@ekaone/nano-otp 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Eka Prasetia <ekaone3033@gmail.com> (https://prasetia.me)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,247 @@
+# @ekaone/nano-otp
+
+A tiny, zero-dependency One-Time Password (OTP) library for JavaScript and TypeScript.
+
+**@ekaone/nano-otp** is designed to be lightweight, secure, and easy to integrate into modern applications. It uses Node.js built-in `crypto` for cryptographically secure random generation — no external dependencies required.
+
+> ⚠️ **Status: Under Active Development**
+> APIs and features may change before v1.0.0.
+> Track progress at: https://github.com/ekaone/nano-otp
+
+---
+
+## Installation
+
+```bash
+# pnpm
+pnpm add @ekaone/nano-otp
+
+# npm
+npm install @ekaone/nano-otp
+
+# yarn
+yarn add @ekaone/nano-otp
+
+# bun
+bun add @ekaone/nano-otp
+```
+
+---
+
+## Usage
+
+### Generate an OTP
+
+```javascript
+import { generate } from "@ekaone/nano-otp";
+
+// default: 6-digit numeric OTP
+const otp = generate();
+console.log(otp);
+// => "482910"
+
+// custom length
+const otp8 = generate({ length: 8 });
+console.log(otp8);
+// => "30571846"
+
+// alpha charset (uppercase letters)
+const otpAlpha = generate({ charset: "alpha" });
+console.log(otpAlpha);
+// => "KXRTBM"
+
+// alphanumeric charset
+const otpAlphaNum = generate({ charset: "alphanumeric", length: 8 });
+console.log(otpAlphaNum);
+// => "4BX9K2RZ"
+
+// custom charset
+const otpCustom = generate({ charset: "ABCDEF0123", length: 6 });
+console.log(otpCustom);
+// => "C3A0FB"
+```
+
+### Verify an OTP
+
+```javascript
+import { verify } from "@ekaone/nano-otp";
+
+// basic match
+const isValid = verify({ input: "482910", code: "482910" });
+console.log(isValid);
+// => true
+
+// mismatch
+const isInvalid = verify({ input: "000000", code: "482910" });
+console.log(isInvalid);
+// => false
+
+// with expiry (expiresAt is a Unix timestamp in milliseconds)
+const isValidWithExpiry = verify({
+  input: "482910",
+  code: "482910",
+  expiresAt: Date.now() + 5 * 60 * 1000, // expires in 5 minutes
+});
+console.log(isValidWithExpiry);
+// => true
+
+// expired OTP
+const isExpired = verify({
+  input: "482910",
+  code: "482910",
+  expiresAt: Date.now() - 1000, // already expired
+});
+console.log(isExpired);
+// => false
+```
+
+### Generate a batch of OTPs
+
+```javascript
+import { batch } from "@ekaone/nano-otp";
+
+// generate 5 OTPs (may contain duplicates)
+const otps = batch(5);
+console.log(otps);
+// => ["482910", "039471", "182930", "482910", "748201"]
+
+// with options
+const otpsAlpha = batch(3, { charset: "alpha", length: 8 });
+console.log(otpsAlpha);
+// => ["KXRTBMQZ", "LNVWACPD", "ERJHMKXB"]
+```
+
+### Generate a batch of unique OTPs
+
+```javascript
+import { batchUnique } from "@ekaone/nano-otp";
+
+// generate 5 guaranteed-unique OTPs
+const uniqueOtps = batchUnique(5);
+console.log(uniqueOtps);
+// => ["482910", "039471", "182930", "748201", "910284"]
+```
+
+### Full workflow example
+
+```javascript
+import { generate, verify } from "@ekaone/nano-otp";
+
+// 1. generate and store OTP with a 10-minute expiry
+const code = generate({ length: 6 });
+const expiresAt = Date.now() + 10 * 60 * 1000;
+
+console.log("Send this code to the user:", code);
+// => "Send this code to the user: 482910"
+
+// 2. later, verify what the user submitted
+const userInput = "482910"; // submitted by user
+
+const result = verify({ input: userInput, code, expiresAt });
+console.log("Verification passed:", result);
+// => "Verification passed: true"
+```
+
+---
+
+## API
+
+### `generate(options?)`
+
+Generates a single cryptographically secure OTP.
+
+```ts
+generate(options?: OTPOptions): string
+```
+
+| Option    | Type                                      | Default     | Description                              |
+| --------- | ----------------------------------------- | ----------- | ---------------------------------------- |
+| `length`  | `number`                                  | `6`         | Length of the generated OTP              |
+| `charset` | `"numeric" \| "alpha" \| "alphanumeric" \| string` | `"numeric"` | Character set to use, or a custom string |
+
+---
+
+### `verify(options)`
+
+Verifies an OTP using constant-time comparison to prevent timing attacks.
+
+```ts
+verify(options: VerifyOptions): boolean
+```
+
+| Option      | Type     | Required | Description                                              |
+| ----------- | -------- | -------- | -------------------------------------------------------- |
+| `input`     | `string` | ✅       | The OTP submitted by the user                            |
+| `code`      | `string` | ✅       | The original generated OTP to compare against            |
+| `expiresAt` | `number` | —        | Unix timestamp (ms) after which the OTP is invalid       |
+| `now`       | `number` | —        | Override current time (ms) — useful for testing          |
+
+---
+
+### `batch(count, options?)`
+
+Generates multiple OTPs. May contain duplicates.
+
+```ts
+batch(count: number, options?: OTPOptions): string[]
+```
+
+| Parameter | Type        | Description                        |
+| --------- | ----------- | ---------------------------------- |
+| `count`   | `number`    | Number of OTPs to generate         |
+| `options` | `OTPOptions`| Same options as `generate`         |
+
+---
+
+### `batchUnique(count, options?)`
+
+Generates multiple guaranteed-unique OTPs. Throws if the requested count exceeds the number of possible combinations for the given charset and length.
+
+```ts
+batchUnique(count: number, options?: OTPOptions): string[]
+```
+
+| Parameter | Type         | Description                        |
+| --------- | ------------ | ---------------------------------- |
+| `count`   | `number`     | Number of unique OTPs to generate  |
+| `options` | `OTPOptions` | Same options as `generate`         |
+
+---
+
+## Types
+
+```ts
+interface OTPOptions {
+  length?: number;
+  charset?: "numeric" | "alpha" | "alphanumeric" | string;
+}
+
+interface VerifyOptions {
+  input: string;
+  code: string;
+  expiresAt?: number;
+  now?: number;
+}
+```
+
+---
+
+## Security
+
+- Random generation uses Node.js `crypto.randomInt` — cryptographically secure, not `Math.random()`
+- `verify` uses constant-time comparison (XOR-based) to prevent timing attacks
+- Zero runtime dependencies — no supply chain risk from third-party packages
+
+---
+
+## License
+
+MIT © Eka Prasetia — see [LICENSE](./LICENSE) for details.
+
+---
+
+## Links
+
+- [NPM Package](https://www.npmjs.com/package/@ekaone/nano-otp)
+- [GitHub Repository](https://github.com/ekaone/nano-otp)
+- [Issue Tracker](https://github.com/ekaone/nano-otp/issues)

package/dist/index.d.mts

@@ -0,0 +1,35 @@
+interface OTPOptions {
+    length?: number;
+    charset?: "numeric" | "alpha" | "alphanumeric" | string;
+}
+interface VerifyOptions {
+    input: string;
+    code: string;
+    expiresAt?: number;
+    now?: number;
+}
+
+declare function generate(options?: OTPOptions): string;
+
+declare function batch(count: number, options?: OTPOptions): string[];
+
+declare function batchUnique(count: number, options?: OTPOptions): string[];
+
+declare function verify(options: VerifyOptions): boolean;
+
+/**
+ * index.ts
+ * @description Main entry point for the nano-otp package
+ * @author Eka Prasetia
+ * @date 2024-06-01
+ * @version 1.0.0
+ */
+
+declare const otp: {
+    generate: typeof generate;
+    batch: typeof batch;
+    batchUnique: typeof batchUnique;
+    verify: typeof verify;
+};
+
+export { type OTPOptions, type VerifyOptions, batch, batchUnique, generate, otp, verify };

package/dist/index.d.ts

@@ -0,0 +1,35 @@
+interface OTPOptions {
+    length?: number;
+    charset?: "numeric" | "alpha" | "alphanumeric" | string;
+}
+interface VerifyOptions {
+    input: string;
+    code: string;
+    expiresAt?: number;
+    now?: number;
+}
+
+declare function generate(options?: OTPOptions): string;
+
+declare function batch(count: number, options?: OTPOptions): string[];
+
+declare function batchUnique(count: number, options?: OTPOptions): string[];
+
+declare function verify(options: VerifyOptions): boolean;
+
+/**
+ * index.ts
+ * @description Main entry point for the nano-otp package
+ * @author Eka Prasetia
+ * @date 2024-06-01
+ * @version 1.0.0
+ */
+
+declare const otp: {
+    generate: typeof generate;
+    batch: typeof batch;
+    batchUnique: typeof batchUnique;
+    verify: typeof verify;
+};
+
+export { type OTPOptions, type VerifyOptions, batch, batchUnique, generate, otp, verify };

package/dist/index.js

@@ -0,0 +1,2 @@
+"use strict";var m=Object.defineProperty;var O=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var x=Object.prototype.hasOwnProperty;var P=(t,e)=>{for(var r in e)m(t,r,{get:e[r],enumerable:!0})},T=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of w(e))!x.call(t,o)&&o!==r&&m(t,o,{get:()=>e[o],enumerable:!(n=O(e,o))||n.enumerable});return t};var C=t=>T(m({},"__esModule",{value:!0}),t);var A={};P(A,{batch:()=>f,batchUnique:()=>u,generate:()=>s,otp:()=>d,verify:()=>h});module.exports=C(A);var g=require("crypto");var a="0123456789",l="ABCDEFGHIJKLMNOPQRSTUVWXYZ",E=a+l;function p(t={}){switch(t.charset){case"alpha":return l;case"alphanumeric":return E;case"numeric":return a;default:if(typeof t.charset=="string"){if(t.charset.length===0)throw new Error("charset must not be empty");return t.charset}return a}}function s(t={}){var o;let e=(o=t.length)!=null?o:6;if(!Number.isInteger(e)||e<1)throw new Error("length must be a positive integer");let r=p(t);if(r.length===0)throw new Error("charset must not be empty");let n="";for(let i=0;i<e;i++)n+=r[(0,g.randomInt)(0,r.length)];return n}function f(t,e={}){if(!Number.isInteger(t)||t<=0)throw new Error("batch count must be a positive integer");let r=[];for(let n=0;n<t;n++)r.push(s(e));return r}function y(t,e){if(t<1||e<1)return 0;let r=Math.pow(t,e);return Math.min(r,Number.MAX_SAFE_INTEGER)}function u(t,e={}){var c;if(!Number.isInteger(t)||t<=0)throw new Error("batchUnique count must be a positive integer");let r=(c=e.length)!=null?c:6,n=p(e),o=y(n.length,r);if(t>o)throw new Error(`Requested ${t} unique OTPs but only ${o} combinations possible with charset length ${n.length} and OTP length ${r}`);let i=new Set;for(;i.size<t;)i.add(s(e));return Array.from(i)}function b(t,e){if(t.length!==e.length)return!1;let r=0;for(let n=0;n<t.length;n++)r|=t.charCodeAt(n)^e.charCodeAt(n);return r===0}function h(t){let{input:e,code:r,expiresAt:n,now:o=Date.now()}=t;return!e||!r||n!==void 0&&o>n?!1:b(e,r)}var d={generate:s,batch:f,batchUnique:u,verify:h};0&&(module.exports={batch,batchUnique,generate,otp,verify});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/core/generate.ts","../src/utils/resolveCharset.ts","../src/core/batch.ts","../src/utils/calculateMax.ts","../src/core/batchUnique.ts","../src/utils/safeCompare.ts","../src/core/verify.ts"],"sourcesContent":["/**\n * index.ts\n * @description Main entry point for the nano-otp package\n * @author Eka Prasetia\n * @date 2024-06-01\n * @version 1.0.0\n */\n\nimport { generate } from \"./core/generate\";\nimport { batch } from \"./core/batch\";\nimport { batchUnique } from \"./core/batchUnique\";\nimport { verify } from \"./core/verify\";\n\nexport const otp = {\n  generate,\n  batch,\n  batchUnique,\n  verify,\n};\n\nexport { generate, batch, batchUnique, verify };\nexport type { OTPOptions, VerifyOptions } from \"./types/otp.types\";\n","import { randomInt } from \"crypto\";\r\nimport type { OTPOptions } from \"../types/otp.types\";\r\nimport { resolveCharset } from \"../utils/resolveCharset\";\r\n\r\nexport function generate(options: OTPOptions = {}): string {\r\n  const length = options.length ?? 6;\r\n\r\n  if (!Number.isInteger(length) || length < 1) {\r\n    throw new Error(\"length must be a positive integer\");\r\n  }\r\n\r\n  const charset = resolveCharset(options);\r\n\r\n  if (charset.length === 0) {\r\n    throw new Error(\"charset must not be empty\");\r\n  }\r\n\r\n  let result = \"\";\r\n\r\n  for (let i = 0; i < length; i++) {\r\n    result += charset[randomInt(0, charset.length)];\r\n  }\r\n\r\n  return result;\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\n\r\nconst NUMERIC = \"0123456789\";\r\nconst ALPHA = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\nconst ALPHANUMERIC = NUMERIC + ALPHA;\r\n\r\nexport function resolveCharset(options: OTPOptions = {}): string {\r\n  switch (options.charset) {\r\n    case \"alpha\":\r\n      return ALPHA;\r\n    case \"alphanumeric\":\r\n      return ALPHANUMERIC;\r\n    case \"numeric\":\r\n      return NUMERIC;\r\n    default:\r\n      // custom charset string passed directly\r\n      if (typeof options.charset === \"string\") {\r\n        if (options.charset.length === 0) {\r\n          throw new Error(\"charset must not be empty\");\r\n        }\r\n        return options.charset;\r\n      }\r\n      // undefined → fallback to numeric\r\n      return NUMERIC;\r\n  }\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\nimport { generate } from \"./generate\";\r\n\r\nexport function batch(count: number, options: OTPOptions = {}): string[] {\r\n  if (!Number.isInteger(count) || count <= 0) {\r\n    throw new Error(\"batch count must be a positive integer\");\r\n  }\r\n\r\n  const results: string[] = [];\r\n\r\n  for (let i = 0; i < count; i++) {\r\n    results.push(generate(options));\r\n  }\r\n\r\n  return results;\r\n}\r\n","export function calculateMaxCombinations(\r\n  charsetLength: number,\r\n  length: number,\r\n): number {\r\n  if (charsetLength < 1 || length < 1) {\r\n    return 0;\r\n  }\r\n\r\n  // Math.pow can exceed Number.MAX_SAFE_INTEGER for large inputs\r\n  // (e.g. charsetLength=62, length=20 → ~7×10^35).\r\n  // Cap at MAX_SAFE_INTEGER to keep comparisons in batchUnique meaningful.\r\n  const result = Math.pow(charsetLength, length);\r\n  return Math.min(result, Number.MAX_SAFE_INTEGER);\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\nimport { generate } from \"./generate\";\r\nimport { resolveCharset } from \"../utils/resolveCharset\";\r\nimport { calculateMaxCombinations } from \"../utils/calculateMax\";\r\n\r\nexport function batchUnique(count: number, options: OTPOptions = {}): string[] {\r\n  if (!Number.isInteger(count) || count <= 0) {\r\n    throw new Error(\"batchUnique count must be a positive integer\");\r\n  }\r\n\r\n  const length = options.length ?? 6;\r\n  const charset = resolveCharset(options);\r\n  const max = calculateMaxCombinations(charset.length, length);\r\n\r\n  if (count > max) {\r\n    throw new Error(\r\n      `Requested ${count} unique OTPs but only ${max} combinations possible with charset length ${charset.length} and OTP length ${length}`,\r\n    );\r\n  }\r\n\r\n  const results = new Set<string>();\r\n\r\n  // Note: performance degrades as count approaches max combinations due to\r\n  // increasing collision rate. Consider a shuffle-based approach for\r\n  // high-density requests (count > max * 0.8).\r\n  while (results.size < count) {\r\n    results.add(generate(options));\r\n  }\r\n\r\n  return Array.from(results);\r\n}\r\n","/**\r\n * Constant-time string comparison to prevent timing attacks.\r\n *\r\n * Iterates the full length of both strings regardless of where\r\n * a mismatch occurs, so execution time does not reveal how many\r\n * characters matched. Note: length difference is detectable via\r\n * timing, but OTP length is typically public knowledge so this\r\n * is an acceptable tradeoff.\r\n */\r\nexport function safeCompare(a: string, b: string): boolean {\r\n  if (a.length !== b.length) return false;\r\n\r\n  let result = 0;\r\n\r\n  for (let i = 0; i < a.length; i++) {\r\n    result |= a.charCodeAt(i) ^ b.charCodeAt(i);\r\n  }\r\n\r\n  return result === 0;\r\n}\r\n","import type { VerifyOptions } from \"../types/otp.types\";\r\nimport { safeCompare } from \"../utils/safeCompare\";\r\n\r\nexport function verify(options: VerifyOptions): boolean {\r\n  const { input, code, expiresAt, now = Date.now() } = options;\r\n\r\n  if (!input || !code) {\r\n    return false;\r\n  }\r\n\r\n  if (expiresAt !== undefined && now > expiresAt) {\r\n    return false;\r\n  }\r\n\r\n  return safeCompare(input, code);\r\n}\r\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,WAAAE,EAAA,gBAAAC,EAAA,aAAAC,EAAA,QAAAC,EAAA,WAAAC,IAAA,eAAAC,EAAAP,GCAA,IAAAQ,EAA0B,kBCE1B,IAAMC,EAAU,aACVC,EAAQ,6BACRC,EAAeF,EAAUC,EAExB,SAASE,EAAeC,EAAsB,CAAC,EAAW,CAC/D,OAAQA,EAAQ,QAAS,CACvB,IAAK,QACH,OAAOH,EACT,IAAK,eACH,OAAOC,EACT,IAAK,UACH,OAAOF,EACT,QAEE,GAAI,OAAOI,EAAQ,SAAY,SAAU,CACvC,GAAIA,EAAQ,QAAQ,SAAW,EAC7B,MAAM,IAAI,MAAM,2BAA2B,EAE7C,OAAOA,EAAQ,OACjB,CAEA,OAAOJ,CACX,CACF,CDrBO,SAASK,EAASC,EAAsB,CAAC,EAAW,CAJ3D,IAAAC,EAKE,IAAMC,GAASD,EAAAD,EAAQ,SAAR,KAAAC,EAAkB,EAEjC,GAAI,CAAC,OAAO,UAAUC,CAAM,GAAKA,EAAS,EACxC,MAAM,IAAI,MAAM,mCAAmC,EAGrD,IAAMC,EAAUC,EAAeJ,CAAO,EAEtC,GAAIG,EAAQ,SAAW,EACrB,MAAM,IAAI,MAAM,2BAA2B,EAG7C,IAAIE,EAAS,GAEb,QAAS,EAAI,EAAG,EAAIH,EAAQ,IAC1BG,GAAUF,KAAQ,aAAU,EAAGA,EAAQ,MAAM,CAAC,EAGhD,OAAOE,CACT,CErBO,SAASC,EAAMC,EAAeC,EAAsB,CAAC,EAAa,CACvE,GAAI,CAAC,OAAO,UAAUD,CAAK,GAAKA,GAAS,EACvC,MAAM,IAAI,MAAM,wCAAwC,EAG1D,IAAME,EAAoB,CAAC,EAE3B,QAASC,EAAI,EAAGA,EAAIH,EAAOG,IACzBD,EAAQ,KAAKE,EAASH,CAAO,CAAC,EAGhC,OAAOC,CACT,CCfO,SAASG,EACdC,EACAC,EACQ,CACR,GAAID,EAAgB,GAAKC,EAAS,EAChC,MAAO,GAMT,IAAMC,EAAS,KAAK,IAAIF,EAAeC,CAAM,EAC7C,OAAO,KAAK,IAAIC,EAAQ,OAAO,gBAAgB,CACjD,CCRO,SAASC,EAAYC,EAAeC,EAAsB,CAAC,EAAa,CAL/E,IAAAC,EAME,GAAI,CAAC,OAAO,UAAUF,CAAK,GAAKA,GAAS,EACvC,MAAM,IAAI,MAAM,8CAA8C,EAGhE,IAAMG,GAASD,EAAAD,EAAQ,SAAR,KAAAC,EAAkB,EAC3BE,EAAUC,EAAeJ,CAAO,EAChCK,EAAMC,EAAyBH,EAAQ,OAAQD,CAAM,EAE3D,GAAIH,EAAQM,EACV,MAAM,IAAI,MACR,aAAaN,CAAK,yBAAyBM,CAAG,8CAA8CF,EAAQ,MAAM,mBAAmBD,CAAM,EACrI,EAGF,IAAMK,EAAU,IAAI,IAKpB,KAAOA,EAAQ,KAAOR,GACpBQ,EAAQ,IAAIC,EAASR,CAAO,CAAC,EAG/B,OAAO,MAAM,KAAKO,CAAO,CAC3B,CCrBO,SAASE,EAAYC,EAAWC,EAAoB,CACzD,GAAID,EAAE,SAAWC,EAAE,OAAQ,MAAO,GAElC,IAAIC,EAAS,EAEb,QAASC,EAAI,EAAGA,EAAIH,EAAE,OAAQG,IAC5BD,GAAUF,EAAE,WAAWG,CAAC,EAAIF,EAAE,WAAWE,CAAC,EAG5C,OAAOD,IAAW,CACpB,CChBO,SAASE,EAAOC,EAAiC,CACtD,GAAM,CAAE,MAAAC,EAAO,KAAAC,EAAM,UAAAC,EAAW,IAAAC,EAAM,KAAK,IAAI,CAAE,EAAIJ,EAMrD,MAJI,CAACC,GAAS,CAACC,GAIXC,IAAc,QAAaC,EAAMD,EAC5B,GAGFE,EAAYJ,EAAOC,CAAI,CAChC,CPFO,IAAMI,EAAM,CACjB,SAAAC,EACA,MAAAC,EACA,YAAAC,EACA,OAAAC,CACF","names":["index_exports","__export","batch","batchUnique","generate","otp","verify","__toCommonJS","import_crypto","NUMERIC","ALPHA","ALPHANUMERIC","resolveCharset","options","generate","options","_a","length","charset","resolveCharset","result","batch","count","options","results","i","generate","calculateMaxCombinations","charsetLength","length","result","batchUnique","count","options","_a","length","charset","resolveCharset","max","calculateMaxCombinations","results","generate","safeCompare","a","b","result","i","verify","options","input","code","expiresAt","now","safeCompare","otp","generate","batch","batchUnique","verify"]}

package/dist/index.mjs

@@ -0,0 +1,2 @@
+import{randomInt as b}from"crypto";var m="0123456789",f="ABCDEFGHIJKLMNOPQRSTUVWXYZ",y=m+f;function p(t={}){switch(t.charset){case"alpha":return f;case"alphanumeric":return y;case"numeric":return m;default:if(typeof t.charset=="string"){if(t.charset.length===0)throw new Error("charset must not be empty");return t.charset}return m}}function i(t={}){var o;let e=(o=t.length)!=null?o:6;if(!Number.isInteger(e)||e<1)throw new Error("length must be a positive integer");let r=p(t);if(r.length===0)throw new Error("charset must not be empty");let n="";for(let s=0;s<e;s++)n+=r[b(0,r.length)];return n}function u(t,e={}){if(!Number.isInteger(t)||t<=0)throw new Error("batch count must be a positive integer");let r=[];for(let n=0;n<t;n++)r.push(i(e));return r}function h(t,e){if(t<1||e<1)return 0;let r=Math.pow(t,e);return Math.min(r,Number.MAX_SAFE_INTEGER)}function c(t,e={}){var a;if(!Number.isInteger(t)||t<=0)throw new Error("batchUnique count must be a positive integer");let r=(a=e.length)!=null?a:6,n=p(e),o=h(n.length,r);if(t>o)throw new Error(`Requested ${t} unique OTPs but only ${o} combinations possible with charset length ${n.length} and OTP length ${r}`);let s=new Set;for(;s.size<t;)s.add(i(e));return Array.from(s)}function l(t,e){if(t.length!==e.length)return!1;let r=0;for(let n=0;n<t.length;n++)r|=t.charCodeAt(n)^e.charCodeAt(n);return r===0}function g(t){let{input:e,code:r,expiresAt:n,now:o=Date.now()}=t;return!e||!r||n!==void 0&&o>n?!1:l(e,r)}var H={generate:i,batch:u,batchUnique:c,verify:g};export{u as batch,c as batchUnique,i as generate,H as otp,g as verify};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/core/generate.ts","../src/utils/resolveCharset.ts","../src/core/batch.ts","../src/utils/calculateMax.ts","../src/core/batchUnique.ts","../src/utils/safeCompare.ts","../src/core/verify.ts","../src/index.ts"],"sourcesContent":["import { randomInt } from \"crypto\";\r\nimport type { OTPOptions } from \"../types/otp.types\";\r\nimport { resolveCharset } from \"../utils/resolveCharset\";\r\n\r\nexport function generate(options: OTPOptions = {}): string {\r\n  const length = options.length ?? 6;\r\n\r\n  if (!Number.isInteger(length) || length < 1) {\r\n    throw new Error(\"length must be a positive integer\");\r\n  }\r\n\r\n  const charset = resolveCharset(options);\r\n\r\n  if (charset.length === 0) {\r\n    throw new Error(\"charset must not be empty\");\r\n  }\r\n\r\n  let result = \"\";\r\n\r\n  for (let i = 0; i < length; i++) {\r\n    result += charset[randomInt(0, charset.length)];\r\n  }\r\n\r\n  return result;\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\n\r\nconst NUMERIC = \"0123456789\";\r\nconst ALPHA = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\nconst ALPHANUMERIC = NUMERIC + ALPHA;\r\n\r\nexport function resolveCharset(options: OTPOptions = {}): string {\r\n  switch (options.charset) {\r\n    case \"alpha\":\r\n      return ALPHA;\r\n    case \"alphanumeric\":\r\n      return ALPHANUMERIC;\r\n    case \"numeric\":\r\n      return NUMERIC;\r\n    default:\r\n      // custom charset string passed directly\r\n      if (typeof options.charset === \"string\") {\r\n        if (options.charset.length === 0) {\r\n          throw new Error(\"charset must not be empty\");\r\n        }\r\n        return options.charset;\r\n      }\r\n      // undefined → fallback to numeric\r\n      return NUMERIC;\r\n  }\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\nimport { generate } from \"./generate\";\r\n\r\nexport function batch(count: number, options: OTPOptions = {}): string[] {\r\n  if (!Number.isInteger(count) || count <= 0) {\r\n    throw new Error(\"batch count must be a positive integer\");\r\n  }\r\n\r\n  const results: string[] = [];\r\n\r\n  for (let i = 0; i < count; i++) {\r\n    results.push(generate(options));\r\n  }\r\n\r\n  return results;\r\n}\r\n","export function calculateMaxCombinations(\r\n  charsetLength: number,\r\n  length: number,\r\n): number {\r\n  if (charsetLength < 1 || length < 1) {\r\n    return 0;\r\n  }\r\n\r\n  // Math.pow can exceed Number.MAX_SAFE_INTEGER for large inputs\r\n  // (e.g. charsetLength=62, length=20 → ~7×10^35).\r\n  // Cap at MAX_SAFE_INTEGER to keep comparisons in batchUnique meaningful.\r\n  const result = Math.pow(charsetLength, length);\r\n  return Math.min(result, Number.MAX_SAFE_INTEGER);\r\n}\r\n","import type { OTPOptions } from \"../types/otp.types\";\r\nimport { generate } from \"./generate\";\r\nimport { resolveCharset } from \"../utils/resolveCharset\";\r\nimport { calculateMaxCombinations } from \"../utils/calculateMax\";\r\n\r\nexport function batchUnique(count: number, options: OTPOptions = {}): string[] {\r\n  if (!Number.isInteger(count) || count <= 0) {\r\n    throw new Error(\"batchUnique count must be a positive integer\");\r\n  }\r\n\r\n  const length = options.length ?? 6;\r\n  const charset = resolveCharset(options);\r\n  const max = calculateMaxCombinations(charset.length, length);\r\n\r\n  if (count > max) {\r\n    throw new Error(\r\n      `Requested ${count} unique OTPs but only ${max} combinations possible with charset length ${charset.length} and OTP length ${length}`,\r\n    );\r\n  }\r\n\r\n  const results = new Set<string>();\r\n\r\n  // Note: performance degrades as count approaches max combinations due to\r\n  // increasing collision rate. Consider a shuffle-based approach for\r\n  // high-density requests (count > max * 0.8).\r\n  while (results.size < count) {\r\n    results.add(generate(options));\r\n  }\r\n\r\n  return Array.from(results);\r\n}\r\n","/**\r\n * Constant-time string comparison to prevent timing attacks.\r\n *\r\n * Iterates the full length of both strings regardless of where\r\n * a mismatch occurs, so execution time does not reveal how many\r\n * characters matched. Note: length difference is detectable via\r\n * timing, but OTP length is typically public knowledge so this\r\n * is an acceptable tradeoff.\r\n */\r\nexport function safeCompare(a: string, b: string): boolean {\r\n  if (a.length !== b.length) return false;\r\n\r\n  let result = 0;\r\n\r\n  for (let i = 0; i < a.length; i++) {\r\n    result |= a.charCodeAt(i) ^ b.charCodeAt(i);\r\n  }\r\n\r\n  return result === 0;\r\n}\r\n","import type { VerifyOptions } from \"../types/otp.types\";\r\nimport { safeCompare } from \"../utils/safeCompare\";\r\n\r\nexport function verify(options: VerifyOptions): boolean {\r\n  const { input, code, expiresAt, now = Date.now() } = options;\r\n\r\n  if (!input || !code) {\r\n    return false;\r\n  }\r\n\r\n  if (expiresAt !== undefined && now > expiresAt) {\r\n    return false;\r\n  }\r\n\r\n  return safeCompare(input, code);\r\n}\r\n","/**\n * index.ts\n * @description Main entry point for the nano-otp package\n * @author Eka Prasetia\n * @date 2024-06-01\n * @version 1.0.0\n */\n\nimport { generate } from \"./core/generate\";\nimport { batch } from \"./core/batch\";\nimport { batchUnique } from \"./core/batchUnique\";\nimport { verify } from \"./core/verify\";\n\nexport const otp = {\n  generate,\n  batch,\n  batchUnique,\n  verify,\n};\n\nexport { generate, batch, batchUnique, verify };\nexport type { OTPOptions, VerifyOptions } from \"./types/otp.types\";\n"],"mappings":"AAAA,OAAS,aAAAA,MAAiB,SCE1B,IAAMC,EAAU,aACVC,EAAQ,6BACRC,EAAeF,EAAUC,EAExB,SAASE,EAAeC,EAAsB,CAAC,EAAW,CAC/D,OAAQA,EAAQ,QAAS,CACvB,IAAK,QACH,OAAOH,EACT,IAAK,eACH,OAAOC,EACT,IAAK,UACH,OAAOF,EACT,QAEE,GAAI,OAAOI,EAAQ,SAAY,SAAU,CACvC,GAAIA,EAAQ,QAAQ,SAAW,EAC7B,MAAM,IAAI,MAAM,2BAA2B,EAE7C,OAAOA,EAAQ,OACjB,CAEA,OAAOJ,CACX,CACF,CDrBO,SAASK,EAASC,EAAsB,CAAC,EAAW,CAJ3D,IAAAC,EAKE,IAAMC,GAASD,EAAAD,EAAQ,SAAR,KAAAC,EAAkB,EAEjC,GAAI,CAAC,OAAO,UAAUC,CAAM,GAAKA,EAAS,EACxC,MAAM,IAAI,MAAM,mCAAmC,EAGrD,IAAMC,EAAUC,EAAeJ,CAAO,EAEtC,GAAIG,EAAQ,SAAW,EACrB,MAAM,IAAI,MAAM,2BAA2B,EAG7C,IAAIE,EAAS,GAEb,QAASC,EAAI,EAAGA,EAAIJ,EAAQI,IAC1BD,GAAUF,EAAQI,EAAU,EAAGJ,EAAQ,MAAM,CAAC,EAGhD,OAAOE,CACT,CErBO,SAASG,EAAMC,EAAeC,EAAsB,CAAC,EAAa,CACvE,GAAI,CAAC,OAAO,UAAUD,CAAK,GAAKA,GAAS,EACvC,MAAM,IAAI,MAAM,wCAAwC,EAG1D,IAAME,EAAoB,CAAC,EAE3B,QAASC,EAAI,EAAGA,EAAIH,EAAOG,IACzBD,EAAQ,KAAKE,EAASH,CAAO,CAAC,EAGhC,OAAOC,CACT,CCfO,SAASG,EACdC,EACAC,EACQ,CACR,GAAID,EAAgB,GAAKC,EAAS,EAChC,MAAO,GAMT,IAAMC,EAAS,KAAK,IAAIF,EAAeC,CAAM,EAC7C,OAAO,KAAK,IAAIC,EAAQ,OAAO,gBAAgB,CACjD,CCRO,SAASC,EAAYC,EAAeC,EAAsB,CAAC,EAAa,CAL/E,IAAAC,EAME,GAAI,CAAC,OAAO,UAAUF,CAAK,GAAKA,GAAS,EACvC,MAAM,IAAI,MAAM,8CAA8C,EAGhE,IAAMG,GAASD,EAAAD,EAAQ,SAAR,KAAAC,EAAkB,EAC3BE,EAAUC,EAAeJ,CAAO,EAChCK,EAAMC,EAAyBH,EAAQ,OAAQD,CAAM,EAE3D,GAAIH,EAAQM,EACV,MAAM,IAAI,MACR,aAAaN,CAAK,yBAAyBM,CAAG,8CAA8CF,EAAQ,MAAM,mBAAmBD,CAAM,EACrI,EAGF,IAAMK,EAAU,IAAI,IAKpB,KAAOA,EAAQ,KAAOR,GACpBQ,EAAQ,IAAIC,EAASR,CAAO,CAAC,EAG/B,OAAO,MAAM,KAAKO,CAAO,CAC3B,CCrBO,SAASE,EAAYC,EAAWC,EAAoB,CACzD,GAAID,EAAE,SAAWC,EAAE,OAAQ,MAAO,GAElC,IAAIC,EAAS,EAEb,QAASC,EAAI,EAAGA,EAAIH,EAAE,OAAQG,IAC5BD,GAAUF,EAAE,WAAWG,CAAC,EAAIF,EAAE,WAAWE,CAAC,EAG5C,OAAOD,IAAW,CACpB,CChBO,SAASE,EAAOC,EAAiC,CACtD,GAAM,CAAE,MAAAC,EAAO,KAAAC,EAAM,UAAAC,EAAW,IAAAC,EAAM,KAAK,IAAI,CAAE,EAAIJ,EAMrD,MAJI,CAACC,GAAS,CAACC,GAIXC,IAAc,QAAaC,EAAMD,EAC5B,GAGFE,EAAYJ,EAAOC,CAAI,CAChC,CCFO,IAAMI,EAAM,CACjB,SAAAC,EACA,MAAAC,EACA,YAAAC,EACA,OAAAC,CACF","names":["randomInt","NUMERIC","ALPHA","ALPHANUMERIC","resolveCharset","options","generate","options","_a","length","charset","resolveCharset","result","i","randomInt","batch","count","options","results","i","generate","calculateMaxCombinations","charsetLength","length","result","batchUnique","count","options","_a","length","charset","resolveCharset","max","calculateMaxCombinations","results","generate","safeCompare","a","b","result","i","verify","options","input","code","expiresAt","now","safeCompare","otp","generate","batch","batchUnique","verify"]}

package/package.json

@@ -0,0 +1,74 @@
+{
+  "name": "@ekaone/nano-otp",
+  "version": "0.0.1",
+  "description": "A lightweight, zero-dependency TypeScript library for generating and validating OTPs",
+  "keywords": [
+    "otp",
+    "two-factor authentication",
+    "2fa",
+    "typescript",
+    "library",
+    "privacy",
+    "security",
+    "otp-generation",
+    "data-protection",
+    "typescript",
+    "library",
+    "privacy",
+    "security",
+    "data-protection"
+  ],
+  "author": {
+    "name": "Eka Prasetia",
+    "email": "ekaone3033@gmail.com",
+    "url": "https://prasetia.me"
+  },
+  "license": "MIT",
+  "sideEffects": false,
+  "engines": {
+    "node": ">=18"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ekaone/nano-otp.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ekaone/nano-otp/issues"
+  },
+  "homepage": "https://github.com/ekaone/nano-otp#readme",
+  "devDependencies": {
+    "@types/node": "^25.1.0",
+    "@vitest/coverage-v8": "^4.0.18",
+    "@vitest/ui": "^4.0.18",
+    "rimraf": "^6.0.0",
+    "tsup": "^8.5.1",
+    "typescript": "^5.7.0",
+    "vitest": "^4.0.18"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "clean": "rimraf dist",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage"
+  }
+}