npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@verifykit.io/2fa

v1.0.0

Published

Official Node.js SDK for VerifyKit 2FA - Two-factor authentication via Email OTP

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nmsdenmsde

Keywords

2faotptwo-factorauthenticationemail-otpverifykitapisdktypescript

Readme

VerifyKit 2FA Node.js SDK

npm version License: MIT TypeScript

Official Node.js SDK for VerifyKit 2FA - Two-factor authentication via Email OTP.

Features

  • Simple & Intuitive - Send and verify OTP codes in two API calls
  • Fast & Reliable - Built-in retry logic with exponential backoff
  • TypeScript First - Full TypeScript support with complete type definitions
  • Automatic Retries - Smart retry logic for network and server errors
  • Rate Limit Handling - Automatic rate limit detection and retry
  • ESM & CommonJS - Supports both module systems
  • Custom Errors - Detailed error classes for better error handling
  • Secure - SHA-256 hashed codes, auto-expiry, max 5 attempts

Installation

# npm
npm install @verifykit.io/2fa

# yarn
yarn add @verifykit.io/2fa

# pnpm
pnpm add @verifykit.io/2fa

Quick Start

import { VerifyKit2FA } from '@verifykit.io/2fa';

const client = new VerifyKit2FA({
  apiKey: process.env.VERIFYKIT_API_KEY! // Get your API key from https://verifykit.io/dashboard/api-keys
});

// Send an OTP code
const { request_id } = await client.sendOtp('[email protected]');

// Verify the code entered by the user
const result = await client.verifyOtp(request_id, '123456');
console.log(result.valid); // true or false

Table of Contents

Authentication

Get your API key from the VerifyKit Dashboard. 2FA requires a Growth, Pro, or Unlimited plan.

import { VerifyKit2FA } from '@verifykit.io/2fa';

const client = new VerifyKit2FA({
  apiKey: process.env.VERIFYKIT_API_KEY!
});

Environment Variables:

# .env file
VERIFYKIT_API_KEY=vk_live_your_api_key_here

Usage Examples

Send OTP Code

import { VerifyKit2FA } from '@verifykit.io/2fa';

const client = new VerifyKit2FA({
  apiKey: process.env.VERIFYKIT_API_KEY!
});

const result = await client.sendOtp('[email protected]');

console.log({
  request_id: result.request_id,  // Save this to verify later
  expires_in: result.expires_in,  // Seconds until code expires (default: 600)
  message: result.message         // Status message
});

Verify OTP Code

// After the user enters their code
const verification = await client.verifyOtp(request_id, '847293');

if (verification.valid) {
  console.log('User verified!');
} else {
  console.log('Invalid code:', verification.message);
}

Custom App Name

Brand the verification email with your app name:

const result = await client.sendOtp('[email protected]', {
  appName: 'MyApp' // Displayed in the verification email (max 50 chars)
});

API Delivery Mode

Get the OTP code in the API response instead of sending via email, so you can deliver it yourself:

const result = await client.sendOtp('[email protected]', {
  delivery: 'api' // Returns the code in the response
});

console.log(result.code); // '847293' - deliver this yourself via SMS, push, etc.

Configuration

const client = new VerifyKit2FA({
  // Required: Your API key (use environment variable)
  apiKey: process.env.VERIFYKIT_API_KEY!,

  // Optional: Base URL (default: 'https://api.verifykit.io')
  baseUrl: 'https://api.verifykit.io',

  // Optional: Request timeout in milliseconds (default: 30000)
  timeout: 30000,

  // Optional: Maximum number of retries (default: 3)
  maxRetries: 3,

  // Optional: Enable debug logging (default: false)
  debug: true,

  // Optional: Custom headers
  headers: {
    'X-Custom-Header': 'value'
  }
});

API Reference

sendOtp(email, options?)

Send a 2FA OTP verification code to an email address.

Parameters:

  • email (string): The email address to send the code to
  • options (object, optional):
    • appName (string): Your app name for the verification email (max 50 chars)
    • delivery ('email' | 'api'): Delivery mode (default: 'email')

Returns: Promise<SendOtpResult>

Example:

const result = await client.sendOtp('[email protected]', {
  appName: 'MyApp',
  delivery: 'email'
});

verifyOtp(requestId, code)

Verify a 2FA OTP code.

Parameters:

  • requestId (string): The request_id from sendOtp
  • code (string): The 6-digit code entered by the user

Returns: Promise<VerifyOtpResult>

Example:

const result = await client.verifyOtp('2fa_abc123...', '847293');
console.log(result.valid); // true or false

Error Handling

The SDK provides detailed error classes for different scenarios:

import {
  VerifyKit2FA,
  ValidationError,
  AuthenticationError,
  ForbiddenError,
  RateLimitError,
  TimeoutError,
  NetworkError,
  ServerError,
  VerifyKit2FAError
} from '@verifykit.io/2fa';

try {
  await client.sendOtp('[email protected]');
} catch (error) {
  if (error instanceof ValidationError) {
    console.log('Invalid input:', error.message);
  } else if (error instanceof AuthenticationError) {
    console.log('Invalid API key:', error.message);
  } else if (error instanceof ForbiddenError) {
    console.log('2FA not available on your plan:', error.message);
  } else if (error instanceof RateLimitError) {
    console.log('Rate limit exceeded, retry after:', error.retryAfter);
  } else if (error instanceof TimeoutError) {
    console.log('Request timeout:', error.timeout);
  } else if (error instanceof NetworkError) {
    console.log('Network error:', error.message);
  } else if (error instanceof ServerError) {
    console.log('Server error:', error.message);
  } else if (error instanceof VerifyKit2FAError) {
    console.log('VerifyKit error:', error.message);
  } else {
    console.error('Unknown error:', error);
  }
}

Error Properties

All VerifyKit 2FA errors include:

  • name: Error class name
  • message: Human-readable error message
  • code: Machine-readable error code
  • statusCode: HTTP status code
  • requestId: Request ID for debugging

TypeScript Support

The SDK is written in TypeScript and provides full type definitions.

import type {
  VerifyKit2FAConfig,
  SendOtpOptions,
  SendOtpResult,
  VerifyOtpResult,
  ApiErrorResponse
} from '@verifykit.io/2fa';

// All types are exported and ready to use
const config: VerifyKit2FAConfig = {
  apiKey: 'vk_live_...'
};

const result: SendOtpResult = await client.sendOtp('[email protected]');

Advanced Features

Automatic Retries

The SDK automatically retries failed requests with exponential backoff:

const client = new VerifyKit2FA({
  apiKey: 'vk_live_...',
  maxRetries: 5 // Retry up to 5 times (default: 3)
});

Retries are attempted for:

  • Network errors
  • Timeout errors
  • Server errors (5xx)
  • Rate limit errors (with appropriate delay)

Rate Limit Handling

The SDK automatically handles rate limits by:

  1. Detecting rate limit errors (429)
  2. Waiting for the Retry-After duration
  3. Retrying the request automatically
// The SDK handles this automatically
try {
  const result = await client.sendOtp('[email protected]');
} catch (error) {
  // Only throws if max retries exceeded
  if (error instanceof RateLimitError) {
    console.log('Still rate limited after retries');
  }
}

Debug Logging

Enable debug logging to see detailed request/response information:

const client = new VerifyKit2FA({
  apiKey: 'vk_live_...',
  debug: true
});

// Logs will show:
// - Request details
// - Retry attempts
// - Error information

Custom Timeouts

Configure request timeouts:

const client = new VerifyKit2FA({
  apiKey: 'vk_live_...',
  timeout: 60000 // 60 seconds
});

OTP Security

VerifyKit 2FA codes are:

  • SHA-256 hashed - Codes are never stored in plain text
  • Single-use - Each code can only be verified once
  • Auto-expiring - Codes expire after 10 minutes
  • Rate limited - Maximum 5 verification attempts per code

Examples

Check out the examples directory for more usage examples:

Requirements

  • Node.js >= 18.0.0
  • TypeScript >= 5.0 (for TypeScript projects)
  • VerifyKit Growth, Pro, or Unlimited plan

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

License

MIT (c) Nuno Miguel Duarte Unip. Lda

Made with care by the VerifyKit team