npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

2fa-utils

v1.2.6

Published

TOTP and HOTP utilities.

Downloads

583

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

boranseckinboranseckin

Keywords

TOTPHOTPOTP2FATwo Factor Authentication

Readme

Two-Factor Authentication

npm Build Codecov

Using the algorithm provided in RFC 4226, can generate and verify HMAC-based one-time password (HOTP) and time-based one-time password (TOTP).

Features

  • Generate base-32 encoded secrets.
  • Generate HMAC-based one-time passwords (HOTP) at a specific length.
  • Generate time-based HOTPs at a specific amount of windows.
  • Verify generated tokens.

Usage

Generating Secret

For each account, a secret must be generated and shared between the server and the client. This secret will be used to create and verify HOTPs.

const secret = twoFA.generateSecret();

Generating HOTP

HOTP requires a base32-encoded secret and a counter with time-step.

// Generate base32 secret
const secret = twoFA.generateSecret();
// Create counter with 30 seconds interval 
const counter = Math.floor(Date.now() / 30000);

const hotp = twoFA.generateHOTP(secret, counter, 6)

Generating TOTP

Generating TOTP allows you to get a HOTP in a specific time window.

const secret = twoFA.generateSecret();

// Get the current time window's token
const currentTotp = twoFA.generateTOTP(secret, 0);

// Get the future time window's token (1 window ahead)
const futureTotp = twoFA.generateTOTP(secret, 1);

// Get the past time window's token (1 window behind)
const pastTotp = twoFA.generateTOTP(secret, -1);

Verifying HOTP

Verify tokens supplied via user input.

function verifyHOTP(inputToken) {
  const secret = twoFA.generateSecret();
  const counter = Math.floor(Date.now() / 30000);

  // Actual token generated by the server
  const actualToken = twoFA.generateHOTP(secret, counter)

  if (inputToken === actualToken) return true;
  return false
}

Verifying TOTP

Verify tokens supploed via user input with a time tolerance.

const secret = twoFA.generateSecret();

const inputToken = '111111';

/* This will return true if the input token 
  - is currently valid,
  - was previously valid in the last window,
  - will be valid in the next window.
*/
const isTokenValid = twoFA.verifyTOTP(inputToken, secret, 1);

Dependencies

Author

  • Boran Seckin

License

This project is licensed under the MIT License - see the LICENSE file for details.