generateotp-ts - npm Package Compare versions

Comparing version 1.0.4 to 1.0.5

lib/index.d.ts

@@ -6,3 +6,3 @@ export declare function generateOtp(digits: number, expiration?: string | number | undefined, secret?: string): {
 export interface DecodedOtpPayload {
-    otp: number;
+    otp: string;
     iat: number;
@@ -9,0 +9,0 @@ exp: number;

lib/index.js

@@ -9,2 +9,3 @@ "use strict";
 const crypto_1 = __importDefault(require("crypto"));
+const bcrypt_1 = __importDefault(require("bcrypt"));
 const default_secret = crypto_1.default.randomBytes(32).toString("hex");
@@ -17,7 +18,9 @@ function generateOtp(digits, expiration = undefined, secret = "") {
     // Create a payload containing the OTP
-    const payload = { otp };
+    const payload = { otp: bcrypt_1.default.hashSync(otp.toString(), 10) };
     // Encrypt the payload using JWT and set the desired expiration time
-    const token = jsonwebtoken_1.default.sign(payload, secret || default_secret, {
-        expiresIn: expiration,
-    });
+    const token = expiration
+        ? jsonwebtoken_1.default.sign(payload, secret || default_secret, {
+            expiresIn: expiration,
+        })
+        : jsonwebtoken_1.default.sign(payload, secret || default_secret);
     return { otp, token };
@@ -31,3 +34,3 @@ }
         // Check if the user-provided OTP matches the OTP in the payload
-        if (decodedPayload.otp === otp) {
+        if (bcrypt_1.default.compareSync(otp.toString(), decodedPayload.otp)) {
             return true;
@@ -34,0 +37,0 @@ }

package.json

 {
   "name": "generateotp-ts",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "A TypeScript library for generating and verifying OTPs using JWT",
@@ -27,5 +27,7 @@ "main": "lib/index.js",
   "dependencies": {
+    "bcrypt": "^5.1.0",
     "jsonwebtoken": "^9.0.0"
   },
   "devDependencies": {
+    "@types/bcrypt": "^5.0.0",
     "@types/jsonwebtoken": "^9.0.1",
@@ -32,0 +34,0 @@ "typescript": "^5.0.4"

src/index.ts

 import jwt from "jsonwebtoken";
 import crypto from "crypto";
+import bcrypt from "bcrypt";
 
@@ -17,8 +18,10 @@ const default_secret = crypto.randomBytes(32).toString("hex");
   // Create a payload containing the OTP
-  const payload = { otp };
+  const payload = { otp: bcrypt.hashSync(otp.toString(), 10) };
 
   // Encrypt the payload using JWT and set the desired expiration time
-  const token = jwt.sign(payload, secret || default_secret, {
-    expiresIn: expiration,
-  });
+  const token = expiration
+    ? jwt.sign(payload, secret || default_secret, {
+        expiresIn: expiration,
+      })
+    : jwt.sign(payload, secret || default_secret);
 
@@ -29,3 +32,3 @@ return { otp, token };
 export interface DecodedOtpPayload {
-  otp: number;
+  otp: string;
   iat: number;
@@ -48,3 +51,3 @@ exp: number;
     // Check if the user-provided OTP matches the OTP in the payload
-    if (decodedPayload.otp === otp) {
+    if (bcrypt.compareSync(otp.toString(), decodedPayload.otp)) {
       return true;
@@ -51,0 +54,0 @@ } else {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6056

increased by8.3%

Lines of code

114

increased by5.56%

Worsened metrics

Dependency count

2

increased by100%

Dev dependency count

3

increased by50%

Dependency changes

• + Addedbcrypt@^5.1.0

• + Added@mapbox/node-pre-gyp@1.0.11(transitive)

• + Addedabbrev@1.1.1(transitive)

• + Addedagent-base@6.0.2(transitive)

• + Addedansi-regex@5.0.1(transitive)

• + Addedaproba@2.0.0(transitive)

• + Addedare-we-there-yet@2.0.0(transitive)

• + Addedbalanced-match@1.0.2(transitive)

• + Addedbcrypt@5.1.1(transitive)

• + Addedbrace-expansion@1.1.11(transitive)

• + Addedchownr@2.0.0(transitive)

• + Addedcolor-support@1.1.3(transitive)

• + Addedconcat-map@0.0.1(transitive)

• + Addedconsole-control-strings@1.1.0(transitive)

• + Addeddebug@4.4.0(transitive)

• + Addeddelegates@1.0.0(transitive)

• + Addeddetect-libc@2.0.3(transitive)

• + Addedemoji-regex@8.0.0(transitive)

• + Addedfs-minipass@2.1.0(transitive)

• + Addedfs.realpath@1.0.0(transitive)

• + Addedgauge@3.0.2(transitive)

• + Addedglob@7.2.3(transitive)

• + Addedhas-unicode@2.0.1(transitive)

• + Addedhttps-proxy-agent@5.0.1(transitive)

• + Addedinflight@1.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedis-fullwidth-code-point@3.0.0(transitive)

• + Addedmake-dir@3.1.0(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addedminipass@3.3.65.0.0(transitive)

• + Addedminizlib@2.1.2(transitive)

• + Addedmkdirp@1.0.4(transitive)

• + Addednode-addon-api@5.1.0(transitive)

• + Addednode-fetch@2.7.0(transitive)

• + Addednopt@5.0.0(transitive)

• + Addednpmlog@5.0.1(transitive)

• + Addedobject-assign@4.1.1(transitive)

• + Addedonce@1.4.0(transitive)

• + Addedpath-is-absolute@1.0.1(transitive)

• + Addedreadable-stream@3.6.2(transitive)

• + Addedrimraf@3.0.2(transitive)

• + Addedsemver@6.3.1(transitive)

• + Addedset-blocking@2.0.0(transitive)

• + Addedsignal-exit@3.0.7(transitive)

• + Addedstring-width@4.2.3(transitive)

• + Addedstring_decoder@1.3.0(transitive)

• + Addedstrip-ansi@6.0.1(transitive)

• + Addedtar@6.2.1(transitive)

• + Addedtr46@0.0.3(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• + Addedwebidl-conversions@3.0.1(transitive)

• + Addedwhatwg-url@5.0.0(transitive)

• + Addedwide-align@1.1.5(transitive)

• + Addedwrappy@1.0.2(transitive)

• + Addedyallist@4.0.0(transitive)