Comparing version 12.0.0-1 to 12.0.0-2
117
package.json
{ | ||
"name": "otplib", | ||
"version": "12.0.0-1", | ||
"description": "HMAC-based (HOTP) and Time-based (TOTP) One-Time Password library", | ||
"main": "./core/index.js", | ||
"typings": "./core/index.d.ts", | ||
"scripts": { | ||
"build": "./scripts/build.sh", | ||
"build:site": "./scripts/build-site.sh", | ||
"clean": "rimraf builds coverage", | ||
"format": "prettier --write \"{packages,scripts,configs}/**/*.{ts,tsx,js,jsx,json,md,mdx}\"", | ||
"lint": "tsc --noEmit", | ||
"setup": "./scripts/setup.sh", | ||
"test": "jest --coverage --runInBand", | ||
"test:browser": "./scripts/test-browser.sh", | ||
"test:module": "./scripts/test-module.sh", | ||
"test:node8": "./scripts/test-node8.sh", | ||
"test:watch": "jest --watch", | ||
"update:release-notes": "npx conventional-github-releaser -p angular", | ||
"upload:coverage": "cat ./coverage/lcov.info | npx coveralls" | ||
"version": "12.0.0-2", | ||
"main": "./index.js", | ||
"publishConfig": { | ||
"access": "public" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/yeojz/otplib.git" | ||
"scripts": {}, | ||
"dependencies": { | ||
"@otplib/core": "^12.0.0-2", | ||
"@otplib/preset-default": "^12.0.0-2", | ||
"@otplib/preset-v11": "^12.0.0-2" | ||
}, | ||
"otplib": {}, | ||
"keywords": [ | ||
"otp", | ||
"totp", | ||
"hotp", | ||
"otp", | ||
"authenticator", | ||
"one time password", | ||
"google authenticator", | ||
"authenticator", | ||
"authentication", | ||
@@ -39,79 +28,7 @@ "2FA", | ||
], | ||
"author": "Gerald Yeo <contact@fusedthought.com>", | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/yeojz/otplib/issues" | ||
}, | ||
"author": "MIT", | ||
"license": "Gerald Yeo <contact@fusedthought.com>", | ||
"homepage": "https://yeojz.github.io/otplib", | ||
"devDependencies": { | ||
"@babel/core": "^7.5.5", | ||
"@babel/plugin-transform-runtime": "^7.5.5", | ||
"@babel/preset-env": "^7.5.5", | ||
"@babel/preset-typescript": "^7.3.3", | ||
"@babel/runtime": "^7.5.5", | ||
"@types/crypto-js": "^3.1.43", | ||
"@types/jest": "^24.0.18", | ||
"@types/node": "^12.7.2", | ||
"@typescript-eslint/eslint-plugin": "^2.0.0", | ||
"@typescript-eslint/parser": "^2.0.0", | ||
"babel-jest": "^24.9.0", | ||
"babel-loader": "^8.0.6", | ||
"base32-decode": "^1.0.0", | ||
"base32-encode": "^1.1.1", | ||
"create-hmac": "^1.1.7", | ||
"crypto-js": "^3.1.9-1", | ||
"eslint": "^6.2.2", | ||
"eslint-config-prettier": "^6.1.0", | ||
"eslint-plugin-prettier": "^3.1.0", | ||
"jest": "^24.9.0", | ||
"prettier": "^1.18.2", | ||
"rimraf": "^3.0.0", | ||
"rollup": "^1.20.1", | ||
"rollup-plugin-babel": "^4.3.3", | ||
"rollup-plugin-cleanup": "^3.1.1", | ||
"rollup-plugin-commonjs": "^10.0.2", | ||
"rollup-plugin-node-resolve": "^5.2.0", | ||
"thirty-two": "^1.0.2", | ||
"typescript": "^3.5.3", | ||
"webpack": "^4.39.2", | ||
"webpack-cli": "^3.3.7" | ||
}, | ||
"dependencies": {}, | ||
"jest": { | ||
"collectCoverageFrom": [ | ||
"packages/**/*.{js,ts}", | ||
"!**/node_modules/**", | ||
"!packages/tests-*/*", | ||
"!packages/otplib-preset-browser/*", | ||
"!packages/package-cache/*" | ||
], | ||
"coverageDirectory": "./coverage/", | ||
"modulePaths": [ | ||
"<rootDir>/packages/" | ||
], | ||
"modulePathIgnorePatterns": [ | ||
"<rootDir>/.*/__mocks__" | ||
], | ||
"roots": [ | ||
"<rootDir>/packages/" | ||
], | ||
"resetMocks": true, | ||
"setupFiles": [], | ||
"testPathIgnorePatterns": [ | ||
"/node_modules/", | ||
"/packages/tests-data/", | ||
"/packages/tests-suites/", | ||
"/packages/package-cache/" | ||
], | ||
"testURL": "http://localhost", | ||
"transform": { | ||
"^.+\\.(js|ts)$": "babel-jest" | ||
} | ||
}, | ||
"repl": [ | ||
{ | ||
"name": "otplib", | ||
"module": "./builds/otplib/preset-default" | ||
} | ||
] | ||
} | ||
"repository": "https://github.com/yeojz/otplib", | ||
"types": "./index.d.ts" | ||
} |
498
README.md
@@ -9,3 +9,3 @@ # otplib | ||
[![npm downloads][badge-npm-downloads]][project-npm] | ||
[![TypeScript Support][badge-type-ts]][project-docs] | ||
[![TypeScript Support][badge-type-ts]][project-v-api] | ||
@@ -21,32 +21,14 @@ --- | ||
- [In Browser](#in-browser) | ||
- [Migration and Versioning Guide](#migration-and-versioning-guide) | ||
- [References](#references) | ||
- [API / Demo Website](#api--demo-website) | ||
- [Versioning](#versioning) | ||
- [Migrating from v11.x](#migrating-from-v11x) | ||
- [Downloading Master Builds](#downloading-master-builds) | ||
- [Getting Started](#getting-started) | ||
- [Install the Package](#install-the-package) | ||
- [Choose Your Plugins](#choose-your-plugins) | ||
- [Adding Crypto](#adding-crypto) | ||
- [Adding Base32](#adding-base32) | ||
- [Initialise your Instance](#initialise-your-instance) | ||
- [Using Classes](#using-classes) | ||
- [Using Functions](#using-functions) | ||
- [Available Options](#available-options) | ||
- [HOTP Options](#hotp-options) | ||
- [TOTP Options](#totp-options) | ||
- [Authenticator Options](#authenticator-options) | ||
- [Async Options](#async-options) | ||
- [Available Packages](#available-packages) | ||
- [Core](#core) | ||
- [Core (Async)](#core-async) | ||
- [Plugins](#plugins) | ||
- [Crypto Plugins](#crypto-plugins) | ||
- [Base32 Plugins](#base32-plugins) | ||
- [Presets](#presets) | ||
- [Available Options](#available-options) | ||
- [HOTP Options](#hotp-options) | ||
- [TOTP Options](#totp-options) | ||
- [Authenticator Options](#authenticator-options) | ||
- [Appendix](#appendix) | ||
- [Type Definitions](#type-definitions) | ||
- [Async Support](#async-support) | ||
- [Using Async Replacements](#using-async-replacements) | ||
- [Async over Sync Methods](#async-over-sync-methods) | ||
- [Browser Compatiblity](#browser-compatiblity) | ||
- [Browser bundle size](#browser-bundle-size) | ||
- [Length of Secrets](#length-of-secrets) | ||
@@ -57,5 +39,6 @@ - [Google Authenticator](#google-authenticator) | ||
- [Displaying a QR code](#displaying-a-qr-code) | ||
- [Getting Time Remaining / Time Used](#getting-time-remaining--time-used) | ||
- [Getting Time Remaining / Time Used](#getting-time-remaining--time-used) | ||
- [Using with Expo](#using-with-expo) | ||
- [Exploring with local-repl](#exploring-with-local-repl) | ||
- [OTP Backup Codes](#otp-backup-codes) | ||
- [Contributors](#contributors) | ||
@@ -101,15 +84,13 @@ - [License](#license) | ||
References: | ||
> If you need to customise your base32 or crypto libraries, | ||
> check out the [In-Depth Guide][docs-in-depth] | ||
- [API Documentation][project-api] | ||
- [Demo Website][project-web] | ||
### In Node.js | ||
```bash | ||
npm install otplib thirty-two | ||
npm install otplib --save | ||
``` | ||
```js | ||
import { authenticator } from 'otplib/preset-default'; | ||
import { authenticator } from 'otplib'; | ||
@@ -135,7 +116,7 @@ const secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD'; | ||
Please replace "authenticator" with totp or hotp depending on your requirements. | ||
Please replace "authenticator" with "totp" or "hotp" depending on your requirements. | ||
```js | ||
// For TOTP | ||
import { totp } from 'otplib/preset-default'; | ||
import { totp } from 'otplib'; | ||
const token = totp.generate(secret); | ||
@@ -146,3 +127,3 @@ const isValid = totp.check(token, secret); | ||
// For HOTP | ||
import { hotp } from 'otplib/preset-default'; | ||
import { hotp } from 'otplib'; | ||
const token = hotp.generate(secret, counter); | ||
@@ -153,12 +134,17 @@ const isValid = hotp.check(token, secret, counter); | ||
For all available APIs, please refer to [API Documentation][project-api]. | ||
For all available APIs, please refer to [API Documentation][project-v-api]. | ||
### In Browser | ||
The browser preset is a self contained `umd` module with `Buffer` split out as an external dependency. | ||
As such, there are 2 scripts required: `preset-browser/index.js` and `preset-browser/buffer.js`. | ||
The browser preset is a self-contained `umd` module, and it is provided in a separate bundle. | ||
```bash | ||
npm install @otplib/preset-browser --save | ||
``` | ||
The following is an example, where we are using the scripts hosted by `unpkg.com`. | ||
```html | ||
<script src="https://unpkg.com/otplib@^12.0.0/preset-browser/buffer.js"></script> | ||
<script src="https://unpkg.com/otplib@^12.0.0/preset-browser/index.js"></script> | ||
<script src="https://unpkg.com/@otplib/preset-browser@^12.0.0/buffer.js"></script> | ||
<script src="https://unpkg.com/@otplib/preset-browser@^12.0.0/index.js"></script> | ||
@@ -172,11 +158,16 @@ <script type="text/javascript"> | ||
The `buffer.js` provided by this library is a cached copy | ||
from [https://www.npmjs.com/package/buffer][link-npm-buffer]. | ||
You can also download and include the latest version via their project page. | ||
For more details, please refer to the [@otplib/preset-browser documentation][docs-preset-browser]. | ||
In the above example, we are directly using the scripts hosted by `unpkg.com`. | ||
You can also `npm install otplib` and get a copy from the `node_modules/otplib/preset-browser` folder. | ||
## References | ||
## Migration and Versioning Guide | ||
### API / Demo Website | ||
| Version | Links | | ||
| --------------- | ----------------------------------------------------------------------------------- | | ||
| v12.x | [Website][project-v-site] / [API][project-v-api] / [Readme][project-v-readme] | | ||
| v11.x | [API][project-v11-api] / [Readme][project-v11-readme] | | ||
| v10.x and below | Available via git history | | ||
### Versioning | ||
This library follows `semver`. As such, major version bumps usually mean API changes or behavior changes. | ||
@@ -186,10 +177,12 @@ Please check [upgrade notes](https://github.com/yeojz/otplib/wiki/upgrade-notes) for more information, | ||
To simplify releases, all packages within this repository have their versions synced. | ||
Therefore, if there are any releases or updates to a package, we will bump all packages. | ||
Check out the release notes associated with each tagged versions | ||
in the [releases](https://github.com/yeojz/otplib/releases) page. | ||
| Release Type | Version Pattern | Command | | | ||
| :------------------- | --------------- | ---------------------------------------------------------------- | :------------------------------------ | | ||
| Current / Stable | 0.0.0 | `npm install otplib` | [![npm][badge-npm]][project-npm] | | ||
| Release Candidate | 0.0.0-0 | `npm install otplib@next` | [![npm][badge-npm-next]][project-npm] | | ||
| Master Branch Builds | 0.0.0-ci.{hash} | See: [Downloading Master Builds][docs-downloading-master-builds] | | | ||
| Release Type | Version Pattern | Command | | | ||
| :---------------- | --------------- | ------------------------- | :------------------------------------ | | ||
| Current / Stable | 0.0.0 | `npm install otplib` | [![npm][badge-npm]][project-npm] | | ||
| Release Candidate | 0.0.0-0 | `npm install otplib@next` | [![npm][badge-npm-next]][project-npm] | | ||
@@ -201,4 +194,2 @@ ### Migrating from v11.x | ||
Link to [v11.x README.md][project-v11-readme] and [v11.x API Docs][project-v11-api]. | ||
```js | ||
@@ -208,3 +199,3 @@ // Update | ||
// to | ||
import { authenticator } from 'otplib/preset-v11'; | ||
import { authenticator } from '@otplib/preset-v11'; | ||
@@ -215,131 +206,4 @@ // There should be no changes to your current code. | ||
### Downloading Master Builds | ||
### Available Options | ||
From 12.x onwards, pre-release builds of master is also uploaded as an artifact on GitHub Actions. | ||
To download: | ||
1. Go to otplib's [Github Actions][project-github-actions]. | ||
2. Click on `dev-builds`. | ||
3. Select the latest `master` workflow run. | ||
4. Click on the `Artifacts` dropdown near the top-right. | ||
5. Download `otplib-ci-package.zip`. | ||
6. Unzip the zip file, you should see a `otplib-ci-{hash}.tar.gz` file. | ||
7. You can now run `npm install ./otplib-ci-{hash}.tar.gz` to install it into your project. | ||
## Getting Started | ||
This is a more in-depth setup guide for installing, configuring and customising | ||
your dependencies for the library. | ||
Check out the [Quick Start][docs-quick-start] guide if you do need / want | ||
to customise any dependencies from the presets. | ||
### Install the Package | ||
```bash | ||
npm install otplib | ||
``` | ||
### Choose Your Plugins | ||
#### Adding Crypto | ||
The crypto modules are used to generate the digest used to derive the OTP tokens from. | ||
By default, Node.js has inbuilt `crypto` functionality, but you might want to replace it | ||
for certain environments that do not support it. | ||
Currently out-of-the-box, there are some [Crypto Plugins][docs-plugins-crypto] included. | ||
Install the dependencies for one of them. | ||
```bash | ||
# Choose either | ||
# Node.js crypto (you don't need to install anything else - http://nodejs.org/api/crypto.html) | ||
# or | ||
npm install crypto-js | ||
``` | ||
#### Adding Base32 | ||
If you're using Google Authenticator, you'll need a base32 module for | ||
encoding and decoding your secrets. | ||
Currently out-of-the-box, there are some [Base32 Plugins][docs-plugins-base32] included. | ||
Install the dependencies for one of them. | ||
```bash | ||
# Choose either | ||
npm install thirty-two | ||
# or | ||
npm install base32-encode base32-decode | ||
``` | ||
### Initialise your Instance | ||
#### Using Classes | ||
```js | ||
import { HOTP, TOTP, Authenticator } from 'otplib'; | ||
// Base32 Plugin | ||
// for thirty-two | ||
import { keyDecoder, keyEncoder } from 'otplib/plugin-thirty-two'; | ||
// for base32-encode and base32-decode | ||
import { keyDecoder, keyEncoder } from 'otplib/plugin-base32-enc-dec'; | ||
// Crypto Plugin | ||
// for node crypto | ||
import { createDigest, createRandomBytes } from 'otplib/plugin-crypto'; | ||
// for crypto-js | ||
import { createDigest, createRandomBytes } from 'otplib/plugin-crypto-js'; | ||
// Setup an OTP instance which you need | ||
const hotp = new HOTP({ createDigest }); | ||
const totp = new TOTP({ createDigest }); | ||
const authenticator = new Authenticator({ | ||
createDigest, | ||
createRandomBytes, | ||
keyDecoder, | ||
keyEncoder | ||
}); | ||
// Go forth and generate tokens | ||
const token = hotp.generate(YOUR_SECRET, 0); | ||
const token = totp.generate(YOUR_SECRET); | ||
const token = authenticator.generate(YOUR_SECRET); | ||
``` | ||
#### Using Functions | ||
Alternatively, if you are using the functions directly instead of the classes, | ||
pass these as options into the functions. | ||
```js | ||
import { | ||
hotpOptions, | ||
hotpToken, | ||
totpOptions, | ||
totpToken, | ||
authenticatorOptions, | ||
authenticatorToken | ||
} from 'otplib/core'; | ||
// As with classes, import your desired Base32 Plugin and Crypto Plugin. | ||
// import ... | ||
// Go forth and generate tokens | ||
const token = hotpToken(YOUR_SECRET, 0, hotpOptions({ createDigest)); | ||
const token = totpToken(YOUR_SECRET, totpOptions({ createDigest)); | ||
const token = authenticatorToken(YOUR_SECRET, authenticatorOptions({ | ||
createDigest, | ||
createRandomBytes, | ||
keyDecoder, | ||
keyEncoder | ||
)); | ||
``` | ||
## Available Options | ||
All instantiated classes will have their options inherited from their respective options | ||
@@ -354,3 +218,3 @@ generator. i.e. HOTP from `hotpOptions`, TOTP from `totpOptions` | ||
```js | ||
import { authenticator, totp, hotp } from 'otplib/preset-default'; | ||
import { authenticator, totp, hotp } from 'otplib'; | ||
@@ -379,3 +243,3 @@ // setting | ||
### HOTP Options | ||
#### HOTP Options | ||
@@ -395,3 +259,3 @@ | Option | Type | Description | | ||
algorithm: 'sha1' | ||
createDigest: undefined, // to be provided via a otplib-plugin | ||
createDigest: undefined, // to be provided via a @otplib/plugin-* | ||
createHmacKey: hotpCreateHmacKey, | ||
@@ -403,3 +267,3 @@ digits: 6, | ||
### TOTP Options | ||
#### TOTP Options | ||
@@ -425,3 +289,3 @@ > Note: Includes all HOTP Options | ||
### Authenticator Options | ||
#### Authenticator Options | ||
@@ -441,97 +305,8 @@ > Note: Includes all HOTP + TOTP Options | ||
encoding: 'hex', | ||
createRandomBytes: undefined, // to be provided via a otplib-plugin | ||
keyEncoder: undefined, // to be provided via a otplib-plugin | ||
keyDecoder: undefined, // to be provided via a otplib-plugin | ||
createRandomBytes: undefined, // to be provided via a @otplib/plugin-* | ||
keyEncoder: undefined, // to be provided via a @otplib/plugin-* | ||
keyDecoder: undefined, // to be provided via a @otplib/plugin-* | ||
} | ||
``` | ||
### Async Options | ||
The following options are modified for `functions` and `classes` which are suffixed with `Async`. | ||
eg: `AuthenticatorAsync`, `totpDigestAsync`, `hotpTokenAsync` etc. | ||
| Option | Type | Output | | ||
| ----------------- | -------------- | --------------------------------------------------- | | ||
| createDigest | async function | function returns Promise<string\> instead of string | | ||
| createHmacKey | async function | function returns Promise<string\> instead of string | | ||
| createRandomBytes | async function | function returns Promise<string\> instead of string | | ||
| keyEncoder | async function | function returns Promise<string\> instead of string | | ||
| keyDecoder | async function | function returns Promise<string\> instead of string | | ||
## Available Packages | ||
This library has been split into 3 categories: `core`, `plugin` and `preset`. | ||
### Core | ||
Provides the core functionality of the library. Parts of the logic | ||
has been separated out in order to provide flexibility to the library via | ||
available plugins. | ||
| file | description | | ||
| -------------------- | ---------------------------------------------------- | | ||
| otplib/hotp | HOTP functions + class | | ||
| otplib/hotp | TOTP functions + class | | ||
| otplib/authenticator | Google Authenticator functions + class | | ||
| otplib/core | Aggregates hotp/totp/authenticator functions + class | | ||
#### Core (Async) | ||
| file | description | | ||
| -------------------------- | --------------------------------------- | | ||
| otplib/hotp-async | async version of `otplib/hotp` | | ||
| otplib/hotp-async | async version of `otplib/hotp` | | ||
| otplib/authenticator-async | async version of `otplib/authenticator` | | ||
| otplib/core-async | async version of `otplib/core` | | ||
### Plugins | ||
#### Crypto Plugins | ||
| plugin | type | depends on | | ||
| ---------------------------------- | ----- | ----------------------------------- | | ||
| otplib/plugin-crypto | sync | crypto (included in Node.js) | | ||
| otplib/plugin-crypto-js | sync | `npm install crypto-js` | | ||
| otplib/plugin-crypto-async-ronomon | async | `npm install @ronomon/crypto-async` | | ||
These crypto plugins provides: | ||
```js | ||
{ | ||
createDigest, // used for token derivation | ||
createRandomBytes, //used to generate random keys for Google Authenticator | ||
} | ||
``` | ||
#### Base32 Plugins | ||
| plugin | type | depends on | | ||
| ---------------------------- | ---- | ----------------------------------------- | | ||
| otplib/plugin-thirty-two | sync | `npm install thirty-two` | | ||
| otplib/plugin-base32-enc-dec | sync | `npm install base32-encode base32-decode` | | ||
These Base32 plugins provides: | ||
```js | ||
{ | ||
keyDecoder, //for decoding Google Authenticator secrets | ||
keyEncoder, // for encoding Google Authenticator secrets. | ||
} | ||
``` | ||
### Presets | ||
Presets are preconfigured HOTP, TOTP, Authenticator instances to | ||
allow you to get started with the library quickly. | ||
Each presets would need the corresponding dependent npm modules to be installed. | ||
| file | depends on | description | | ||
| --------------------------- | ------------------------------------------------------ | ---------------------------------------------------- | | ||
| otplib/preset-default | `npm install thirty-two` | | | ||
| otplib/preset-default-async | `npm install thirty-two @ronomon/crypto-async` | async version of `otplib/preset-default` | | ||
| otplib/preset-browser | [See Browser Compatibility][docs-browser-compatiblity] | Webpack bundle and is self contained. | | ||
| otplib/preset-v11 | `npm install thirty-two` | Wrapper to adapt the APIs to v11.x compatible format | | ||
## Appendix | ||
@@ -547,3 +322,3 @@ | ||
`async` support was introduced in `v12.0.0`. | ||
`async` support was introduced in `v12.0.0` as an additional core library. | ||
@@ -554,80 +329,13 @@ This was added as some libraries like [expo.io][link-expo-crypto] or even | ||
There are 2 was to use `async` - using async replacements, or handling digests separately. | ||
You to find more details in the [core-async][docs-core-async] folder. | ||
#### Using Async Replacements | ||
This is the simplest way to get started. Other than `allOptions()` and `resetOptions`, | ||
all other methods are converted to async and thus needs to be `Promise.resolve` or `await`. | ||
eg: `await .generate(...)`, `await .check(...)` | ||
```js | ||
import { AuthenticatorAsync } from 'otplib/core-async'; | ||
const authenticator = new AuthenticatorAsync({ | ||
// ...options | ||
// make sure you use async versions of | ||
// required functions like createDigest. | ||
}); | ||
// Note: await needed as all methods are async | ||
const token = await authenticator.generate(secret); | ||
``` | ||
#### Async over Sync Methods | ||
In this method, you would essentially take over the digest generation, leaving | ||
the library to handle the digest to token conversion. | ||
```js | ||
import { Authenticator } from 'otplib/core'; | ||
import { authenticatorDigestAsync } from 'otplib/authenticator-async'; | ||
// This is a synchronous Authenticator class. | ||
const authenticator = new Authenticator({ | ||
// ...options | ||
}); | ||
// Override the digest generation. | ||
const digest = await authenticatorDigestAsync(secret, { | ||
...authenticator.allOptions(), | ||
createDigest: async (algorithm, hmacKey, counter) => 'string'; // put your async implementation | ||
}); | ||
authenticator.options = { digest }; | ||
const token = authenticator.generate(secret); | ||
// recommended: reset to remove the digest. | ||
authenticator.resetOptions(); | ||
// reference test in: ./packages/tests-builds/example.test.js | ||
``` | ||
Check the [API Documentation][project-api] for the full list of async functions. | ||
All async functions are suffixed with `Async` except for class methods. | ||
### Browser Compatiblity | ||
`otplib/preset-browser` is a `umd` bundle with some node modules replaced to reduce the browser size. | ||
`@otplib/preset-browser` is a `umd` bundle with some node modules replaced to reduce the browser size. | ||
The following defaults have been used: | ||
The approximate size for the **optimised, minified + gzipped** bundle is **9.53KB**. | ||
Paired with the gzipped browser `buffer.js` module, it would be about `7.65KB + 9.53KB = 17.18KB`. | ||
- **crypto**: `crypto-js` | ||
- **encoder**: `base32-encode` | ||
- **decoder**: `base32-decode` | ||
For more details, please refer to the [@otplib/preset-browser documentation][docs-preset-browser]. | ||
To see what is included, you can take a look at `packages/otplib-browser/index.ts`. | ||
#### Browser bundle size | ||
The approximate **bundle sizes** are as follows: | ||
| Bundle Type | Size | | ||
| --------------------------------- | ---------- | | ||
| original | 324KB | | ||
| original, minified + gzipped | 102KB | | ||
| optimised | 30.9KB | | ||
| **optimised, minified + gzipped** | **9.53KB** | | ||
Paired with the gzipped browser `buffer.js` module, it would be about `7.65KB + 9.53KB = 17.18KB`. | ||
### Length of Secrets | ||
@@ -691,3 +399,3 @@ | ||
import qrcode from 'qrcode'; | ||
import { authenticator } from 'otplib/preset-default'; | ||
import { authenticator } from '@otplib/preset-default'; | ||
@@ -697,6 +405,6 @@ const user = 'A user name, possibly an email'; | ||
// v11.x.x and above | ||
// v11.x and above | ||
const otpauth = authenticator.keyuri(user, service, secret); | ||
// v10.x.x and below | ||
// v10.x and below | ||
const otpauth = authenticator.keyuri( | ||
@@ -717,6 +425,6 @@ encodeURIComponent(user), | ||
> **Note**: For versions `v10.x.x` and below, `keyuri` does not URI encode | ||
> **Note**: For versions `v10.x` and below, `keyuri` does not URI encode | ||
> `user` and `service`. You'll need to do so before passing in the parameteres. | ||
#### Getting Time Remaining / Time Used | ||
### Getting Time Remaining / Time Used | ||
@@ -741,4 +449,4 @@ Helper methods for getting the remaining time and used time within a validity period | ||
Alternatively, you can make use of crypto provided by `otplib/plugin-crypto-js` or | ||
the bundled browser umd module `otplib/preset-browser`. | ||
Alternatively, you can make use of crypto provided by `@otplib/plugin-crypto-js` or | ||
the bundled browser umd module `@otplib/preset-browser`. | ||
@@ -752,6 +460,6 @@ Pull Requests are much welcomed for a native expo implementation as well. | ||
```bash | ||
$ npm run setup | ||
$ npm run build | ||
$ npx local-repl | ||
# after cloning the repo: | ||
npm run setup | ||
npm run build | ||
npx local-repl | ||
# You should see something like: | ||
@@ -763,6 +471,16 @@ # Node v8.9.4, local-repl 4.0.0 | ||
$ [otplib] > secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD' | ||
$ [otplib] > otplib.authenticator.generate(secret) | ||
[otplib] > secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD' | ||
[otplib] > otplib.authenticator.generate(secret) | ||
``` | ||
### OTP Backup Codes | ||
It is common for services to also provide a set of backup codes to authenticate | ||
and bypass the OTP step in the event that you are not able to access your 2FA | ||
device or have misplaced the device. | ||
As this process is separate from the specifications for OTP, this library does not | ||
provide any backup code related verification logic, and thus would have to be | ||
implemented separately. | ||
## Contributors | ||
@@ -795,17 +513,17 @@ | ||
`otplib` is [MIT licensed](./LICENSE) | ||
`otplib` is [MIT licensed][project-license] | ||
<img width="150" src="https://otplib.yeojz.com/otplib.png" /> | ||
<img width="150" src="https://otplib.yeojz.dev/otplib.png" /> | ||
<!-- Badges --> | ||
[badge-circle]: https://img.shields.io/circleci/project/github/yeojz/otplib/master.svg?style=flat-square | ||
[badge-coveralls]: https://img.shields.io/coveralls/yeojz/otplib/master.svg?style=flat-square | ||
[badge-npm-downloads]: https://img.shields.io/npm/dt/otplib.svg?style=flat-square | ||
[badge-npm-next]: https://img.shields.io/npm/v/otplib/next.svg?style=flat-square | ||
[badge-npm]: https://img.shields.io/npm/v/otplib.svg?style=flat-square | ||
[badge-npm-next]: https://img.shields.io/npm/v/otplib/next.svg?style=flat-square | ||
[badge-type-ts]: https://img.shields.io/badge/typedef-.d.ts-blue.svg?style=flat-square&longCache=true | ||
[docs-browser-compatiblity]: #browser-compatiblity | ||
[docs-downloading-master-builds]: #downloading-master-builds | ||
[docs-plugins-base32]: #base32-plugins | ||
[docs-plugins-crypto]: #crypto-plugins | ||
[docs-quick-start]: #quick-start | ||
<!-- External Links --> | ||
[link-expo-crypto]: https://docs.expo.io/versions/v33.0.0/sdk/crypto/ | ||
@@ -818,18 +536,26 @@ [link-expo-io]: https://expo.io | ||
[link-npm-buffer]: https://www.npmjs.com/package/buffer | ||
[project-api]: https://otplib.yeojz.com/api | ||
[rfc-3548]: http://tools.ietf.org/html/rfc3548 | ||
[rfc-4226-dataset]: https://github.com/yeojz/otplib/blob/master/tests/data/rfc-4226.ts | ||
[rfc-4226-wiki]: http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm | ||
[rfc-4226]: http://tools.ietf.org/html/rfc4226 | ||
[rfc-4648]: https://tools.ietf.org/html/rfc4648 | ||
[rfc-6238-dataset]: https://github.com/yeojz/otplib/blob/master/tests/data/rfc-6238.ts | ||
[rfc-6238-wiki]: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm | ||
[rfc-6238]: http://tools.ietf.org/html/rfc6238 | ||
<!-- Project Links --> | ||
[docs-core-async]: https://github.com/yeojz/otplib/blob/master/packages/otplib-core-async/README.md | ||
[docs-in-depth]: https://github.com/yeojz/otplib/blob/master/packages/otplib-core/README.md#getting-started | ||
[docs-preset-browser-src]: https://github.com/yeojz/otplib/blob/master/packages/otplib-preset-browser/src/index.ts | ||
[docs-preset-browser]: https://github.com/yeojz/otplib/blob/master/packages/otplib-preset-browser/README.md | ||
[project-circle]: https://circleci.com/gh/yeojz/otplib | ||
[project-coveralls]: https://coveralls.io/github/yeojz/otplib | ||
[project-docs]: https://otplib.yeojz.com/api | ||
[project-github-actions]: https://github.com/yeojz/otplib/actions | ||
[project-license]: https://github.com/yeojz/otplib/blob/master/LICENSE | ||
[project-npm]: https://www.npmjs.com/package/otplib | ||
[project-repo]: https://github.com/yeojz/otplib | ||
[project-v-api]: https://otplib.yeojz.dev/api | ||
[project-v-readme]: https://github.com/yeojz/otplib/blob/master/README.md | ||
[project-v-site]: https://otplib.yeojz.dev | ||
[project-v11-api]: https://5d4d0cc4c85e00000788a456--otplib.netlify.com/docs | ||
[project-v11-readme]: https://github.com/yeojz/otplib/blob/d0aedccbca8ae7ec1983f40da4d7a14c9e815e9c/README.md | ||
[project-web]: https://otplib.yeojz.com | ||
[rfc-3548]: http://tools.ietf.org/html/rfc3548 | ||
[rfc-4648]: https://tools.ietf.org/html/rfc4648 | ||
[rfc-4226-dataset]: https://github.com/yeojz/otplib/blob/master/packages/tests-data/rfc4226.ts | ||
[rfc-4226-wiki]: http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm | ||
[rfc-4226]: http://tools.ietf.org/html/rfc4226 | ||
[rfc-6238-dataset]: https://github.com/yeojz/otplib/blob/master/packages/tests-data/rfc6238.ts | ||
[rfc-6238-wiki]: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm | ||
[rfc-6238]: http://tools.ietf.org/html/rfc6238 |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Misc. License Issues
License(Experimental) A package's licensing information has fine-grained problems.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
0
1
1
25069
3
9
1
57
1
534
1
+ Added@otplib/core@^12.0.0-2
+ Added@otplib/preset-v11@^12.0.0-2
+ Added@otplib/core@12.0.1(transitive)
+ Added@otplib/plugin-crypto@12.0.1(transitive)
+ Added@otplib/plugin-thirty-two@12.0.1(transitive)
+ Added@otplib/preset-default@12.0.1(transitive)
+ Added@otplib/preset-v11@12.0.1(transitive)
+ Addedthirty-two@1.0.2(transitive)