otpcraft
v1.0.0
Published
A modern, secure, and zero-dependency OTP toolkit for Node.js
Maintainers
Readme
otpcraft
A modern, secure, and zero-dependency OTP toolkit for Node.js.
Installation
npm install otpcraftFeatures
- Secure by default: Uses Node's built-in
crypto.randomInt(noMath.random()). - Zero dependencies: Extremely lightweight.
- Multiple formats: Numeric, Alphabetic, Alphanumeric, Hexadecimal, Binary, Base64, and custom charsets.
- Advanced features: Exclude similar characters, prevent repeating characters.
- Formatting: Add prefixes, suffixes, and separators (e.g.,
AB12-CD34). - Timed OTPs: Generate OTPs with an expiration time.
- Hashing: securely hash and compare OTPs using SHA-256.
Usage
const otp = require('otpcraft');
// 1. Numeric OTP
console.log(otp.numeric(6)); // "483921"
// 2. Alphabetic OTP (Uppercase)
console.log(otp.alpha(6)); // "ABXZTR"
// 3. Alphanumeric OTP
console.log(otp.alphaNumeric(6)); // "A8XZ92"
// 4. Custom Generator
console.log(otp.generate({
length: 8,
chars: "ABC123"
}));
// 5. Exclude Similar Characters
console.log(otp.generate({
length: 6,
excludeSimilar: true
}));
// 6. Formatting (Prefix, Suffix, Separators)
console.log(otp.generate({
length: 8,
chars: otp.CHARSETS.alphaNumeric,
separatorN: 4,
separatorChar: '-'
})); // "AB12-CD34"
// 7. Verification
const actual = otp.numeric(6);
console.log(otp.verify(actual, "123456")); // false
// 8. Expiring OTP
const token = otp.create({
length: 6,
expiresIn: 300 // seconds
});
console.log(token); // { otp: "483921", expiresAt: 1718000000000 }
const verifyResult = otp.verifyToken(token, "483921");
console.log(verifyResult); // { success: true, expired: false }
// 9. Hashing & Comparison
const code = otp.numeric(6);
const hashedCode = otp.hash(code);
console.log(otp.compare(code, hashedCode)); // trueAPI Documentation
Generation
otp.numeric(length)otp.alpha(length)otp.alphaNumeric(length)otp.hex(length)otp.binary(length)otp.base64(length)otp.lower(length)otp.generate(options)length(number): Length of the OTP (default: 6).chars(string): Custom character set.excludeSimilar(boolean): Exclude visually similar characters like0/O,1/I/l,5/S,8/B(default: false).noRepeat(boolean): Ensure no character repeats in the generated OTP (default: false).prefix(string): Prepend to the OTP.suffix(string): Append to the OTP.separatorN(number): Insert a separator every N characters.separatorChar(string): Separator character (default: '-').
Verification & Security
otp.verify(actualOtp, userInput): Returns boolean indicating if they match.otp.hash(code): Returns SHA-256 hex string.otp.compare(userOtp, hashedOtp): Returns boolean indicating if user input matches hash.
Timed OTPs
otp.create({ length, expiresIn, chars, ... }): Returns{ otp, expiresAt }.otp.verifyToken(tokenObject, userInput): Returns{ success: boolean, expired: boolean }.
License
MIT
