diff --git a/docs/modules/README.md b/docs/modules/README.md
index 1bf15d8..2c84666 100644
--- a/docs/modules/README.md
+++ b/docs/modules/README.md
@@ -81,6 +81,7 @@ ESLint plugin.
 - [`object-hash`](./object-hash.md)
 - [`ora`](./ora.md)
 - [`path-exists`](./path-exists.md)
+- [`pbkdf2`](./pbkdf2.md)
 - [`portal-vue`](./portal-vue.md)
 - [`pkg-dir`](./pkg-dir.md)
 - [`qs`](./qs.md)
diff --git a/docs/modules/pbkdf2.md b/docs/modules/pbkdf2.md
new file mode 100644
index 0000000..4a64819
--- /dev/null
+++ b/docs/modules/pbkdf2.md
@@ -0,0 +1,46 @@
+---
+description: Native alternatives to the pbkdf2 package for secure, iterative password-based key derivation
+---
+
+# Replacements for `pbkdf2`
+
+## `crypto.subtle.deriveBits` (native)
+
+From [`MDN documentation`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveBits#pbkdf2):
+
+```ts
+async function deriveKey(password: string, salt: Uint8Array) {
+  const enc = new TextEncoder()
+  const keyMaterial = await crypto.subtle.importKey(
+    'raw',
+    enc.encode(password),
+    'PBKDF2',
+    false,
+    ['deriveBits']
+  )
+  const derivedBits = await crypto.subtle.deriveBits(
+    { name: 'PBKDF2', salt, iterations: 100000, hash: 'SHA-512' },
+    keyMaterial,
+    256
+  )
+  return new Uint8Array(derivedBits)
+}
+
+const salt = crypto.getRandomValues(new Uint8Array(16))
+const derivedKey = await deriveKey('password', salt)
+```
+
+## `crypto.pbkdf2` (native, since Node.js v0.5.5)
+
+<!-- prettier-ignore -->
+```ts
+import pbkdf2 from 'pbkdf2' // [!code --]
+import * as crypto from 'node:crypto' // [!code ++]
+
+const salt = crypto.getRandomValues(new Uint8Array(16))
+const iterations = 100000
+const keylen = 32
+
+const derivedKey = pbkdf2.pbkdf2Sync('password', salt, iterations, keylen, 'sha512') // [!code --]
+const derivedKey = crypto.pbkdf2Sync('password', salt, iterations, keylen, 'sha512') // [!code ++]
+```
diff --git a/manifests/preferred.json b/manifests/preferred.json
index c12e78e..870c738 100644
--- a/manifests/preferred.json
+++ b/manifests/preferred.json
@@ -2436,6 +2436,12 @@
       "replacements": ["fs.access", "fs.existsSync", "Bun.file"],
       "url": {"type": "e18e", "id": "path-exists"}
     },
+    "pbkdf2": {
+      "type": "module",
+      "moduleName": "pbkdf2",
+      "replacements": ["node:crypto", "crypto"],
+      "url": {"type": "e18e", "id": "pbkdf2"}
+    },
     "pkg-dir": {
       "type": "module",
       "moduleName": "pkg-dir",