New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@certchip/jsotp

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
Package was removed
Sorry, it seems this package was removed from the registry

@certchip/jsotp

Javascript One-Time Password module.

latest
Source
npmnpm
Version
1.0.5
Version published
Maintainers
1
Created
Source

Source

This project is based on LanceGin's jsotp project 1.0.4 and is a modified version with the following contents.

  • Add Digits: 4, 5, 6, 7, 8, 9, 10 and more
  • Add Digest : SHA-1, SHA-256, SHA-512

jsotp

jsotp is a node module to generate and verify one-time passwords that were used to implement 2FA and MFA authentication method in web applications and other login-required systems.

The module was implement based on RFC4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and RFC6238 (TOTP: Time-Based One-Time Password Algorithm)

Example

Feature

  • Generate random base32 encoded string
  • Generate a otpauth url with the b32 encoded string
  • Create a HOTP object with verification
  • Verify a HOTP token
  • Create a TOTP object with verification
  • Verify a TOTP token

Installation

npm install jsotp

Module

All modules support:

const jsotp = require('jsotp');

Usage

Time-based OTPs

// import
const jsotp = require('jsotp');

// Create TOTP object
const totp = jsotp.TOTP('BASE32ENCODEDSECRET');
totp.now(); // => 432143

// Verify for current time
totp.verify(432143); // => true

// Verify after 30s
totp.verify(432143); // => false

Counter-based OTPs

// import
const jsotp = require('jsotp');

// Create HOTP object
const hotp = jsotp.HOTP('BASE32ENCODEDSECRET');
hotp.at(0); // => 432143
hotp.at(1); // => 231434
hotp.at(2132); // => 242432

// Verify with a counter
hotp.verify(242432, 2132); // => true
hotp.verify(242432, 2133); // => false

Generate random base32 encoded secret

// import
const jsotp = require('jsotp');

// Generate
const b32_secret = jsotp.Base32.random_gen();

Api

jsotp.Base32.random_gen(length)

param: length
type: int
default: 16
return: String
desc: the length of random base32 encoded string.

jsotp.TOTP(secret)

param: secret
type: string
return: TOTP
desc: generate TOTP instance.

jsotp.TOTP.now()

return: String
desc: get the one-time password with current time.

jsotp.TOTP.verify(totp)

param: totp
type: string
return: Boolean
desc: verify the totp code.

jsotp.TOTP.url_gen(issuer)

param: issuer
type: string
return: string
desc: generate url with TOTP instance

jsotp.HOTP(secret)

param: secret
type: string
return: HOTP
desc: generate HOTP instance.

jsotp.HOTP.at(counter)

param: counter
type: int
return: String
desc: generate one-time password with counter.

jsotp.HOTP.verify(hotp, count)

param: hotp
type: string
param: count
type: int
return: Boolean
desc: verify the hotp code.

jsotp.HOTP.url_gen(issuer)

param: issuer
type: string
return: string
desc: generate url with HOTP instance

Contribute

  • Clone repo and install dependencies
git clone git@github.com:certchip/jsotp.git
npm install
  • Contribute the code in src/, and run command below to build the es6 code to es2015. That will create a local directory named lib/.
npm run build
  • Unit test
npm test

中文文档

Keywords

otp
totp
hotp
rfc6238
rfc4226

FAQs

Package last updated on 01 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026