@otplib/plugin-crypto-node 13.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gerald Yeo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,102 @@
+# @otplib/plugin-crypto-node
+
+Node.js crypto plugin for otplib using the built-in `crypto` module.
+
+## Installation
+
+```bash
+npm install @otplib/plugin-crypto-node
+pnpm add @otplib/plugin-crypto-node
+yarn add @otplib/plugin-crypto-node
+```
+
+## Overview
+
+This plugin provides HMAC and random byte generation using Node.js's built-in `crypto` module. It supports all hash algorithms available in Node.js:
+
+- `sha1`
+- `sha256`
+- `sha512`
+
+## Usage
+
+### Basic Usage
+
+```typescript
+import { generateSecret, generate } from "otplib";
+import { NodeCryptoPlugin } from "@otplib/plugin-crypto-node";
+import { ScureBase32Plugin } from "@otplib/plugin-base32-scure";
+
+const crypto = new NodeCryptoPlugin();
+const base32 = new ScureBase32Plugin();
+
+// Generate a secret
+const secret = generateSecret({ crypto, base32 });
+
+// Generate a token
+const token = await generate({
+  secret,
+  crypto,
+  base32,
+});
+```
+
+### With Custom Algorithm
+
+```typescript
+import { generate } from "otplib";
+import { NodeCryptoPlugin } from "@otplib/plugin-crypto-node";
+import { ScureBase32Plugin } from "@otplib/plugin-base32-scure";
+
+const crypto = new NodeCryptoPlugin();
+const base32 = new ScureBase32Plugin();
+
+const token = await generate({
+  secret: "JBSWY3DPEHPK3PXP",
+  algorithm: "sha256",
+  crypto,
+  base32,
+});
+```
+
+### Synchronous HMAC
+
+The Node.js crypto plugin supports both synchronous and asynchronous HMAC operations:
+
+```typescript
+import { NodeCryptoPlugin } from "@otplib/plugin-crypto-node";
+
+const crypto = new NodeCryptoPlugin();
+
+// Sync HMAC (faster, but blocks event loop)
+const digest = crypto.hmacSync("sha1", key, data);
+
+// Async HMAC (doesn't block event loop)
+const digest = await crypto.hmac("sha1", key, data);
+```
+
+## When to Use
+
+Use this plugin when:
+
+- Running in Node.js environment
+- Need maximum performance
+- Want to use Node.js built-in crypto (no external dependencies)
+- Need synchronous HMAC operations
+
+## Platform Support
+
+- Node.js (all versions)
+- Not available in browsers (use `@otplib/plugin-crypto-web` instead)
+- Not available in edge runtimes (use `@otplib/plugin-crypto-web` instead)
+
+## Documentation
+
+Full documentation available at [otplib.yeojz.dev](https://otplib.yeojz.dev):
+
+- [Getting Started Guide](https://otplib.yeojz.dev/guide/getting-started)
+- [API Reference](https://otplib.yeojz.dev/api/)
+
+## License
+
+[MIT](./LICENSE) © 2026 Gerald Yeo

package/dist/index.cjs

@@ -0,0 +1,2 @@
+"use strict";var y=Object.defineProperty;var m=Object.getOwnPropertyDescriptor;var u=Object.getOwnPropertyNames;var c=Object.prototype.hasOwnProperty;var l=(n,r)=>{for(var e in r)y(n,e,{get:r[e],enumerable:!0})},p=(n,r,e,a)=>{if(r&&typeof r=="object"||typeof r=="function")for(let t of u(r))!c.call(n,t)&&t!==e&&y(n,t,{get:()=>r[t],enumerable:!(a=m(r,t))||a.enumerable});return n};var f=n=>p(y({},"__esModule",{value:!0}),n);var U={};l(U,{NodeCryptoPlugin:()=>s,crypto:()=>A,default:()=>g});module.exports=f(U);var i=require("crypto"),o=require("@otplib/core"),s=class{name="node";hmac(r,e,a){let t=(0,i.createHmac)(r,e);return t.update(a),new Uint8Array(t.digest())}randomBytes(r){return new Uint8Array((0,i.randomBytes)(r))}constantTimeEqual(r,e){let a=(0,o.stringToBytes)(r),t=(0,o.stringToBytes)(e);return(0,o.validateByteLengthEqual)(a,t)?(0,i.timingSafeEqual)(a,t):!1}},A=Object.freeze(new s),g=s;0&&(module.exports={NodeCryptoPlugin,crypto});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import { createHmac, randomBytes, timingSafeEqual } from \"node:crypto\";\n\nimport { stringToBytes, validateByteLengthEqual, type CryptoPlugin } from \"@otplib/core\";\n\n/**\n * Node.js crypto module implementation of CryptoPlugin\n *\n * This plugin uses Node.js's built-in crypto module which provides:\n * - OpenSSL-backed HMAC operations\n * - Cryptographically secure random byte generation\n * - Synchronous API for optimal performance\n *\n * @example\n * ```ts\n * import { NodeCryptoPlugin } from '@otplib/plugin-crypto-node';\n *\n * const crypto = new NodeCryptoPlugin();\n * const hmac = await crypto.hmac('sha1', key, data);\n * const random = crypto.randomBytes(20);\n * ```\n */\nexport class NodeCryptoPlugin implements CryptoPlugin {\n  /**\n   * Plugin name for identification\n   */\n  readonly name = \"node\";\n\n  /**\n   * Compute HMAC using Node.js crypto module\n   *\n   * Synchronous implementation using createHmac.\n   *\n   * @param algorithm - Hash algorithm to use\n   * @param key - Secret key\n   * @param data - Data to authenticate\n   * @returns HMAC digest\n   */\n  hmac(algorithm: \"sha1\" | \"sha256\" | \"sha512\", key: Uint8Array, data: Uint8Array): Uint8Array {\n    const hmac = createHmac(algorithm, key);\n    hmac.update(data);\n    return new Uint8Array(hmac.digest());\n  }\n\n  /**\n   * Generate cryptographically secure random bytes\n   *\n   * Uses Node.js's randomBytes which is backed by OpenSSL.\n   *\n   * @param length - Number of bytes to generate\n   * @returns Random bytes\n   */\n  randomBytes(length: number): Uint8Array {\n    return new Uint8Array(randomBytes(length));\n  }\n\n  /**\n   * Constant-time comparison using Node.js crypto.timingSafeEqual\n   *\n   * Uses Node.js's built-in timing-safe comparison which prevents\n   * timing side-channel attacks.\n   *\n   * @param a - First value to compare\n   * @param b - Second value to compare\n   * @returns true if values are equal, false otherwise\n   */\n  constantTimeEqual(a: string | Uint8Array, b: string | Uint8Array): boolean {\n    const bufA = stringToBytes(a);\n    const bufB = stringToBytes(b);\n\n    if (!validateByteLengthEqual(bufA, bufB)) {\n      return false;\n    }\n\n    return timingSafeEqual(bufA, bufB);\n  }\n}\n\n/**\n * Default singleton instance for convenience\n *\n * @example\n * ```ts\n * import { crypto } from '@otplib/plugin-crypto-node';\n *\n * const hmac = crypto.hmac('sha1', key, data);\n * ```\n */\nexport const crypto: CryptoPlugin = Object.freeze(new NodeCryptoPlugin());\n\nexport default NodeCryptoPlugin;\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,sBAAAE,EAAA,WAAAC,EAAA,YAAAC,IAAA,eAAAC,EAAAL,GAAA,IAAAM,EAAyD,kBAEzDC,EAA0E,wBAmB7DL,EAAN,KAA+C,CAI3C,KAAO,OAYhB,KAAKM,EAAyCC,EAAiBC,EAA8B,CAC3F,IAAMC,KAAO,cAAWH,EAAWC,CAAG,EACtC,OAAAE,EAAK,OAAOD,CAAI,EACT,IAAI,WAAWC,EAAK,OAAO,CAAC,CACrC,CAUA,YAAYC,EAA4B,CACtC,OAAO,IAAI,cAAW,eAAYA,CAAM,CAAC,CAC3C,CAYA,kBAAkBC,EAAwBC,EAAiC,CACzE,IAAMC,KAAO,iBAAcF,CAAC,EACtBG,KAAO,iBAAcF,CAAC,EAE5B,SAAK,2BAAwBC,EAAMC,CAAI,KAIhC,mBAAgBD,EAAMC,CAAI,EAHxB,EAIX,CACF,EAYab,EAAuB,OAAO,OAAO,IAAID,CAAkB,EAEjEE,EAAQF","names":["index_exports","__export","NodeCryptoPlugin","crypto","index_default","__toCommonJS","import_node_crypto","import_core","algorithm","key","data","hmac","length","a","b","bufA","bufB"]}

package/dist/index.d.cts

@@ -0,0 +1,69 @@
+import { CryptoPlugin } from '@otplib/core';
+
+/**
+ * Node.js crypto module implementation of CryptoPlugin
+ *
+ * This plugin uses Node.js's built-in crypto module which provides:
+ * - OpenSSL-backed HMAC operations
+ * - Cryptographically secure random byte generation
+ * - Synchronous API for optimal performance
+ *
+ * @example
+ * ```ts
+ * import { NodeCryptoPlugin } from '@otplib/plugin-crypto-node';
+ *
+ * const crypto = new NodeCryptoPlugin();
+ * const hmac = await crypto.hmac('sha1', key, data);
+ * const random = crypto.randomBytes(20);
+ * ```
+ */
+declare class NodeCryptoPlugin implements CryptoPlugin {
+    /**
+     * Plugin name for identification
+     */
+    readonly name = "node";
+    /**
+     * Compute HMAC using Node.js crypto module
+     *
+     * Synchronous implementation using createHmac.
+     *
+     * @param algorithm - Hash algorithm to use
+     * @param key - Secret key
+     * @param data - Data to authenticate
+     * @returns HMAC digest
+     */
+    hmac(algorithm: "sha1" | "sha256" | "sha512", key: Uint8Array, data: Uint8Array): Uint8Array;
+    /**
+     * Generate cryptographically secure random bytes
+     *
+     * Uses Node.js's randomBytes which is backed by OpenSSL.
+     *
+     * @param length - Number of bytes to generate
+     * @returns Random bytes
+     */
+    randomBytes(length: number): Uint8Array;
+    /**
+     * Constant-time comparison using Node.js crypto.timingSafeEqual
+     *
+     * Uses Node.js's built-in timing-safe comparison which prevents
+     * timing side-channel attacks.
+     *
+     * @param a - First value to compare
+     * @param b - Second value to compare
+     * @returns true if values are equal, false otherwise
+     */
+    constantTimeEqual(a: string | Uint8Array, b: string | Uint8Array): boolean;
+}
+/**
+ * Default singleton instance for convenience
+ *
+ * @example
+ * ```ts
+ * import { crypto } from '@otplib/plugin-crypto-node';
+ *
+ * const hmac = crypto.hmac('sha1', key, data);
+ * ```
+ */
+declare const crypto: CryptoPlugin;
+
+export { NodeCryptoPlugin, crypto, NodeCryptoPlugin as default };

package/dist/index.d.ts

@@ -0,0 +1,69 @@
+import { CryptoPlugin } from '@otplib/core';
+
+/**
+ * Node.js crypto module implementation of CryptoPlugin
+ *
+ * This plugin uses Node.js's built-in crypto module which provides:
+ * - OpenSSL-backed HMAC operations
+ * - Cryptographically secure random byte generation
+ * - Synchronous API for optimal performance
+ *
+ * @example
+ * ```ts
+ * import { NodeCryptoPlugin } from '@otplib/plugin-crypto-node';
+ *
+ * const crypto = new NodeCryptoPlugin();
+ * const hmac = await crypto.hmac('sha1', key, data);
+ * const random = crypto.randomBytes(20);
+ * ```
+ */
+declare class NodeCryptoPlugin implements CryptoPlugin {
+    /**
+     * Plugin name for identification
+     */
+    readonly name = "node";
+    /**
+     * Compute HMAC using Node.js crypto module
+     *
+     * Synchronous implementation using createHmac.
+     *
+     * @param algorithm - Hash algorithm to use
+     * @param key - Secret key
+     * @param data - Data to authenticate
+     * @returns HMAC digest
+     */
+    hmac(algorithm: "sha1" | "sha256" | "sha512", key: Uint8Array, data: Uint8Array): Uint8Array;
+    /**
+     * Generate cryptographically secure random bytes
+     *
+     * Uses Node.js's randomBytes which is backed by OpenSSL.
+     *
+     * @param length - Number of bytes to generate
+     * @returns Random bytes
+     */
+    randomBytes(length: number): Uint8Array;
+    /**
+     * Constant-time comparison using Node.js crypto.timingSafeEqual
+     *
+     * Uses Node.js's built-in timing-safe comparison which prevents
+     * timing side-channel attacks.
+     *
+     * @param a - First value to compare
+     * @param b - Second value to compare
+     * @returns true if values are equal, false otherwise
+     */
+    constantTimeEqual(a: string | Uint8Array, b: string | Uint8Array): boolean;
+}
+/**
+ * Default singleton instance for convenience
+ *
+ * @example
+ * ```ts
+ * import { crypto } from '@otplib/plugin-crypto-node';
+ *
+ * const hmac = crypto.hmac('sha1', key, data);
+ * ```
+ */
+declare const crypto: CryptoPlugin;
+
+export { NodeCryptoPlugin, crypto, NodeCryptoPlugin as default };

package/dist/index.js

@@ -0,0 +1,2 @@
+import{createHmac as o,randomBytes as s,timingSafeEqual as y}from"crypto";import{stringToBytes as i,validateByteLengthEqual as m}from"@otplib/core";var e=class{name="node";hmac(r,a,n){let t=o(r,a);return t.update(n),new Uint8Array(t.digest())}randomBytes(r){return new Uint8Array(s(r))}constantTimeEqual(r,a){let n=i(r),t=i(a);return m(n,t)?y(n,t):!1}},p=Object.freeze(new e),f=e;export{e as NodeCryptoPlugin,p as crypto,f as default};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import { createHmac, randomBytes, timingSafeEqual } from \"node:crypto\";\n\nimport { stringToBytes, validateByteLengthEqual, type CryptoPlugin } from \"@otplib/core\";\n\n/**\n * Node.js crypto module implementation of CryptoPlugin\n *\n * This plugin uses Node.js's built-in crypto module which provides:\n * - OpenSSL-backed HMAC operations\n * - Cryptographically secure random byte generation\n * - Synchronous API for optimal performance\n *\n * @example\n * ```ts\n * import { NodeCryptoPlugin } from '@otplib/plugin-crypto-node';\n *\n * const crypto = new NodeCryptoPlugin();\n * const hmac = await crypto.hmac('sha1', key, data);\n * const random = crypto.randomBytes(20);\n * ```\n */\nexport class NodeCryptoPlugin implements CryptoPlugin {\n  /**\n   * Plugin name for identification\n   */\n  readonly name = \"node\";\n\n  /**\n   * Compute HMAC using Node.js crypto module\n   *\n   * Synchronous implementation using createHmac.\n   *\n   * @param algorithm - Hash algorithm to use\n   * @param key - Secret key\n   * @param data - Data to authenticate\n   * @returns HMAC digest\n   */\n  hmac(algorithm: \"sha1\" | \"sha256\" | \"sha512\", key: Uint8Array, data: Uint8Array): Uint8Array {\n    const hmac = createHmac(algorithm, key);\n    hmac.update(data);\n    return new Uint8Array(hmac.digest());\n  }\n\n  /**\n   * Generate cryptographically secure random bytes\n   *\n   * Uses Node.js's randomBytes which is backed by OpenSSL.\n   *\n   * @param length - Number of bytes to generate\n   * @returns Random bytes\n   */\n  randomBytes(length: number): Uint8Array {\n    return new Uint8Array(randomBytes(length));\n  }\n\n  /**\n   * Constant-time comparison using Node.js crypto.timingSafeEqual\n   *\n   * Uses Node.js's built-in timing-safe comparison which prevents\n   * timing side-channel attacks.\n   *\n   * @param a - First value to compare\n   * @param b - Second value to compare\n   * @returns true if values are equal, false otherwise\n   */\n  constantTimeEqual(a: string | Uint8Array, b: string | Uint8Array): boolean {\n    const bufA = stringToBytes(a);\n    const bufB = stringToBytes(b);\n\n    if (!validateByteLengthEqual(bufA, bufB)) {\n      return false;\n    }\n\n    return timingSafeEqual(bufA, bufB);\n  }\n}\n\n/**\n * Default singleton instance for convenience\n *\n * @example\n * ```ts\n * import { crypto } from '@otplib/plugin-crypto-node';\n *\n * const hmac = crypto.hmac('sha1', key, data);\n * ```\n */\nexport const crypto: CryptoPlugin = Object.freeze(new NodeCryptoPlugin());\n\nexport default NodeCryptoPlugin;\n"],"mappings":"AAAA,OAAS,cAAAA,EAAY,eAAAC,EAAa,mBAAAC,MAAuB,SAEzD,OAAS,iBAAAC,EAAe,2BAAAC,MAAkD,eAmBnE,IAAMC,EAAN,KAA+C,CAI3C,KAAO,OAYhB,KAAKC,EAAyCC,EAAiBC,EAA8B,CAC3F,IAAMC,EAAOT,EAAWM,EAAWC,CAAG,EACtC,OAAAE,EAAK,OAAOD,CAAI,EACT,IAAI,WAAWC,EAAK,OAAO,CAAC,CACrC,CAUA,YAAYC,EAA4B,CACtC,OAAO,IAAI,WAAWT,EAAYS,CAAM,CAAC,CAC3C,CAYA,kBAAkBC,EAAwBC,EAAiC,CACzE,IAAMC,EAAOV,EAAcQ,CAAC,EACtBG,EAAOX,EAAcS,CAAC,EAE5B,OAAKR,EAAwBS,EAAMC,CAAI,EAIhCZ,EAAgBW,EAAMC,CAAI,EAHxB,EAIX,CACF,EAYaC,EAAuB,OAAO,OAAO,IAAIV,CAAkB,EAEjEW,EAAQX","names":["createHmac","randomBytes","timingSafeEqual","stringToBytes","validateByteLengthEqual","NodeCryptoPlugin","algorithm","key","data","hmac","length","a","b","bufA","bufB","crypto","index_default"]}

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "@otplib/plugin-crypto-node",
+  "version": "13.0.0",
+  "description": "Node.js crypto module adapter for otplib",
+  "license": "MIT",
+  "author": "Gerald Yeo <support@yeojz.dev>",
+  "homepage": "https://otplib.yeojz.dev",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/yeojz/otplib.git",
+    "directory": "packages/plugin-crypto-node"
+  },
+  "bugs": {
+    "url": "https://github.com/yeojz/otplib/issues"
+  },
+  "keywords": [
+    "otp",
+    "crypto",
+    "nodejs",
+    "hmac",
+    "plugin"
+  ],
+  "sideEffects": false,
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "@noble/hashes": "^1.3.3",
+    "@otplib/core": "13.0.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.1",
+    "typescript": "^5.3.3",
+    "vitest": "^4.0.16"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest",
+    "test:ci": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src/",
+    "clean": "rm -rf dist .tsbuildinfo"
+  }
+}