Probably the main thing I would change would be to just use pbkdf2 as the hashing algorithm for passphrases. Mostly because it's in the box for node 12+ and also because it's expressly spelled out in the NIST security guidelines. I do use 100k iterations for salted passphrases, and 10m iterations for derived keys for other system encrypted data.
Also worth considering, is that login entry is an easy target for DDoS, so ip/user limiting mitigations are a good idea in practice, redis (sorted sets) is a really good option for this.
In addition, an invalid login attempt should usually have a random 2-3 second wait before returning the failed result, this will (usually) slow down any brute force efforts and mitigate timing attacks.