Since `===` is used to [compare hashes](https://github.com/dcodeIO/bcrypt.js/blob/master/src/bcrypt.js#L199), this library is vulnerable to [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/).
Since
===is used to compare hashes, this library is vulnerable to timing attacks.