A hash function that returns a different value each time is discus.
$ npm install scrypt $ node var scrypt = require("scrypt"); var password = "This is a password"; var maxtime = 0.1; > scrypt.passwordHashSync(password, maxtime); 'c2NyeXB0AAwAAAAIAAAAAcsJRifPlgyGyRJXBPri2HX94TXRfq7b3nMk6Tvt/g0SvW75hiClvpQXRns5j3s2guyTLmYEutdxAIG/Cl354sL2T3fxpUEiiR8ikeZb1nqo' > scrypt.passwordHashSync(password, maxtime); 'c2NyeXB0AAwAAAAIAAAAARuz34A/wtl1LlqY4flxV9cPdYB67l8CK2XCqCAKj3fL/Udc6NcZis2sq8y+ncgtKg5KvIhQ21taKfuH/vpudoenX1LYL9fJ3zl566Nmdixx' > scrypt.passwordHashSync(password, maxtime); 'c2NyeXB0AAwAAAAIAAAAAToTtFiZ9CB18fOf3Mko+OWVPAF9AEmS3xiTIo/8Xu5bWdTDI3KEJ43InLJnfYC3MZoP7xI0dnRazJc1b6X+kTY+JcOYvVg+fU5pml54gOLG'
There is obviously something going on when you have a hash function that returns a different value each time. You're tempted to say that it's broken. You're not yet certain that it's broken, because hey, this is a package on npm that real people seem to use. It's at least highly discus.
The explanation is, the library generates a random salt every time before hashing. It provides a separate function to verify, given a plaintext string, and a salted hash, that the plaintext hashed with the same salt matches that hash. Me, I think I would have probably named the original function saltedPasswordHashSync or something to save idiots like me five minutes puzzling over what was going on, and pestering gwillen about it, who of course figured out quickly what the deal was after skimming the docs a little more closely than I did.
I do rather like how the library is designed to not let me be stupid/lazy and not salt my hashes, though, or to use the same salt for all passwords.