Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@spoonly/otpm
Advanced tools
@spoonly/otpm
OTPm is a lightweight and efficient command-line two-factor authentication passcode generator, focusing on the generation and management of TOTP one-time passcodes.
OTPm
OTPm 是一款轻量、高效的命令行两步验证密码器,专注于 TOTP 动态口令的生成与管理。无需图形界面,即可快速安全地生成一次性密码,为各类平台账号提供二次身份验证保护。
支持密钥导入、多账户管理、自动刷新令牌与本地加密存储,兼顾安全与便捷,适合开发者、运维人员与注重隐私的用户在终端环境下快速使用两步验证能力。
Installation
npm install -g @spoonly/otpm
# or
pnpm add -g @spoonly/otpm
Commands
Account Management
| Command | Alias | Description |
|---|---|---|
otpm add | a | 添加账户(手动输入 或 otpauth:// URI) |
otpm delete [account] | del | 删除账户 |
otpm rename [account] | mv | 重命名账户 |
otpm info [account] | i | 查看账户详细配置 |
OTP Generation
| Command | Alias | Description |
|---|---|---|
otpm list | ls | 列出所有账户及当前 OTP 码 |
otpm generate [account] | g | 生成指定账户的 OTP |
Backup & Restore
| Command | Alias | Description |
|---|---|---|
otpm export [file] | — | 导出账户备份(明文或加密) |
otpm import [file] | — | 从备份文件导入账户 |
Usage
添加账户
otpm add
支持两种方式:
- 手动输入:依次填写账户名、issuer(平台名)和 secret,其余参数自动使用主流默认值
- otpauth:// URI:直接粘贴扫码后的 URI 一键导入
生成 OTP
# 交互式选择账户
otpm generate
# 直接指定账户
otpm generate "GitHub:alice@example.com"
# 生成并复制到剪贴板
otpm generate --copy
# 自动刷新(每个周期更新)
otpm generate --watch
列出所有账户
# 一次性列出
otpm list
# 持续刷新所有 TOTP 码
otpm list --watch
备份与恢复
# 导出(可选加密)
otpm export
otpm export my-backup.json
# 导入(自动识别加密备份)
otpm import
otpm import my-backup.json
Security
- 本地存储文件基于机器信息派生密钥,使用 AES 加密,secret 不会明文落盘
- 加密导出使用 AES-256-CBC + scrypt 密钥派生,需要用户设置独立密码
- 导出的明文备份文件请妥善保管
Release
首次发布需手动执行 pnpm publish 在 npm 创建包,然后前往 https://www.npmjs.com/package/otpm/access 配置 GitHub Trusted Publisher。
后续发布执行 pnpm run release,GitHub Actions 会自动完成发布流程。
License
FAQs
OTPm is a lightweight and efficient command-line two-factor authentication passcode generator, focusing on the generation and management of TOTP one-time passcodes.
The npm package @spoonly/otpm receives a total of 26 weekly downloads. As such, @spoonly/otpm popularity was classified as not popular.
We found that @spoonly/otpm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Apr 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
By John Tuckner - Jun 18, 2026
Product
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
By John Tuckner - Jun 17, 2026