Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@universal-packages/time-based-one-time-password

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@universal-packages/time-based-one-time-password

Time-based one-time password implementation

  • 1.0.3
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Time-based one-time password

npm version Testing codecov

implementation from RFC6238

Install

npm install @universal-packages/time-based-one-time-password

Global methods

generate(secret: string, [options])

Generates the current otp password for the current time.

Options
  • algorithm 'sha1' | 'sha256' | 'sha512' default: sha1 Algorithm to use when generating the hmac hash.
  • codeDigits number default: 6 How many digits to take for the final password.
  • time number default: Date.now() / 10000.0 Time in seconds for which the password will be generated
  • timeStep number default: 30 The time window in seconds in which the password should be valid (the same).
verify(subject: string, secret: string, [options])

Verify if the given password is valid for the time window, in will verify the specified steps around the specified time window, basically:

|------------------|------------------|------------------|
    previous             current               next

It will verify the current time window (or time given) and the surroundings by the given offsetSteps in the example above the offset is one. Make sure to verify password using the same options used for generating them.

Options

Verify uses the same options as generate and additionally:

  • offsetSteps number default: 1 Number of steps around the given time should be tested for the verification.

Base32

Some verificators require you to pass the secret in base32 format (for some reason), you can use packages like Base32 Encode, for example for the google authenticator you can do:

import base32Encode from 'base32-encode'

const base32Secret = base32Encode('secret', 'RFC4648').replace('=', '')

console.log(base32Secret)

// > Some base32 string

Typescript

This library is developed in TypeScript and shipped fully typed.

Contributing

The development of this library happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving this library.

License

MIT licensed.

FAQs

Package last updated on 10 Sep 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc