Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
@taktikorg/culpa-minus-minus
Advanced tools
> Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP
Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP
npm
npm i @taktikorg/culpa-minus-minus
Yarn
yarn add @taktikorg/culpa-minus-minus
HOTP
- HMAC-based One Time Password generation method. Uses incrementing with each login counter
and secret
to generate unique 6-8 digit codes.TOTP
- Time-based, uses current time
modulo period
(seconds) as counter in HOTP
,Google Authenticator
- uses simplified version of TOTP
to generate codes. Differences:
SHA-1
hash supportGoogle Authenticator limits are defaults for this library.
// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "@taktikorg/culpa-minus-minus";
// 2. Import crypto adapter. Either `crypto-node` or `crypto-web` - API is identical
import { hmac, randomBytes } from "@taktikorg/culpa-minus-minus/crypto-node";
// 3. Get key from somewhere. Or generate it
const key = generateKey(randomBytes, /* bytes: */ 20); // 5-20 good for Google Authenticator
// 4. Get key import url
const url = getKeyUri({
type: "totp",
secret,
name: "User's Username",
issuer: "Your Site Name"
});
// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key
const input = "...";
const code = await totp(hmac, { secret });
if (code === input) {
// 6. Done. User configured your key
}
FAQs
> Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP
The npm package @taktikorg/culpa-minus-minus receives a total of 0 weekly downloads. As such, @taktikorg/culpa-minus-minus popularity was classified as not popular.
We found that @taktikorg/culpa-minus-minus demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.