@otplib/v12-adapter 13.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gerald Yeo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,53 @@
+# @otplib/v12-adapter
+
+> Drop-in replacement adapter for migrating `otplib` from v12 to v13.
+
+This adapter mimics the v12 synchronous API while using v13's plugins under the hood. However, some fundamental changes from v13 may carry over.
+
+**Note:** This is intended as a temporary bridge to help you upgrade to v13 without rewriting your entire application immediately. We strongly recommend fully migrating to the new v13 API when possible.
+
+## Installation
+
+```bash
+npm install @otplib/v12-adapter
+pnpm add @otplib/v12-adapter
+yarn add @otplib/v12-adapter
+```
+
+## Usage
+
+Simply update your imports from `otplib` to `@otplib/v12-adapter`.
+
+### Before (v12)
+
+```typescript
+import { authenticator } from "otplib";
+
+const secret = authenticator.generateSecret();
+const token = authenticator.generate(secret);
+const isValid = authenticator.verify({ token, secret });
+```
+
+### After (v13 with Adapter)
+
+```typescript
+import { authenticator } from "@otplib/v12-adapter";
+
+// API remains exactly the same
+const secret = authenticator.generateSecret();
+const token = authenticator.generate(secret);
+const isValid = authenticator.verify({ token, secret });
+```
+
+## Limitations
+
+- **Class/Instance API Only**: This adapter only exports the `authenticator`, `totp`, and `hotp` singleton instances and their classes. If you were importing specific utility functions directly from `otplib/core` or other internal paths in v12, those are not covered by this adapter.
+- **Sync/Async**: While this adapter provides a synchronous-looking API (like v12), it uses v13's plugins under the hood. For standard Node.js usage with the default `crypto` module, this works seamlessly.
+
+## Migration Guide
+
+For a full guide on migrating to v13, including the benefits of the new architecture and how to use the new features, please see the [Migration Guide](https://otplib.yeojz.dev/guide/migrating-v12-to-v13).
+
+## License
+
+[MIT](./LICENSE) © 2026 Gerald Yeo

package/dist/index.cjs

@@ -0,0 +1,542 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Authenticator: () => Authenticator,
+  HOTP: () => HOTP,
+  HashAlgorithms: () => HashAlgorithms,
+  KeyEncodings: () => KeyEncodings,
+  NobleCryptoPlugin: () => import_plugin_crypto_noble4.NobleCryptoPlugin,
+  ScureBase32Plugin: () => import_plugin_base32_scure4.ScureBase32Plugin,
+  TOTP: () => TOTP,
+  authenticator: () => authenticator,
+  hotp: () => hotp,
+  hotpDigestToToken: () => hotpDigestToToken,
+  totp: () => totp
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/hotp.ts
+var import_core = require("@otplib/core");
+var import_hotp = require("@otplib/hotp");
+var import_plugin_base32_scure = require("@otplib/plugin-base32-scure");
+var import_plugin_crypto_noble = require("@otplib/plugin-crypto-noble");
+var import_uri = require("@otplib/uri");
+
+// src/types.ts
+var HashAlgorithms = {
+  SHA1: "sha1",
+  SHA256: "sha256",
+  SHA512: "sha512"
+};
+var KeyEncodings = {
+  ASCII: "ascii",
+  HEX: "hex",
+  BASE32: "base32",
+  BASE64: "base64",
+  LATIN1: "latin1",
+  UTF8: "utf8"
+};
+
+// src/hotp.ts
+var defaultCrypto = new import_plugin_crypto_noble.NobleCryptoPlugin();
+var defaultBase32 = new import_plugin_base32_scure.ScureBase32Plugin();
+function secretToBytes(secret, encoding) {
+  if (encoding === KeyEncodings.BASE32 || encoding === "base32") {
+    return defaultBase32.decode(secret);
+  }
+  if (encoding === KeyEncodings.HEX || encoding === "hex") {
+    return (0, import_core.hexToBytes)(secret.replace(/\s/g, ""));
+  }
+  return (0, import_core.stringToBytes)(secret);
+}
+function hotpDigestToToken(hexDigest, digits) {
+  const digestBytes = (0, import_core.hexToBytes)(hexDigest);
+  const truncated = (0, import_core.dynamicTruncate)(digestBytes);
+  return (0, import_core.truncateDigits)(truncated, digits);
+}
+var HOTP = class _HOTP {
+  /**
+   * Stored options that can be modified
+   */
+  _options = {};
+  /**
+   * Default options applied to all operations
+   */
+  _defaultOptions = {};
+  constructor(defaultOptions = {}) {
+    this._defaultOptions = { ...defaultOptions };
+    this._options = {};
+  }
+  /**
+   * Get current options (merged with defaults)
+   */
+  get options() {
+    return { ...this._defaultOptions, ...this._options };
+  }
+  /**
+   * Set options (replaces current options)
+   */
+  set options(value) {
+    this._options = { ...value };
+  }
+  /**
+   * Creates a new instance with the specified default options
+   */
+  create(defaultOptions = {}) {
+    return new _HOTP(defaultOptions);
+  }
+  /**
+   * Returns class options polyfilled with default values
+   */
+  allOptions() {
+    const merged = {
+      algorithm: HashAlgorithms.SHA1,
+      digits: 6,
+      encoding: KeyEncodings.ASCII,
+      crypto: defaultCrypto,
+      base32: defaultBase32,
+      ...this._defaultOptions,
+      ...this._options
+    };
+    return Object.freeze(merged);
+  }
+  /**
+   * Reset options to defaults
+   */
+  resetOptions() {
+    this._options = {};
+    return this;
+  }
+  /**
+   * Generate an HOTP token
+   */
+  generate(secret, counter) {
+    const opts = this.allOptions();
+    const secretBytes = secretToBytes(secret, opts.encoding);
+    return (0, import_hotp.generateSync)({
+      secret: secretBytes,
+      counter,
+      algorithm: opts.algorithm,
+      digits: opts.digits,
+      crypto: opts.crypto
+    });
+  }
+  /**
+   * Check if a token is valid for the given secret and counter
+   */
+  check(token, secret, counter) {
+    const opts = this.allOptions();
+    const secretBytes = secretToBytes(secret, opts.encoding);
+    try {
+      const result = (0, import_hotp.verifySync)({
+        secret: secretBytes,
+        token,
+        counter,
+        algorithm: opts.algorithm,
+        digits: opts.digits,
+        counterTolerance: 0,
+        crypto: opts.crypto
+      });
+      return result.valid;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Verify a token (object-based API)
+   */
+  verify(opts) {
+    if (typeof opts !== "object") {
+      throw new Error("Expecting argument 0 of verify to be an object");
+    }
+    return this.check(opts.token, opts.secret, opts.counter);
+  }
+  /**
+   * Generate an otpauth:// URI for HOTP
+   */
+  keyuri(accountName, issuer, secret, counter) {
+    const opts = this.allOptions();
+    return (0, import_uri.generateHOTP)({
+      label: accountName,
+      issuer,
+      secret,
+      algorithm: opts.algorithm,
+      digits: opts.digits,
+      counter
+    });
+  }
+};
+
+// src/totp.ts
+var import_plugin_base32_scure2 = require("@otplib/plugin-base32-scure");
+var import_plugin_crypto_noble2 = require("@otplib/plugin-crypto-noble");
+var import_totp = require("@otplib/totp");
+var import_uri2 = require("@otplib/uri");
+var defaultCrypto2 = new import_plugin_crypto_noble2.NobleCryptoPlugin();
+var defaultBase322 = new import_plugin_base32_scure2.ScureBase32Plugin();
+function parseWindow(window, step) {
+  if (window === void 0 || window === 0) {
+    return 0;
+  }
+  if (typeof window === "number") {
+    return window * step;
+  }
+  return [window[0] * step, window[1] * step];
+}
+var TOTP = class _TOTP extends HOTP {
+  constructor(defaultOptions = {}) {
+    super(defaultOptions);
+  }
+  /**
+   * Creates a new TOTP instance with the specified default options
+   */
+  create(defaultOptions = {}) {
+    return new _TOTP(defaultOptions);
+  }
+  /**
+   * Returns class options polyfilled with TOTP default values
+   */
+  allOptions() {
+    const merged = {
+      algorithm: HashAlgorithms.SHA1,
+      digits: 6,
+      encoding: KeyEncodings.ASCII,
+      epoch: Date.now(),
+      step: 30,
+      window: 0,
+      crypto: defaultCrypto2,
+      base32: defaultBase322,
+      ...this._defaultOptions,
+      ...this._options
+    };
+    return Object.freeze(merged);
+  }
+  /**
+   * Generate a TOTP token
+   *
+   * @param secret - The secret key
+   * @returns The OTP token
+   */
+  generate(secret) {
+    const opts = this.allOptions();
+    const secretBytes = secretToBytes(secret, opts.encoding);
+    const epochSeconds = Math.floor(opts.epoch / 1e3);
+    return (0, import_totp.generateSync)({
+      secret: secretBytes,
+      algorithm: opts.algorithm,
+      digits: opts.digits,
+      period: opts.step,
+      epoch: epochSeconds,
+      t0: 0,
+      crypto: opts.crypto
+    });
+  }
+  /**
+   * Check if a token is valid for the given secret
+   *
+   * @param token - The token to verify
+   * @param secret - The secret key
+   * @returns true if valid
+   */
+  check(token, secret) {
+    const delta = this.checkDelta(token, secret);
+    return typeof delta === "number";
+  }
+  /**
+   * Check token and return the time window delta
+   *
+   * @param token - The token to verify
+   * @param secret - The secret key
+   * @returns Window delta (0 = current, positive = future, negative = past), null if invalid
+   */
+  checkDelta(token, secret) {
+    const opts = this.allOptions();
+    const secretBytes = secretToBytes(secret, opts.encoding);
+    const epochSeconds = Math.floor(opts.epoch / 1e3);
+    const step = opts.step;
+    const window = opts.window;
+    const epochTolerance = parseWindow(window, step);
+    try {
+      const result = (0, import_totp.verifySync)({
+        secret: secretBytes,
+        token,
+        algorithm: opts.algorithm,
+        digits: opts.digits,
+        period: step,
+        epoch: epochSeconds,
+        t0: 0,
+        epochTolerance,
+        crypto: opts.crypto
+      });
+      if (!result.valid) {
+        return null;
+      }
+      return result.delta;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Verify a token (object-based API)
+   *
+   * @param opts - Verification options
+   * @returns true if valid
+   */
+  verify(opts) {
+    if (typeof opts !== "object") {
+      throw new Error("Expecting argument 0 of verify to be an object");
+    }
+    return this.check(opts.token, opts.secret);
+  }
+  /**
+   * Generate an otpauth:// URI for TOTP
+   *
+   * @param accountName - Account name for the URI
+   * @param issuer - Issuer name
+   * @param secret - The secret key (should be Base32 for QR codes)
+   * @returns The otpauth:// URI
+   */
+  keyuri(accountName, issuer, secret) {
+    const opts = this.allOptions();
+    return (0, import_uri2.generateTOTP)({
+      label: accountName,
+      issuer,
+      secret,
+      algorithm: opts.algorithm,
+      digits: opts.digits,
+      period: opts.step
+    });
+  }
+  /**
+   * Get time used in current step (seconds elapsed in current window)
+   *
+   * @returns Seconds used in current step
+   */
+  timeUsed() {
+    const opts = this.allOptions();
+    const epochSeconds = Math.floor(opts.epoch / 1e3);
+    return epochSeconds % opts.step;
+  }
+  /**
+   * Get time remaining until next token
+   *
+   * @returns Seconds remaining in current step
+   */
+  timeRemaining() {
+    const opts = this.allOptions();
+    const epochSeconds = Math.floor(opts.epoch / 1e3);
+    return (0, import_totp.getRemainingTime)(epochSeconds, opts.step, 0);
+  }
+};
+
+// src/authenticator.ts
+var import_core2 = require("@otplib/core");
+var import_plugin_base32_scure3 = require("@otplib/plugin-base32-scure");
+var import_plugin_crypto_noble3 = require("@otplib/plugin-crypto-noble");
+var import_totp2 = require("@otplib/totp");
+var defaultCrypto3 = new import_plugin_crypto_noble3.NobleCryptoPlugin();
+var defaultBase323 = new import_plugin_base32_scure3.ScureBase32Plugin();
+function defaultKeyEncoder(secret, _encoding) {
+  const bytes = new TextEncoder().encode(secret);
+  return defaultBase323.encode(bytes);
+}
+function defaultKeyDecoder(encodedSecret, _encoding) {
+  const bytes = defaultBase323.decode(encodedSecret);
+  return new TextDecoder().decode(bytes);
+}
+var Authenticator = class _Authenticator extends TOTP {
+  constructor(defaultOptions = {}) {
+    super(defaultOptions);
+  }
+  /**
+   * Creates a new Authenticator instance with the specified default options
+   */
+  create(defaultOptions = {}) {
+    return new _Authenticator(defaultOptions);
+  }
+  /**
+   * Returns class options polyfilled with Authenticator default values
+   */
+  allOptions() {
+    const merged = {
+      algorithm: HashAlgorithms.SHA1,
+      digits: 6,
+      encoding: KeyEncodings.HEX,
+      epoch: Date.now(),
+      step: 30,
+      window: 0,
+      keyEncoder: defaultKeyEncoder,
+      keyDecoder: defaultKeyDecoder,
+      crypto: defaultCrypto3,
+      base32: defaultBase323,
+      ...this._defaultOptions,
+      ...this._options
+    };
+    return Object.freeze(merged);
+  }
+  /**
+   * Generate an OTP token from a Base32 secret
+   *
+   * @param secret - Base32-encoded secret
+   * @returns The OTP token
+   */
+  generate(secret) {
+    const opts = this.allOptions();
+    const secretBytes = defaultBase323.decode(secret);
+    const epoch = opts.epoch;
+    const epochSeconds = epoch >= 1e12 ? Math.floor(epoch / 1e3) : epoch;
+    return (0, import_totp2.generateSync)({
+      secret: secretBytes,
+      algorithm: opts.algorithm,
+      digits: opts.digits,
+      period: opts.step,
+      epoch: epochSeconds,
+      t0: 0,
+      crypto: opts.crypto
+    });
+  }
+  /**
+   * Check if a token is valid for the given Base32 secret
+   *
+   * @param token - The token to verify
+   * @param secret - Base32-encoded secret
+   * @returns true if valid
+   */
+  check(token, secret) {
+    const delta = this.checkDelta(token, secret);
+    return typeof delta === "number";
+  }
+  /**
+   * Check token and return the time window delta
+   *
+   * @param token - The token to verify
+   * @param secret - Base32-encoded secret
+   * @returns Window delta (0 = current, positive = future, negative = past), null if invalid
+   */
+  checkDelta(token, secret) {
+    const opts = this.allOptions();
+    const secretBytes = defaultBase323.decode(secret);
+    const epoch = opts.epoch;
+    const epochSeconds = epoch >= 1e12 ? Math.floor(epoch / 1e3) : epoch;
+    const step = opts.step;
+    const window = opts.window;
+    let epochTolerance = 0;
+    if (typeof window === "number") {
+      epochTolerance = window * step;
+    } else if (Array.isArray(window)) {
+      epochTolerance = [window[0] * step, window[1] * step];
+    }
+    try {
+      const result = (0, import_totp2.verifySync)({
+        secret: secretBytes,
+        token,
+        algorithm: opts.algorithm,
+        digits: opts.digits,
+        period: step,
+        epoch: epochSeconds,
+        t0: 0,
+        epochTolerance,
+        crypto: opts.crypto
+      });
+      if (!result.valid) {
+        return null;
+      }
+      return result.delta;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Verify a token (object-based API)
+   *
+   * @param opts - Verification options
+   * @returns true if valid
+   */
+  verify(opts) {
+    if (typeof opts !== "object") {
+      throw new Error("Expecting argument 0 of verify to be an object");
+    }
+    return this.check(opts.token, opts.secret);
+  }
+  /**
+   * Encode a raw secret to Base32
+   *
+   * @param secret - Raw secret string
+   * @returns Base32-encoded secret
+   */
+  encode(secret) {
+    const opts = this.allOptions();
+    if (opts.keyEncoder) {
+      return opts.keyEncoder(secret, opts.encoding);
+    }
+    return defaultKeyEncoder(secret, opts.encoding);
+  }
+  /**
+   * Decode a Base32 secret to raw string
+   *
+   * @param secret - Base32-encoded secret
+   * @returns Raw secret string
+   */
+  decode(secret) {
+    const opts = this.allOptions();
+    if (opts.keyDecoder) {
+      return opts.keyDecoder(secret, opts.encoding);
+    }
+    return defaultKeyDecoder(secret, opts.encoding);
+  }
+  /**
+   * Generate a random Base32-encoded secret
+   *
+   * @param numberOfBytes - Number of bytes for the secret (default: 20)
+   * @returns Base32-encoded secret
+   */
+  generateSecret(numberOfBytes = 20) {
+    const opts = this.allOptions();
+    return (0, import_core2.generateSecret)({
+      crypto: opts.crypto,
+      base32: opts.base32,
+      length: numberOfBytes
+    });
+  }
+};
+
+// src/index.ts
+var import_plugin_crypto_noble4 = require("@otplib/plugin-crypto-noble");
+var import_plugin_base32_scure4 = require("@otplib/plugin-base32-scure");
+var hotp = new HOTP();
+var totp = new TOTP();
+var authenticator = new Authenticator();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Authenticator,
+  HOTP,
+  HashAlgorithms,
+  KeyEncodings,
+  NobleCryptoPlugin,
+  ScureBase32Plugin,
+  TOTP,
+  authenticator,
+  hotp,
+  hotpDigestToToken,
+  totp
+});
+//# sourceMappingURL=index.cjs.map