TOTP (Time-based) and HOTP (HMAC-based) One-Time Password library
@otp-lib is a suite of libraries designed to implement the generation and verification of HOTP (HMAC-based), TOTP (Time-based) codes.
Built on top of the native Web Crypto API, it ensures cryptographic security and performance across all modern JavaScript environments (Node.js, Deno, Bun, Browsers, Cloudflare Workers).
This repository is a monorepo containing the following packages :
Designed to build Multi-Factor Authentication (MFA), Two-Factor Authentication (2FA) systems or Authenticator applications. It wraps the core logic with features :
- Key URI : Fully supports parsing and generating Key URI Format
otpauth://, enabling seamless integration with QR Codes and compatibility with apps like Google Authenticator, Microsoft Authenticator, Authy, or Yubico Authenticator. - Context : Manages metadata like Issuer (provider name) and Account (user email), which is essential for user-facing applications.
Designed to build strict, compliant implementation of One-Time Passwords (OTP) algorithms.
- Secure : Uses the native Web Crypto API (
crypto.subtle) for cryptographic operations. - Isomorphic : Works in Node.js, Bun, Deno, Browsers, and Cloudflare Workers.
- Type-Safe : Written in strict TypeScript with full type definitions included.
- Zero Dependencies : No external overhead. Lightweight and fast.
- Compliant : Strict implementations of the IETF standards :
MIT © Unknown-Robot