otplib

Appearance

otplib-logo

otplib-repo

npm versionLicense: MITDownloadsCode Repository

TypeScript-first library for HOTP and TOTP / Authenticator with multi-runtime (Node, Bun, Deno, Browser) support via plugins.

A web based demo is available at https://otplib.yeojz.dev.

Features

  • Zero Configuration - Works out of the box with sensible defaults
  • RFC Compliant - RFC 6238 (TOTP) and RFC 4226 (HOTP)
  • TypeScript-First - Full type definitions
  • Google Authenticator Compatible - Full otpauth:// URI support
  • Plugin Interface - Flexible plugin system for customising your cryptographic and base32 requirements (if you want to deviate from the defaults)
  • Cross-platform - Tested against Node.js, Bun, Deno, and browsers

Breaking Changes (v13)

IMPORTANT

v13 is a complete rewrite with breaking changes:

  • New
    • Security-audited plugins — Default crypto uses @noble/hashes and @scure/base, both independently audited
    • Cross-platform defaults — Works out-of-the-box in Node.js, Bun, Deno, and browsers
    • Full type safety — Comprehensive TypeScript types with strict mode from the ground up
    • Async-first API — All operations are async by default; sync variants available for compatible plugins
  • Removed
    • Separate authenticator package — TOTP now covers all authenticator functionality
    • Outdated plugins — Legacy crypto adapters removed in favor of modern, audited alternatives

See Migration Guide for details.

Quick Start

bash
# Node
npm install otplib
pnpm add otplib
yarn add otplib
bash
# Other runtimes
bun add otplib
deno install npm:otplib
typescript
import { generateSecret, generate, verify, generateURI } from "otplib";

// Generate a secret
const secret = generateSecret();

// Generate a TOTP token
const token = await generate({ secret });

// Verify a token
const result = await verify({ secret, token });
console.log(result.valid); // true

Packages

PackageVersionDownloads
otplibnpmnpm
@otplib/corenpmnpm
@otplib/totpnpmnpm
@otplib/hotpnpmnpm
@otplib/urinpmnpm
@otplib/plugin-base32-scurenpmnpm
@otplib/plugin-crypto-noblenpmnpm
@otplib/plugin-crypto-nodenpmnpm
@otplib/plugin-crypto-webnpmnpm

Documentation

Refer to the Getting Started Guide, or check out the other sections in the guide:

Contributing

See CONTRIBUTING.md for development setup and guidelines.

AI Usage Disclosure

Since v13, parts of the codebase, tests, and documentation have been refined with AI assistance, with all outputs reviewed by humans. See CONTRIBUTING.md for guidelines.

License

MIT © 2026 Gerald Yeo

Released under the MIT License.

Copyright © 2026 @yeojz