npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sdk-client-asafe-v.1.0

v1.0.0

Published

TOTP (RFC 6238) / Google Authenticator compatible 2FA helper.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

asernum-npmasernum-npm

Keywords

2fatotpotpgoogle-authenticatorauthyrfc6238base32

Readme

sdk-client-asafe-v.1.0

Small TOTP (RFC 6238) helper compatible with Google Authenticator / Authy.

Install

npm i sdk-client-asafe-v.1.0

Usage

Basic Example

import { Asafe2FA } from "sdk-client-asafe-v.1.0";

const a2fa = new Asafe2FA();

// Generate a secret key (base32 encoded)
const secret = a2fa.generateSecret();

// Create an OTP Auth URL for QR code scanning
const url = a2fa.getOtpAuthUrl("[email protected]", "MyCompany", secret);

// Get the current OTP code
const otp = a2fa.getCurrentOtp(secret);

// Verify the OTP code
const ok = a2fa.verifyKey(secret, otp, 1);

Understanding the window Parameter

The window parameter in verifyKey() allows for time drift tolerance. Since TOTP codes change every 30 seconds (by default), small clock differences between the server and the user's device can cause verification to fail.

How it works:

  • window = 0: Only accepts the current time period's code
  • window = 1 (default): Accepts codes from the current period, the previous period, and the next period (±30 seconds)
  • window = 2: Accepts codes from ±2 periods (±60 seconds)

Example:

// Strict verification - only current code
const strict = a2fa.verifyKey(secret, userInput, 0);

// Default - allows ±30 seconds tolerance (recommended)
const normal = a2fa.verifyKey(secret, userInput, 1);

// More lenient - allows ±60 seconds tolerance
const lenient = a2fa.verifyKey(secret, userInput, 2);

When to use different values:

  • Use window = 0 for maximum security (but may fail with clock drift)
  • Use window = 1 for most applications (good balance of security and usability)
  • Use window = 2 or higher if you expect significant clock synchronization issues

API

generateSecret(length?: number): string

Generates a random base32-encoded secret key.

  • length: Optional. Number of characters (default: 32, ~160 bits)

getOtpAuthUrl(account: string, issuer: string, secret: string): string

Creates an otpauth:// URL compatible with Google Authenticator, Authy, and other TOTP apps.

  • account: User identifier (e.g., email address)
  • issuer: Service name (e.g., "MyCompany")
  • secret: The secret key generated by generateSecret()

getCurrentOtp(secret: string, options?: TotpOptions): string

Generates the current TOTP code for the given secret.

  • secret: The secret key
  • options: Optional TOTP configuration (period, digits, algorithm)

verifyKey(secret: string, token: string, window?: number, options?: TotpOptions): boolean

Verifies if a TOTP token is valid.

  • secret: The secret key
  • token: The OTP code to verify (user input)
  • window: Optional. Time drift tolerance in periods (default: 1). See Understanding the window Parameter above
  • options: Optional TOTP configuration
  • Returns: true if the token is valid, false otherwise

License

MIT