2fa-hotp-totp
Advanced tools
Help 
My implementation of 2FA H/TOTP algorithms in TypeScript + base32 encoder for creating links for authenticator programs like Google Authenticator
Read more about otpauth:// links
npm i 2FA-HOTP-TOTP
or
yarn add 2FA-HOTP-TOTP
import { TFA } from '2FA-HOTP-TOTP';
OR
const { TFA } = require('2FA-HOTP-TOTP');
TFA.HOTP.generate({
key: 'test',
counter: 0, // optional
});
// => 941117
TFA.HOTP.validate({
token: '123123', // length must be 6
key: 'test',
window: 1, // optional
counter: 0, // optional
});
// => time-step (number) or null
TFA.TOTP.generate({
key: 'test',
time: 30, // optional
});
// => 432486
TFA.TOTP.validate({
token: '123123', // length must be 6
key: 'test',
window: 1, // optional
time: 30, // optional
});
// => time-step (number) or null
TFA.base32('test');
// => ORSXG5A
All code also covered with JSDoc with links to specifications and its pages
Implementation of RFC 4226
HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))
Arguments (object):
| obj.* | Required | Description | Default |
|---|---|---|---|
key | ✅ | unique secret key for user | |
counter | ❌ | moving factor (read page 6) | 0 |
Returns string of 6 int, because it must be always 6 ing length and first can be zero
Arguments (object):
| obj.* | Required | Description | Default |
|---|---|---|---|
token | ✅ | code, provided by user | |
key | ✅ | unique secret key for user | |
window | ❌ | counter values window | 1 |
counter | ❌ | moving factor (read page 6) | 0 |
Returns null if nothing found or number between -window to +window if same code in steps found
window:For example, if you using TOTP (HOTP with time) with 0 window, only current XX (30 by default) second code will be checked for verification. If you set 1, neighboring seconds code (+30 and -30) also checked.
One more example with time-step 30 sec:
04:20:00 - 04:20:30 will be checked04:19:30 - 04:20:00, 04:20:00 - 04:20:30 and 04:20:30 - 04:21:00 all steps codes (-1, 0, 1) checkedImplementation of RFC 6238
TOTP = HOTP(K, T)
Arguments (object):
| obj.* | Required | Description | Default |
|---|---|---|---|
key | ✅ | unique secret key for user | |
time | ❌ | time-step in seconds (default recomended) | 30 |
Returns string of 6 int, because it must be always 6 ing length and first can be zero
Arguments (object):
| obj.* | Required | Description | Default |
|---|---|---|---|
token | ✅ | code, provided by user | |
key | ✅ | unique secret key for user | |
window | ❌ | counter values window | 1 |
time | ❌ | time-step in seconds (default recomended) | 30 |
Returns null if nothing found or number between -window to +window if same code in steps found
FAQs
Zero dependency HOTP/TOTP 2FA
The npm package 2fa-hotp-totp receives a total of 35 weekly downloads. As such, 2fa-hotp-totp popularity was classified as not popular.
We found that 2fa-hotp-totp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.