Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

otp-io

Package Overview
Dependencies
Maintainers
1
Versions
12
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

otp-io

🕖 Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP

  • 1.2.6
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

OTP io

Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP

Test Status Downloads last commit codecov GitHub otp-io Known Vulnerabilities Quality npm license MIT Size

ExampleAPI Reference

Why use this lib?

Install

  • npm
    npm i otp-io
    
  • Yarn
    yarn add otp-io
    

What is this?

  • HOTP - HMAC-based One Time Password generation method. Uses incrementing with each login counter and secret to generate unique 6-8 digit codes.
  • TOTP - Time-based, uses current time modulo period (seconds) as counter in HOTP,
  • Google Authenticator - uses simplified version of TOTP to generate codes. Differences:
    • Only SHA-1 hash support
    • Only 6 digit codes
    • Keys should not be padded
    • TOTP period is 30 seconds

Google Authenticator limits are defaults for this library.

How it works?

// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "otp-io";
// 2. Import crypto adapter. 
// Specify `crypto-node` or `crypto-web` if node/bundler cannot 
// detect correct version
import { hmac, randomBytes } from "otp-io/crypto";

// 3. Get key from somewhere. Or generate it
const key = generateKey(randomBytes, /* bytes: */ 20); // 5-20 good for Google Authenticator

// 4. Get key import url
const url = getKeyUri({
  type: "totp",
  secret,
  name: "User's Username",
  issuer: "Your Site Name"
});

// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key

const input = "...";

const code = await totp(hmac, { secret });

if (code === input) {
  // 6. Done. User configured your key
}

Api Reference

API Reference

Keywords

FAQs

Package last updated on 11 Jul 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc