npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@control/otp

v0.2.0

Published

A very simple implementation of HOTP and TOTP

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jsmrcagajsmrcaga

Keywords

Readme

@control/otp

This package is a simple one-time-password generator. It supports both HOTP (according to RFC 4226 spec) and TOTP (according to RFC 6238 spec).

⚠️ It only supports 8-byte counters as of now, as per the spec.

Both HOTP and TOTP have been tested according to the RFC example values.

Installation

npm i -s @control/otp --no-optional

As a matter of fact, this package also has a CLI, which uses an optional dependency. If you're looking to use this programatically, you can skip that dependency.

Installation for CLI

npm i -g @control/otp

Usage:

otp [id] [options]

When no ID and no options are provided, the list of saved configurations will be returned. To know more use:

otp -h

HOTP

HOTP (HMAC One Time Password) is an algorithm to generate one-time-use passwords. These are generated according to a counter, which is supposed to change on every use (hence the one-time-use).

This library does not provide any mechanism to allow the counters to increment.

Usage

const { HOTP } = require('@control/otp');

const my_hotp = new HOTP({ algorithm: 'sha1', key: 'my_super_secret_key' });

const hotp_code = my_hotp.code({ counter: 25 });

TOTP

TOTP (Time-based One Time Password) follows the same pattern than HOTP. The main difference is that the HOTP counter is actually the number of time periods elapsed since a given time (usually Unix Epoch).

⚠️ This library assumes that the starting point is always Unix Epoch; it is, however, possible to configure

Contrary to HOTP however, TOTP does not need to increment a counter, since the counter is uniquely dependant on time (which, to make it clear, usually advances on its own).

Usage

const { TOTP } = require('@control/otp');

const my_totp = new TOTP({ algorithm: 'sha256', key: 'my_super_secret_key' });

// With a Date object
const totp_code = my_totp.code({ date: new Date('2022-04-09T14:33:00Z') });

// With a number of seconds since epoch
const totp_code = my_totp.code({ date: 1649507635 });

As you can see, it is possible to pass the number of seconds since epoch, which essentially allows you to create a custom epoch, but it requires that you make the now - epoch difference yourself.