper].
 npm install --save @phc/scrypt
 ```
 
+> Version 2 and higher requires Node v10.5.
+
 ## Usage
 
 ```js
-Original file line number
+Diff line change
@@ Expand Up / @@ -94,6 +94,8 @@ For more details consult the scrypt paper [here][paper]. @@
     npm install --save @phc/scrypt
     ```
+    > Version 2 and higher requires Node v10.5.
     ## Usage
     ```js
@@ Expand Down @@