WebAssembly-powered One-Time Password (OTP) library with blazing-fast HOTP & TOTP generation and validation using Go — fully accessible from javascript.
- ✅ TOTP & HOTP code generation
- 🔐 RFC 4226 / 6238 compliant
- ⚡️ High performance with Go + WebAssembly
- 🧪 Fully unit tested with Jest
- 🔄 Time skew support for validation
- 📦 Generates
otpauth://URLs for authenticator apps (Google Authenticator, Authy, etc.) - 💻 Works in Node.js (browser support via bundler)
npm i @ja7ad/otp-jsTests were run using Benchmark.js in Node.js with WebAssembly support enabled.
| Algorithm | Ops/sec | Margin of Error | Runs Sampled |
|---|---|---|---|
| SHA1 | 2,512 ops/sec | ±3.84% | 67 |
| SHA256 | 2,480 ops/sec | ±5.00% | 74 |
| SHA512 | 2,550 ops/sec | ±2.04% | 75 |
🔍 Memory Used: ~1.4 MB
🚀 Fastest:SHA512(closely followed by others)
const initWasm = require("otp-js");
(async () => {
const otp = await initWasm();
const code = otp.generateTOTP("JBSWY3DPEHPK3PXP", Math.floor(Date.now() / 1000), "6", "SHA1", 30);
console.log("TOTP:", code);
})();Generate a counter-based HOTP code.
secret(string) – Base32-encoded secret keycounter(number) – Counter value (int64)digits(string) – OTP length:"6","8", etc.algorithm(string) – Hash algorithm:"SHA1","SHA256", or"SHA512"
Generate a time-based TOTP code.
secret(string) – Base32-encoded secrettimestamp(number) – UNIX timestampdigits(string) – OTP lengthalgorithm(string) – Algorithm nameperiod(number) – Time step in seconds (default: 30)
Validate an HOTP code with optional skew.
code– The OTP to validateskew(number) – Max allowed counter window (+/-)
Returns: true, false, or "error: ..."
Validate a TOTP code.
timestamp– Current UNIX timeskew– Allowed time step window (±skew * period)
Returns: true, false, or "error: ..."
Generates a TOTP or HOTP otpauth:// URL.
Example:
const url = otp.generateOTPURL(
"totp",
"GitHub",
"[email protected]",
"JBSWY3DPEHPK3PXP",
"6",
"SHA1"
);
console.log(url); // otpauth://totp/GitHub:user@example.com?...npm testnpm run benchmark