password sending should be a string, there is a probability you send passwords as just numbers
password = await bcrypt.hash(password.toString(), salt);