@eaccess/totp
Advanced tools
[](https://www.npmjs.com/package/@prsm/otp)
A simple and secure library for generating and verifying One-Time Passwords (OTPs) based on the TOTP algorithm.
npm install @prsm/otp
Generate a secret with different strengths:
import Otp from "@prsm/otp";
// Default (high) strength
const secret = Otp.createSecret();
// Low strength
const lowStrengthSecret = Otp.createSecret(Otp.SHARED_SECRET_STRENGTH_LOW);
// Moderate strength
const moderateStrengthSecret = Otp.createSecret(Otp.SHARED_SECRET_STRENGTH_MODERATE);
For each user, store the secret securely and associate it with the user. When authenticating a user, you need to reference the secret that was generated for that user. The secret should be kept confidential and never shared.
const secret = Otp.createSecret();
const totp = Otp.generateTotp(secret);
console.log(totp); // A 6-digit TOTP
const totp8 = Otp.generateTotp(secret, undefined, 8);
console.log(totp8); // An 8-digit TOTP
const isValid = Otp.verifyTotp(secret, totp);
console.log(isValid); // true, even if the TOTP is expired
For strict verification, you can specify the number of steps and the time window:
const isValidStrict = Otp.verifyTotp(secret, totp, 0, 0);
console.log(isValidStrict); // true only if the TOTP is valid at the current time
const uri = Otp.createTotpKeyUriForQrCode("app.example.com", "john.doe@example.org", secret);
console.log(uri); // URI for QR code
Customize OTP length, interval, and hash function:
const customTotp = Otp.generateTotp(secret, undefined, 8, 60, undefined, Otp.HASH_FUNCTION_SHA_256);
const isValidCustom = Otp.verifyTotp(secret, customTotp, undefined, undefined, undefined, 8, 60, undefined, Otp.HASH_FUNCTION_SHA_256);
console.log(isValidCustom); // true
Handle specific errors:
try {
Otp.generateTotp("shortsecret");
} catch (error) {
if (error instanceof Otp.InvalidSecretError) {
console.error("The provided secret is too short.");
}
}
FAQs
[](https://www.npmjs.com/package/@prsm/otp)
We found that @eaccess/totp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Python 3.14 adds template strings, deferred annotations, and subinterpreters, plus free-threaded mode, an experimental JIT, and Sigstore verification.
Security News
Former RubyGems maintainers have launched The Gem Cooperative, a new community-run project aimed at rebuilding open governance in the Ruby ecosystem.
Security News
An opt-in lazy import keyword aims to speed up Python startups, especially CLIs, without the ecosystem-wide risks that sank PEP 690.