TypeScript-first library for HOTP and TOTP / Authenticator with multi-runtime (Node, Bun, Deno, Browser) support via plugins.
A web based demo is available at https://otplib.yeojz.dev.
- Zero Configuration - Works out of the box with sensible defaults
- RFC Compliant - RFC 6238 (TOTP) and RFC 4226 (HOTP)
- TypeScript-First - Full type definitions
- Google Authenticator Compatible - Full otpauth:// URI support
- Plugin Interface - Flexible plugin system for customising your cryptographic and base32 requirements (if you want to deviate from the defaults)
- Cross-platform - Tested against Node.js, Bun, Deno, and browsers
Important
v13 is a complete rewrite with breaking changes:
- New
- Security-audited plugins — Default crypto uses
@noble/hashesand@scure/base, both independently audited - Cross-platform defaults — Works out-of-the-box in Node.js, Bun, Deno, and browsers
- Full type safety — Comprehensive TypeScript types with strict mode from the ground up
- Async-first API — All operations are async by default; sync variants available for compatible plugins
- Security-audited plugins — Default crypto uses
- Removed
- Separate authenticator package — TOTP now covers all authenticator functionality
- Outdated plugins — Legacy crypto adapters removed in favor of modern, audited alternatives
See Migration Guide for details.
# Node
npm install otplib
pnpm add otplib
yarn add otplib# Other runtimes
bun add otplib
deno install npm:otplibimport { generateSecret, generate, verify, generateURI } from "otplib";
// Generate a secret
const secret = generateSecret();
// Generate a TOTP token
const token = await generate({ secret });
// Verify a token
const result = await verify({ secret, token });
console.log(result.valid); // true| Package | Version | Downloads |
|---|---|---|
otplib |
|
|
@otplib/core |
 |
 |
@otplib/totp |
 |
 |
@otplib/hotp |
 |
 |
@otplib/uri |
 |
 |
@otplib/plugin-base32-scure |
 |
 |
@otplib/plugin-crypto-noble |
 |
 |
@otplib/plugin-crypto-node |
 |
 |
@otplib/plugin-crypto-web |
 |
 |
Refer to the Getting Started Guide, or check out the other sections in the guide:
See CONTRIBUTING.md for development setup and guidelines.
Since v13, parts of the codebase, tests, and documentation have been refined with AI assistance, with all outputs reviewed by humans. See CONTRIBUTING.md for guidelines.
MIT © 2026 Gerald Yeo
