Back to Explore

hectorm/otpauth

GitHub
1 updates · last 90 days1 watchersOpen source

Last release: 1 month ago

OTPAuth is a One Time Password (HOTP and TOTP) library for Node.js, Deno, Bun, and browsers. It helps you generate and validate MFA or 2FA one-time codes, and it can convert TOTP settings to and from Google Authenticator key URI format.

Project status

  • Actively maintained, with recent GitHub activity (last upstream push 2026-05-29) and multiple published updates across 2025-08 to 2026-04.
  • Apparent update cadence is moderate and variable, from v9.4.1 (2025-08-12) to v9.5.0 (2026-02-04), then a faster follow-up to v9.5.1 (2026-04-25).

AI summary generated Today

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • v9.5.1

    1 month ago

    Release v9.5.1 primarily updates build tooling and dependencies, then republishes rebuilt distribution bundles. Release notes only mention dependency bumps, but the bundled code shows additional behavioral changes coming from the @noble/hashes upgrade.

  • v9.5.0

    4 months ago

    v9.5.0 primarily introduces custom HMAC support plus a new bare build intended for environments where crypto is not bundled. It also includes a number of dependency and CI tooling bumps, including @noble/hashes moving from 1.8.0 to 2.0.1 and several GitHub Actions version updates.

    Features

  • v9.4.1

    9 months ago

    Release v9.4.1 primarily consists of dependency bumps, including updating @noble/hashes to 1.8.0, @types/node to 24.0.3, and github/codeql-action to 3.29.2. The published artifacts (dist bundles) were regenerated accordingly, and several CI workflows were also updated.

  • v9.4.0

    3/29/2025

    Release v9.4.0 primarily consists of dependency updates and a TOTP API enhancement. It adds a static TOTP counter helper, and the implementation now routes internal counter computation through that helper. The release notes do not fully describe the additional TOTP helpers that were introduced.

    Features

  • v9.3.6

    12/14/2024

    v9.3.6 primarily updates several dependencies, including @noble/hashes (1.5.0 to 1.6.1), mocha (10.8.2 to 11.0.1), and GitHub CodeQL action versions. It also includes a code fix for a shifting/conversion issue in uintEncode.

  • v9.3.5

    11/14/2024

    v9.3.5 release notes mainly describe dependency bumps (GitHub CodeQL action and npm dev dependency groups). However, the actual diff includes real runtime code changes around how the HOTP and TOTP algorithm option is normalized and validated.

  • v9.3.4

    9/28/2024

    Release v9.3.4 primarily updates GitHub Actions workflow pins via a dependabot “github-actions-all” bump. However, the code diff also changes OTP validation behavior and TypeScript typings around the HOTP and TOTP `digits` configuration.

  • v9.3.3

    9/23/2024

    Release v9.3.3 primarily updates bundled and CI dependencies (notably @noble/hashes) via dependabot. While the release notes describe dependency bumps only, the actual code diff also changes runtime decoding behavior in the library.

  • v9.3.2

    8/22/2024

    Release v9.3.2 primarily updates CI tooling and development dependencies via Dependabot (actions, CodeQL, and various npm-dev packages). The library code changes visible in the diff are minimal, with regenerated dist bundles reflecting the new version. One internal crypto helper was refactored and README wording was adjusted, but the release notes do not call these out explicitly.

  • v9.3.1

    6/3/2024

    Release v9.3.1 is documented as a Node type definition bump (@types/node 20.13.0 to 20.14.0). The code diff shows no clear runtime API changes, but there are process and documentation/example changes, including an added publishing job to JSR and an updated README snippet for computing remaining seconds.