react-native-otp-auto-verify 0.1.0

package/LICENSE

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2026 Kailas Rathod
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/OtpAutoVerify.podspec

@@ -0,0 +1,20 @@
+require "json"
+
+package = JSON.parse(File.read(File.join(__dir__, "package.json")))
+
+Pod::Spec.new do |s|
+  s.name         = "OtpAutoVerify"
+  s.version      = package["version"]
+  s.summary      = package["description"]
+  s.homepage     = package["homepage"]
+  s.license      = package["license"]
+  s.authors      = package["author"]
+
+  s.platforms    = { :ios => min_ios_version_supported }
+  s.source       = { :git => "https://github.com/kailas-rathod/react-native-otp-auto-verify.git", :tag => "#{s.version}" }
+
+  s.source_files = "ios/**/*.{h,m,mm,swift,cpp}"
+  s.private_header_files = "ios/**/*.h"
+
+  install_modules_dependencies(s)
+end

package/README.md

@@ -0,0 +1,258 @@
+# react-native-otp-auto-verify
+
+<div align="center">
+
+[![npm version](https://img.shields.io/npm/v/react-native-otp-auto-verify.svg?style=flat-square)](https://www.npmjs.com/package/react-native-otp-auto-verify)
+[![npm downloads](https://img.shields.io/npm/dm/react-native-otp-auto-verify.svg?style=flat-square)](https://www.npmjs.com/package/react-native-otp-auto-verify)
+[![license](https://img.shields.io/npm/l/react-native-otp-auto-verify.svg?style=flat-square)](https://github.com/kailas-rathod/react-native-otp-auto-verify/blob/main/LICENSE)
+[![typescript](https://img.shields.io/badge/TypeScript-Ready-blue.svg?style=flat-square)](https://www.typescriptlang.org/)
+
+Automatic OTP detection on **Android** using the **Google SMS Retriever API** (no `READ_SMS` permission required).
+
+</div>
+
+## Table of contents
+
+- [Features](#features)
+- [Platform support](#platform-support)
+- [Requirements](#requirements)
+- [Installation](#installation)
+- [Usage](#usage)
+  - [1) Get your app hash](#1-get-your-app-hash)
+  - [2) Format your OTP SMS](#2-format-your-otp-sms)
+  - [3) Hook usage (recommended)](#3-hook-usage-recommended)
+  - [4) Imperative usage](#4-imperative-usage)
+- [API](#api)
+- [Timeout behavior](#timeout-behavior)
+- [React Native New Architecture](#react-native-new-architecture)
+- [Troubleshooting](#troubleshooting)
+- [Example app](#example-app)
+- [Contributing](#contributing)
+- [License](#license)
+
+## Features
+
+- Automatically extracts **4–6 digit** OTPs from SMS on Android
+- Uses Google **SMS Retriever API** (Play Store compliant, **no SMS permissions**)
+- Includes a **React hook** and an **imperative** API
+- Fully typed (**TypeScript**)
+- **React Native New Architecture** (TurboModules) supported
+- iOS is a **safe no-op** (manual OTP entry required)
+
+## Platform support
+
+| Platform | Support | Notes                                   |
+| -------- | ------- | --------------------------------------- |
+| Android  | ✅      | Requires Google Play services on device |
+| iOS      | ⚠️      | Safe no-op (no auto-read)               |
+
+## Requirements
+
+- React Native: **0.60+** (autolinking)
+- Android: **minSdkVersion 24+**
+- iOS: supported as a **no-op** (you still need manual OTP UI)
+
+## Installation
+
+```sh
+npm install react-native-otp-auto-verify
+# or
+yarn add react-native-otp-auto-verify
+# or
+pnpm add react-native-otp-auto-verify
+```
+
+iOS (React Native CLI projects):
+
+```sh
+npx pod-install
+```
+
+## Usage
+
+### 1) Get your app hash
+
+SMS Retriever only delivers messages that include your **11-character app hash**.
+
+```ts
+import { getHash } from 'react-native-otp-auto-verify';
+
+const hashes = await getHash();
+const appHash = hashes[0]; // send this to your backend
+```
+
+### 2) Format your OTP SMS
+
+Your backend **must** include the app hash at the **end** of the SMS.
+
+Requirements:
+
+- Message must be **≤ 140 bytes**
+- Must contain a **4–6 digit** OTP
+- Must **end with** the app hash from `getHash()`
+
+Recommended format:
+
+```
+<#> Your verification code is 123456
+AbCdEfGhIjK
+```
+
+### 3) Hook usage (recommended)
+
+Start listening only while the OTP screen is visible (foreground).
+
+```tsx
+import React from 'react';
+import { Text, View } from 'react-native';
+import { useOtpVerification } from 'react-native-otp-auto-verify';
+
+export function OtpScreen() {
+  const { hashCode, otp, timeoutError, startListening, stopListening } =
+    useOtpVerification({ numberOfDigits: 6 });
+
+  React.useEffect(() => {
+    void startListening();
+    return () => stopListening();
+  }, [startListening, stopListening]);
+
+  return (
+    <View>
+      {!!hashCode && <Text>Hash: {hashCode}</Text>}
+      {!!otp && <Text>OTP: {otp}</Text>}
+      {timeoutError && <Text>Timeout. Tap resend and try again.</Text>}
+    </View>
+  );
+}
+```
+
+### 4) Imperative usage
+
+```ts
+import {
+  activateOtpListener,
+  removeListener,
+} from 'react-native-otp-auto-verify';
+
+const sub = await activateOtpListener(
+  (sms, extractedOtp) => {
+    if (extractedOtp) {
+      console.log('OTP:', extractedOtp);
+    }
+  },
+  { numberOfDigits: 6 }
+);
+
+// cleanup
+sub.remove();
+// or
+removeListener();
+```
+
+## API
+
+### `useOtpVerification(options?)`
+
+- **options**
+  - `numberOfDigits?: 4 | 5 | 6` (default `6`)
+- **returns**
+  - `hashCode: string`
+  - `otp: string | null`
+  - `sms: string | null`
+  - `timeoutError: boolean`
+  - `startListening(): Promise<void>`
+  - `stopListening(): void`
+
+### `getHash(): Promise<string[]>`
+
+Android only. On iOS returns `[]`.
+
+### `activateOtpListener(handler, options?): Promise<{ remove(): void }>`
+
+Android only. Throws on iOS.
+
+### `removeListener(): void`
+
+Android only. Removes native listeners.
+
+### `extractOtp(sms: string, numberOfDigits?: 4 | 5 | 6): string | null`
+
+Pure helper to extract the OTP from an SMS string.
+
+## Timeout behavior
+
+SMS Retriever waits up to **5 minutes**. When it times out:
+
+- `timeoutError` becomes `true`
+- call `startListening()` again to retry
+
+## React Native New Architecture
+
+This library is built with **TurboModules** and fully supports React Native's **New Architecture**.
+
+### What is the New Architecture?
+
+The New Architecture (also known as Fabric + TurboModules) is React Native's new rendering system and native module architecture that provides:
+
+- Better performance and type safety
+- Synchronous native module calls
+- Improved interoperability with native code
+
+### Enabling New Architecture
+
+The library works automatically with both **Old Architecture** and **New Architecture**. No code changes needed.
+
+**For Android:**
+
+Enable New Architecture in `android/gradle.properties`:
+
+```properties
+newArchEnabled=true
+```
+
+**For iOS:**
+
+Enable New Architecture in `ios/Podfile`:
+
+```ruby
+use_react_native!(
+  :fabric_enabled => true,
+  # ... other options
+)
+```
+
+Or set the environment variable:
+
+```sh
+RCT_NEW_ARCH_ENABLED=1 pod install
+```
+
+### Compatibility
+
+- ✅ Works with **Old Architecture** (React Native < 0.68)
+- ✅ Works with **New Architecture** (React Native 0.68+)
+- ✅ Automatically detects and uses the correct architecture
+- ✅ No breaking changes when migrating
+
+## Troubleshooting
+
+- OTP not detected
+  - Ensure the SMS **ends with** the app hash
+  - Keep the SMS **≤ 140 bytes**
+  - Match `numberOfDigits` to your OTP length
+  - Keep the app in **foreground**
+- Listener fails to start
+  - Ensure Google Play services are available on the device
+  - Avoid multiple active listeners at once
+
+## Example app
+
+See [`./example`](./example).
+
+## Contributing
+
+See [`CONTRIBUTING.md`](CONTRIBUTING.md).
+
+## License
+
+MIT

package/android/build.gradle

@@ -0,0 +1,68 @@
+buildscript {
+  ext.OtpAutoVerify = [
+    kotlinVersion: "2.0.21",
+    minSdkVersion: 24,
+    compileSdkVersion: 36,
+    targetSdkVersion: 36
+  ]
+
+  ext.getExtOrDefault = { prop ->
+    if (rootProject.ext.has(prop)) {
+      return rootProject.ext.get(prop)
+    }
+
+    return OtpAutoVerify[prop]
+  }
+
+  repositories {
+    google()
+    mavenCentral()
+  }
+
+  dependencies {
+    classpath "com.android.tools.build:gradle:8.7.2"
+    // noinspection DifferentKotlinGradleVersion
+    classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${getExtOrDefault('kotlinVersion')}"
+  }
+}
+
+
+apply plugin: "com.android.library"
+apply plugin: "kotlin-android"
+
+apply plugin: "com.facebook.react"
+
+android {
+  namespace "com.otpautoverify"
+
+  compileSdkVersion getExtOrDefault("compileSdkVersion")
+
+  defaultConfig {
+    minSdkVersion getExtOrDefault("minSdkVersion")
+    targetSdkVersion getExtOrDefault("targetSdkVersion")
+  }
+
+  buildFeatures {
+    buildConfig true
+  }
+
+  buildTypes {
+    release {
+      minifyEnabled false
+    }
+  }
+
+  lint {
+    disable "GradleCompatible"
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_1_8
+    targetCompatibility JavaVersion.VERSION_1_8
+  }
+}
+
+dependencies {
+  implementation "com.facebook.react:react-android"
+  implementation "com.google.android.gms:play-services-auth:21.3.0"
+}

package/android/src/main/AndroidManifest.xml

@@ -0,0 +1,2 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+</manifest>

package/android/src/main/java/com/otpautoverify/AppSignatureHelper.kt

@@ -0,0 +1,80 @@
+package com.otpautoverify
+
+import android.content.Context
+import android.content.ContextWrapper
+import android.content.pm.PackageManager
+import android.os.Build
+import android.util.Base64
+import android.util.Log
+import java.nio.charset.StandardCharsets
+import java.security.MessageDigest
+import java.security.NoSuchAlgorithmException
+import java.util.ArrayList
+import java.util.Arrays
+
+/**
+ * Computes the 11-character app hash required by the SMS Retriever API.
+ * Uses GET_SIGNING_CERTIFICATES on API 28+ and GET_SIGNATURES on older versions.
+ */
+class AppSignatureHelper(context: Context) : ContextWrapper(context) {
+
+    companion object {
+        private const val TAG = "AppSignatureHelper"
+        private const val HASH_TYPE = "SHA-256"
+        private const val NUM_HASHED_BYTES = 9
+        private const val NUM_BASE64_CHAR = 11
+    }
+
+    /**
+     * Returns app hash strings for the current package.
+     * Include one of these in your SMS message (e.g. at the end) for the Retriever to match.
+     */
+    fun getAppSignatures(): ArrayList<String> {
+        val appCodes = ArrayList<String>()
+        try {
+            val packageName = packageName
+            val packageManager = packageManager
+            val signatures = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+                val packageInfo = packageManager.getPackageInfo(
+                    packageName,
+                    PackageManager.GET_SIGNING_CERTIFICATES
+                )
+                packageInfo.signingInfo?.apkContentsSigners
+            } else {
+                @Suppress("DEPRECATION")
+                val packageInfo = packageManager.getPackageInfo(
+                    packageName,
+                    PackageManager.GET_SIGNATURES
+                )
+                packageInfo.signatures
+            } ?: return appCodes
+
+            for (signature in signatures) {
+                val hash = hash(packageName, signature.toCharsString())
+                if (hash != null) {
+                    appCodes.add(hash)
+                }
+            }
+        } catch (e: PackageManager.NameNotFoundException) {
+            Log.e(TAG, "Unable to find package to obtain hash.", e)
+        }
+        return appCodes
+    }
+
+    private fun hash(packageName: String, signature: String): String? {
+        return try {
+            val appInfo = "$packageName $signature"
+            val messageDigest = MessageDigest.getInstance(HASH_TYPE)
+            messageDigest.update(appInfo.toByteArray(StandardCharsets.UTF_8))
+            var hashSignature = messageDigest.digest()
+            hashSignature = Arrays.copyOfRange(hashSignature, 0, NUM_HASHED_BYTES)
+            var base64Hash = Base64.encodeToString(hashSignature, Base64.NO_PADDING or Base64.NO_WRAP)
+            base64Hash = base64Hash.substring(0, minOf(NUM_BASE64_CHAR, base64Hash.length))
+            Log.d(TAG, "pkg: $packageName -- hash: $base64Hash")
+            base64Hash
+        } catch (e: NoSuchAlgorithmException) {
+            Log.e(TAG, "hash: NoSuchAlgorithm", e)
+            null
+        }
+    }
+}

package/android/src/main/java/com/otpautoverify/OtpAutoVerifyModule.kt

@@ -0,0 +1,146 @@
+package com.otpautoverify
+
+import android.annotation.SuppressLint
+import android.content.IntentFilter
+import android.os.Build
+import android.util.Log
+import com.facebook.react.bridge.Arguments
+import com.facebook.react.bridge.LifecycleEventListener
+import com.facebook.react.bridge.Promise
+import com.facebook.react.bridge.ReactApplicationContext
+import com.google.android.gms.auth.api.phone.SmsRetriever
+import com.google.android.gms.tasks.OnFailureListener
+import com.google.android.gms.tasks.OnSuccessListener
+class OtpAutoVerifyModule(reactContext: ReactApplicationContext) :
+    NativeOtpAutoVerifySpec(reactContext), LifecycleEventListener {
+
+    companion object {
+        const val NAME = NativeOtpAutoVerifySpec.NAME
+        private const val TAG = "OtpAutoVerifyModule"
+        const val OTP_RECEIVED_EVENT = "otpReceived"
+    }
+
+    private var smsReceiver: SmsRetrieverBroadcastReceiver? = null
+    private var isReceiverRegistered = false
+    private var isListening = false
+
+    init {
+        reactContext.addLifecycleEventListener(this)
+    }
+
+    override fun getTypedExportedConstants(): MutableMap<String, Any> {
+        return mutableMapOf("OTP_RECEIVED_EVENT" to OTP_RECEIVED_EVENT)
+    }
+
+    override fun getHash(promise: Promise) {
+        try {
+            val helper = AppSignatureHelper(reactApplicationContext)
+            val signatures = helper.getAppSignatures()
+            val arr = Arguments.createArray()
+            for (s in signatures) {
+                arr.pushString(s)
+            }
+            promise.resolve(arr)
+        } catch (e: Exception) {
+            Log.e(TAG, "getHash failed", e)
+            promise.reject("GET_HASH_ERROR", e.message, e)
+        }
+    }
+
+    override fun startSmsRetriever(promise: Promise) {
+        val activity = currentActivity
+        if (activity == null) {
+            promise.reject("NO_ACTIVITY", "No current activity. Ensure the app is in the foreground.")
+            return
+        }
+
+        registerReceiverIfNecessary(activity)
+
+        val client = SmsRetriever.getClient(reactApplicationContext)
+        client.startSmsRetriever()
+            .addOnSuccessListener(OnSuccessListener {
+                Log.d(TAG, "SMS retriever started")
+                isListening = true
+                promise.resolve(true)
+            })
+            .addOnFailureListener(OnFailureListener { e ->
+                Log.e(TAG, "Failed to start SMS retriever", e)
+                promise.reject("START_SMS_RETRIEVER_ERROR", e.message, e)
+            })
+    }
+
+    @SuppressLint("UnspecifiedRegisterReceiverFlag")
+    private fun registerReceiverIfNecessary(activity: android.app.Activity) {
+        if (isReceiverRegistered) return
+        try {
+            smsReceiver = SmsRetrieverBroadcastReceiver(reactApplicationContext, OTP_RECEIVED_EVENT)
+            val filter = IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+                activity.registerReceiver(
+                    smsReceiver,
+                    filter,
+                    SmsRetriever.SEND_PERMISSION,
+                    null,
+                    android.content.Context.RECEIVER_EXPORTED
+                )
+            } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+                activity.registerReceiver(
+                    smsReceiver,
+                    filter,
+                    android.content.Context.RECEIVER_EXPORTED
+                )
+            } else {
+                activity.registerReceiver(smsReceiver, filter)
+            }
+            isReceiverRegistered = true
+            Log.d(TAG, "SMS receiver registered")
+        } catch (e: Exception) {
+            Log.e(TAG, "Failed to register SMS receiver", e)
+        }
+    }
+
+    private fun unregisterReceiver() {
+        val activity = currentActivity
+        if (isReceiverRegistered && activity != null && smsReceiver != null) {
+            try {
+                activity.unregisterReceiver(smsReceiver)
+                Log.d(TAG, "SMS receiver unregistered")
+            } catch (e: Exception) {
+                Log.e(TAG, "Failed to unregister SMS receiver", e)
+            }
+            isReceiverRegistered = false
+            smsReceiver = null
+        }
+        isListening = false
+    }
+
+    override fun addListener(eventName: String) {
+        // Required for NativeEventEmitter; no-op.
+    }
+
+    override fun removeListeners(count: Double) {
+        unregisterReceiver()
+    }
+
+    override fun onHostResume() {
+        // Optionally re-register if we were listening and activity was recreated.
+        if (isListening && currentActivity != null && !isReceiverRegistered) {
+            currentActivity?.let { registerReceiverIfNecessary(it) }
+        }
+    }
+
+    override fun onHostPause() {
+        unregisterReceiver()
+    }
+
+    override fun onHostDestroy() {
+        unregisterReceiver()
+        reactApplicationContext.removeLifecycleEventListener(this)
+    }
+
+    override fun invalidate() {
+        unregisterReceiver()
+        reactApplicationContext.removeLifecycleEventListener(this)
+        super.invalidate()
+    }
+}

package/android/src/main/java/com/otpautoverify/OtpAutoVerifyPackage.kt

@@ -0,0 +1,33 @@
+package com.otpautoverify
+
+import com.facebook.react.BaseReactPackage
+import com.facebook.react.bridge.NativeModule
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.module.model.ReactModuleInfo
+import com.facebook.react.module.model.ReactModuleInfoProvider
+import java.util.HashMap
+
+class OtpAutoVerifyPackage : BaseReactPackage() {
+  override fun getModule(name: String, reactContext: ReactApplicationContext): NativeModule? {
+    return if (name == OtpAutoVerifyModule.NAME) {
+      OtpAutoVerifyModule(reactContext)
+    } else {
+      null
+    }
+  }
+
+  override fun getReactModuleInfoProvider(): ReactModuleInfoProvider {
+    return ReactModuleInfoProvider {
+      val moduleInfos: MutableMap<String, ReactModuleInfo> = HashMap()
+      moduleInfos[OtpAutoVerifyModule.NAME] = ReactModuleInfo(
+        OtpAutoVerifyModule.NAME,
+        OtpAutoVerifyModule.NAME,
+        false,  // canOverrideExistingModule
+        false,  // needsEagerInit
+        false,  // isCxxModule
+        true // isTurboModule
+      )
+      moduleInfos
+    }
+  }
+}

package/android/src/main/java/com/otpautoverify/SmsRetrieverBroadcastReceiver.kt

@@ -0,0 +1,61 @@
+package com.otpautoverify
+
+import android.content.BroadcastReceiver
+import android.content.Context
+import android.content.Intent
+import android.os.Bundle
+import android.util.Log
+import com.facebook.react.bridge.ReactApplicationContext
+import com.google.android.gms.auth.api.phone.SmsRetriever
+import com.google.android.gms.common.api.CommonStatusCodes
+import com.google.android.gms.common.api.Status
+
+/**
+ * Receives SMS Retriever API results and forwards the message or timeout to JS via RCTDeviceEventEmitter.
+ * No READ_SMS permission required; fully Play Store compliant.
+ */
+class SmsRetrieverBroadcastReceiver(
+    private val reactContext: ReactApplicationContext,
+    private val eventName: String
+) : BroadcastReceiver() {
+
+    companion object {
+        private const val TAG = "SmsRetrieverReceiver"
+        const val TIMEOUT_MESSAGE = "Timeout Error."
+    }
+
+    override fun onReceive(context: Context?, intent: Intent?) {
+        if (intent?.action != SmsRetriever.SMS_RETRIEVED_ACTION) return
+        val extras: Bundle = intent.extras ?: return
+        val status = extras.get(SmsRetriever.EXTRA_STATUS) as? Status ?: return
+
+        when (status.statusCode) {
+            CommonStatusCodes.SUCCESS -> {
+                val message = extras.getString(SmsRetriever.EXTRA_SMS_MESSAGE)
+                if (message != null) {
+                    Log.d(TAG, "SMS received")
+                    emitMessage(message)
+                }
+            }
+            CommonStatusCodes.TIMEOUT -> {
+                Log.d(TAG, "SMS retriever timeout")
+                emitMessage(TIMEOUT_MESSAGE)
+            }
+            else -> {
+                Log.w(TAG, "SMS retriever status: ${status.statusCode}")
+            }
+        }
+    }
+
+    private fun emitMessage(message: String) {
+        if (!reactContext.hasActiveReactInstance()) return
+        reactContext.runOnJSQueueThread {
+            try {
+                reactContext.getJSModule(com.facebook.react.modules.core.DeviceEventManagerModule.RCTDeviceEventEmitter::class.java)
+                    ?.emit(eventName, message)
+            } catch (e: Exception) {
+                Log.e(TAG, "Failed to emit OTP event", e)
+            }
+        }
+    }
+}

package/ios/OtpAutoVerify.h

@@ -0,0 +1,5 @@
+#import <OtpAutoVerifySpec/OtpAutoVerifySpec.h>
+
+@interface OtpAutoVerify : NSObject <NativeOtpAutoVerifySpec>
+
+@end

package/ios/OtpAutoVerify.mm

@@ -0,0 +1,36 @@
+#import "OtpAutoVerify.h"
+
+@implementation OtpAutoVerify
+
+- (NSDictionary *)getConstants {
+  return @{ @"OTP_RECEIVED_EVENT": @"otpReceived" };
+}
+
+- (void)getHash:(RCTPromiseResolveBlock)resolve reject:(RCTPromiseRejectBlock)reject {
+  resolve(@[]);
+}
+
+- (void)startSmsRetriever:(RCTPromiseResolveBlock)resolve reject:(RCTPromiseRejectBlock)reject {
+  resolve(@NO);
+}
+
+- (void)addListener:(NSString *)eventName {
+  // No-op on iOS; SMS Retriever is Android-only.
+}
+
+- (void)removeListeners:(double)count {
+  // No-op on iOS.
+}
+
+- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
+    (const facebook::react::ObjCTurboModule::InitParams &)params
+{
+  return std::make_shared<facebook::react::NativeOtpAutoVerifySpecJSI>(params);
+}
+
++ (NSString *)moduleName
+{
+  return @"OtpAutoVerify";
+}
+
+@end

package/lib/module/NativeOtpAutoVerify.ts

@@ -0,0 +1,11 @@
+import { TurboModuleRegistry, type TurboModule } from 'react-native';
+
+export interface Spec extends TurboModule {
+  getConstants(): { OTP_RECEIVED_EVENT: string };
+  getHash(): Promise<ReadonlyArray<string>>;
+  startSmsRetriever(): Promise<boolean>;
+  addListener(eventName: string): void;
+  removeListeners(count: number): void;
+}
+
+export default TurboModuleRegistry.getEnforcing<Spec>('OtpAutoVerify');

package/lib/module/index.js

@@ -0,0 +1,110 @@
+"use strict";
+
+import * as React from 'react';
+import { NativeEventEmitter, NativeModules, Platform } from 'react-native';
+import NativeOtpAutoVerify from './NativeOtpAutoVerify';
+const {
+  OtpAutoVerify
+} = NativeModules;
+const eventEmitter = Platform.OS === 'android' && OtpAutoVerify ? new NativeEventEmitter(OtpAutoVerify) : null;
+const OTP_RECEIVED_EVENT = NativeOtpAutoVerify.getConstants?.()?.OTP_RECEIVED_EVENT ?? 'otpReceived';
+const TIMEOUT_MESSAGE = 'Timeout Error.';
+const DEFAULT_DIGITS = 6;
+const OTP_REGEX = {
+  4: /\b(\d{4})\b/,
+  5: /\b(\d{5})\b/,
+  6: /\b(\d{6})\b/
+};
+/** Extracts a numeric OTP of 4–6 digits from SMS text. */
+export function extractOtp(sms, numberOfDigits = DEFAULT_DIGITS) {
+  if (!sms || typeof sms !== 'string') return null;
+  const match = sms.match(OTP_REGEX[numberOfDigits]);
+  return match ? match[1] : null;
+}
+
+/** Returns app hash strings for the current app. Android only; iOS returns []. */
+export async function getHash() {
+  if (Platform.OS !== 'android') return [];
+  const arr = await NativeOtpAutoVerify.getHash();
+  return Array.from(arr);
+}
+
+/** Starts SMS Retriever and subscribes to OTP events. Returns subscription with remove(). */
+export async function activateOtpListener(handler, options) {
+  if (Platform.OS !== 'android' || !eventEmitter) {
+    throw new Error('SMS Retriever is only supported on Android.');
+  }
+  const numberOfDigits = options?.numberOfDigits ?? DEFAULT_DIGITS;
+  const subscription = eventEmitter.addListener(OTP_RECEIVED_EVENT, (...args) => {
+    const smsText = String(args[0] ?? '');
+    handler(smsText, extractOtp(smsText, numberOfDigits));
+  });
+  await NativeOtpAutoVerify.startSmsRetriever();
+  return {
+    remove: () => {
+      subscription.remove();
+      NativeOtpAutoVerify.removeListeners(0);
+    }
+  };
+}
+
+/** Stops SMS listening and removes all listeners. */
+export function removeListener() {
+  if (Platform.OS === 'android') {
+    NativeOtpAutoVerify.removeListeners(0);
+  }
+}
+
+/** Hook for OTP verification. Stops listener on unmount. */
+export function useOtpVerification(options = {}) {
+  const numberOfDigits = options.numberOfDigits ?? DEFAULT_DIGITS;
+  const [hashCode, setHashCode] = React.useState('');
+  const [otp, setOtp] = React.useState(null);
+  const [sms, setSms] = React.useState(null);
+  const [timeoutError, setTimeoutError] = React.useState(false);
+  const subscriptionRef = React.useRef(null);
+  const stopListening = React.useCallback(() => {
+    subscriptionRef.current?.remove();
+    subscriptionRef.current = null;
+    removeListener();
+  }, []);
+  const startListening = React.useCallback(async () => {
+    if (Platform.OS !== 'android') return;
+    setOtp(null);
+    setSms(null);
+    setTimeoutError(false);
+    try {
+      const hashes = await getHash();
+      setHashCode(hashes[0] ?? '');
+    } catch {
+      // getHash failed; continue to start listener
+    }
+    try {
+      const sub = await activateOtpListener((smsText, extractedOtp) => {
+        setSms(smsText);
+        if (smsText === TIMEOUT_MESSAGE) {
+          setTimeoutError(true);
+          return;
+        }
+        if (extractedOtp) setOtp(extractedOtp);
+      }, {
+        numberOfDigits
+      });
+      subscriptionRef.current = sub;
+    } catch {
+      subscriptionRef.current = null;
+      throw new Error('Failed to start OTP listener');
+    }
+  }, [numberOfDigits]);
+  React.useEffect(() => () => stopListening(), [stopListening]);
+  return React.useMemo(() => ({
+    hashCode,
+    otp,
+    sms,
+    timeoutError,
+    startListening,
+    stopListening
+  }), [hashCode, otp, sms, timeoutError, startListening, stopListening]);
+}
+export { OTP_RECEIVED_EVENT };
+//# sourceMappingURL=index.js.map

package/lib/module/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["React","NativeEventEmitter","NativeModules","Platform","NativeOtpAutoVerify","OtpAutoVerify","eventEmitter","OS","OTP_RECEIVED_EVENT","getConstants","TIMEOUT_MESSAGE","DEFAULT_DIGITS","OTP_REGEX","extractOtp","sms","numberOfDigits","match","getHash","arr","Array","from","activateOtpListener","handler","options","Error","subscription","addListener","args","smsText","String","startSmsRetriever","remove","removeListeners","removeListener","useOtpVerification","hashCode","setHashCode","useState","otp","setOtp","setSms","timeoutError","setTimeoutError","subscriptionRef","useRef","stopListening","useCallback","current","startListening","hashes","sub","extractedOtp","useEffect","useMemo"],"sourceRoot":"..\\..\\src","sources":["index.tsx"],"mappings":";;AAAA,OAAO,KAAKA,KAAK,MAAM,OAAO;AAC9B,SAASC,kBAAkB,EAAEC,aAAa,EAAEC,QAAQ,QAAQ,cAAc;AAC1E,OAAOC,mBAAmB,MAAM,uBAAuB;AAEvD,MAAM;EAAEC;AAAc,CAAC,GAAGH,aAAa;AACvC,MAAMI,YAAY,GAChBH,QAAQ,CAACI,EAAE,KAAK,SAAS,IAAIF,aAAa,GACtC,IAAIJ,kBAAkB,CAACI,aAAa,CAAC,GACrC,IAAI;AAEV,MAAMG,kBAAkB,GACrBJ,mBAAmB,CAACK,YAAY,GAAG,CAAC,EAAED,kBAAkB,IACzD,aAAa;AAEf,MAAME,eAAe,GAAG,gBAAgB;AACxC,MAAMC,cAAc,GAAG,CAAC;AAIxB,MAAMC,SAAoC,GAAG;EAC3C,CAAC,EAAE,aAAa;EAChB,CAAC,EAAE,aAAa;EAChB,CAAC,EAAE;AACL,CAAC;AA0BD;AACA,OAAO,SAASC,UAAUA,CACxBC,GAAW,EACXC,cAAyB,GAAGJ,cAAc,EAC3B;EACf,IAAI,CAACG,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE,OAAO,IAAI;EAChD,MAAME,KAAK,GAAGF,GAAG,CAACE,KAAK,CAACJ,SAAS,CAACG,cAAc,CAAC,CAAC;EAClD,OAAOC,KAAK,GAAGA,KAAK,CAAC,CAAC,CAAC,GAAI,IAAI;AACjC;;AAEA;AACA,OAAO,eAAeC,OAAOA,CAAA,EAAsB;EACjD,IAAId,QAAQ,CAACI,EAAE,KAAK,SAAS,EAAE,OAAO,EAAE;EACxC,MAAMW,GAAG,GAAG,MAAMd,mBAAmB,CAACa,OAAO,CAAC,CAAC;EAC/C,OAAOE,KAAK,CAACC,IAAI,CAACF,GAAG,CAAC;AACxB;;AAEA;AACA,OAAO,eAAeG,mBAAmBA,CACvCC,OAA4D,EAC5DC,OAAwC,EACN;EAClC,IAAIpB,QAAQ,CAACI,EAAE,KAAK,SAAS,IAAI,CAACD,YAAY,EAAE;IAC9C,MAAM,IAAIkB,KAAK,CAAC,6CAA6C,CAAC;EAChE;EAEA,MAAMT,cAAc,GAAGQ,OAAO,EAAER,cAAc,IAAIJ,cAAc;EAChE,MAAMc,YAAY,GAAGnB,YAAY,CAACoB,WAAW,CAC3ClB,kBAAkB,EAClB,CAAC,GAAGmB,IAAe,KAAK;IACtB,MAAMC,OAAO,GAAGC,MAAM,CAACF,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrCL,OAAO,CAACM,OAAO,EAAEf,UAAU,CAACe,OAAO,EAAEb,cAAc,CAAC,CAAC;EACvD,CACF,CAAC;EAED,MAAMX,mBAAmB,CAAC0B,iBAAiB,CAAC,CAAC;EAC7C,OAAO;IACLC,MAAM,EAAEA,CAAA,KAAM;MACZN,YAAY,CAACM,MAAM,CAAC,CAAC;MACrB3B,mBAAmB,CAAC4B,eAAe,CAAC,CAAC,CAAC;IACxC;EACF,CAAC;AACH;;AAEA;AACA,OAAO,SAASC,cAAcA,CAAA,EAAS;EACrC,IAAI9B,QAAQ,CAACI,EAAE,KAAK,SAAS,EAAE;IAC7BH,mBAAmB,CAAC4B,eAAe,CAAC,CAAC,CAAC;EACxC;AACF;;AAEA;AACA,OAAO,SAASE,kBAAkBA,CAChCX,OAAkC,GAAG,CAAC,CAAC,EACb;EAC1B,MAAMR,cAAc,GAAGQ,OAAO,CAACR,cAAc,IAAIJ,cAAc;EAC/D,MAAM,CAACwB,QAAQ,EAAEC,WAAW,CAAC,GAAGpC,KAAK,CAACqC,QAAQ,CAAC,EAAE,CAAC;EAClD,MAAM,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAGvC,KAAK,CAACqC,QAAQ,CAAgB,IAAI,CAAC;EACzD,MAAM,CAACvB,GAAG,EAAE0B,MAAM,CAAC,GAAGxC,KAAK,CAACqC,QAAQ,CAAgB,IAAI,CAAC;EACzD,MAAM,CAACI,YAAY,EAAEC,eAAe,CAAC,GAAG1C,KAAK,CAACqC,QAAQ,CAAC,KAAK,CAAC;EAC7D,MAAMM,eAAe,GAAG3C,KAAK,CAAC4C,MAAM,CAAiC,IAAI,CAAC;EAE1E,MAAMC,aAAa,GAAG7C,KAAK,CAAC8C,WAAW,CAAC,MAAM;IAC5CH,eAAe,CAACI,OAAO,EAAEhB,MAAM,CAAC,CAAC;IACjCY,eAAe,CAACI,OAAO,GAAG,IAAI;IAC9Bd,cAAc,CAAC,CAAC;EAClB,CAAC,EAAE,EAAE,CAAC;EAEN,MAAMe,cAAc,GAAGhD,KAAK,CAAC8C,WAAW,CAAC,YAAY;IACnD,IAAI3C,QAAQ,CAACI,EAAE,KAAK,SAAS,EAAE;IAC/BgC,MAAM,CAAC,IAAI,CAAC;IACZC,MAAM,CAAC,IAAI,CAAC;IACZE,eAAe,CAAC,KAAK,CAAC;IACtB,IAAI;MACF,MAAMO,MAAM,GAAG,MAAMhC,OAAO,CAAC,CAAC;MAC9BmB,WAAW,CAACa,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC,CAAC,MAAM;MACN;IAAA;IAEF,IAAI;MACF,MAAMC,GAAG,GAAG,MAAM7B,mBAAmB,CACnC,CAACO,OAAe,EAAEuB,YAAuC,KAAK;QAC5DX,MAAM,CAACZ,OAAO,CAAC;QACf,IAAIA,OAAO,KAAKlB,eAAe,EAAE;UAC/BgC,eAAe,CAAC,IAAI,CAAC;UACrB;QACF;QACA,IAAIS,YAAY,EAAEZ,MAAM,CAACY,YAAY,CAAC;MACxC,CAAC,EACD;QAAEpC;MAAe,CACnB,CAAC;MACD4B,eAAe,CAACI,OAAO,GAAGG,GAAG;IAC/B,CAAC,CAAC,MAAM;MACNP,eAAe,CAACI,OAAO,GAAG,IAAI;MAC9B,MAAM,IAAIvB,KAAK,CAAC,8BAA8B,CAAC;IACjD;EACF,CAAC,EAAE,CAACT,cAAc,CAAC,CAAC;EAEpBf,KAAK,CAACoD,SAAS,CAAC,MAAM,MAAMP,aAAa,CAAC,CAAC,EAAE,CAACA,aAAa,CAAC,CAAC;EAE7D,OAAO7C,KAAK,CAACqD,OAAO,CAClB,OAAO;IACLlB,QAAQ;IACRG,GAAG;IACHxB,GAAG;IACH2B,YAAY;IACZO,cAAc;IACdH;EACF,CAAC,CAAC,EACF,CAACV,QAAQ,EAAEG,GAAG,EAAExB,GAAG,EAAE2B,YAAY,EAAEO,cAAc,EAAEH,aAAa,CAClE,CAAC;AACH;AAEA,SAASrC,kBAAkB","ignoreList":[]}

package/lib/module/package.json

@@ -0,0 +1 @@
+{"type":"module"}

package/lib/typescript/package.json

@@ -0,0 +1 @@
+{"type":"module"}

package/lib/typescript/src/NativeOtpAutoVerify.d.ts

@@ -0,0 +1,13 @@
+import { type TurboModule } from 'react-native';
+export interface Spec extends TurboModule {
+    getConstants(): {
+        OTP_RECEIVED_EVENT: string;
+    };
+    getHash(): Promise<ReadonlyArray<string>>;
+    startSmsRetriever(): Promise<boolean>;
+    addListener(eventName: string): void;
+    removeListeners(count: number): void;
+}
+declare const _default: Spec;
+export default _default;
+//# sourceMappingURL=NativeOtpAutoVerify.d.ts.map

package/lib/typescript/src/NativeOtpAutoVerify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NativeOtpAutoVerify.d.ts","sourceRoot":"","sources":["../../../src/NativeOtpAutoVerify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAErE,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,YAAY,IAAI;QAAE,kBAAkB,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/C,OAAO,IAAI,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1C,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;;AAED,wBAAuE"}

package/lib/typescript/src/index.d.ts

@@ -0,0 +1,37 @@
+declare const OTP_RECEIVED_EVENT: string;
+export type OtpDigits = 4 | 5 | 6;
+export interface UseOtpVerificationOptions {
+    /** Extract OTP with this many digits (4, 5, or 6). OTP is set when SMS is received. */
+    numberOfDigits?: OtpDigits;
+}
+export interface UseOtpVerificationResult {
+    /** App hash string for SMS (e.g. "uW87Uq6teXc"). Use at end of your OTP message. */
+    hashCode: string;
+    /** Extracted OTP when numberOfDigits is set and an SMS was received. */
+    otp: string | null;
+    /** Full SMS text when received. */
+    sms: string | null;
+    /** True when the 5-minute SMS Retriever timeout occurred. */
+    timeoutError: boolean;
+    /** Start listening for OTP again (e.g. after timeout or error). */
+    startListening: () => Promise<void>;
+    /** Stop listening and clean up. Call on unmount. */
+    stopListening: () => void;
+}
+export interface OtpListenerSubscription {
+    remove: () => void;
+}
+/** Extracts a numeric OTP of 4–6 digits from SMS text. */
+export declare function extractOtp(sms: string, numberOfDigits?: OtpDigits): string | null;
+/** Returns app hash strings for the current app. Android only; iOS returns []. */
+export declare function getHash(): Promise<string[]>;
+/** Starts SMS Retriever and subscribes to OTP events. Returns subscription with remove(). */
+export declare function activateOtpListener(handler: (sms: string, extractedOtp?: string | null) => void, options?: {
+    numberOfDigits?: OtpDigits;
+}): Promise<OtpListenerSubscription>;
+/** Stops SMS listening and removes all listeners. */
+export declare function removeListener(): void;
+/** Hook for OTP verification. Stops listener on unmount. */
+export declare function useOtpVerification(options?: UseOtpVerificationOptions): UseOtpVerificationResult;
+export { OTP_RECEIVED_EVENT };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.tsx"],"names":[],"mappings":"AAUA,QAAA,MAAM,kBAAkB,QAET,CAAC;AAKhB,MAAM,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAQlC,MAAM,WAAW,yBAAyB;IACxC,uFAAuF;IACvF,cAAc,CAAC,EAAE,SAAS,CAAC;CAC5B;AAED,MAAM,WAAW,wBAAwB;IACvC,oFAAoF;IACpF,QAAQ,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,mCAAmC;IACnC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,6DAA6D;IAC7D,YAAY,EAAE,OAAO,CAAC;IACtB,mEAAmE;IACnE,cAAc,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,oDAAoD;IACpD,aAAa,EAAE,MAAM,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,IAAI,CAAC;CACpB;AAED,0DAA0D;AAC1D,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,cAAc,GAAE,SAA0B,GACzC,MAAM,GAAG,IAAI,CAIf;AAED,kFAAkF;AAClF,wBAAsB,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAIjD;AAED,6FAA6F;AAC7F,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,EAC5D,OAAO,CAAC,EAAE;IAAE,cAAc,CAAC,EAAE,SAAS,CAAA;CAAE,GACvC,OAAO,CAAC,uBAAuB,CAAC,CAqBlC;AAED,qDAAqD;AACrD,wBAAgB,cAAc,IAAI,IAAI,CAIrC;AAED,4DAA4D;AAC5D,wBAAgB,kBAAkB,CAChC,OAAO,GAAE,yBAA8B,GACtC,wBAAwB,CAyD1B;AAED,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/package.json

@@ -0,0 +1,176 @@
+{
+  "name": "react-native-otp-auto-verify",
+  "version": "0.1.0",
+  "description": "react-native-otp-auto-verify is a React Native library for automatic OTP detection and verification on Android using the Google SMS Retriever API. It enables secure, permission-less OTP auto-reading without requiring READ_SMS, making it fully Play Store compliant.",
+  "keywords": [
+    "react-native",
+    "ios",
+    "android"
+  ],
+  "homepage": "https://github.com/kailas-rathod/react-native-otp-auto-verify#readme",
+  "bugs": {
+    "url": "https://github.com/kailas-rathod/react-native-otp-auto-verify/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kailas-rathod/react-native-otp-auto-verify.git"
+  },
+  "license": "MIT",
+  "author": "Kailas Rathod (https://github.com/kailas-rathod)",
+  "type": "commonjs",
+  "exports": {
+    ".": {
+      "source": "./src/index.tsx",
+      "types": "./lib/typescript/src/index.d.ts",
+      "default": "./lib/module/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "main": "./lib/module/index.js",
+  "types": "./lib/typescript/src/index.d.ts",
+  "directories": {
+    "example": "example"
+  },
+  "files": [
+    "src",
+    "lib",
+    "android",
+    "ios",
+    "cpp",
+    "*.podspec",
+    "react-native.config.js",
+    "!ios/build",
+    "!android/build",
+    "!android/gradle",
+    "!android/gradlew",
+    "!android/gradlew.bat",
+    "!android/local.properties",
+    "!**/__tests__",
+    "!**/__fixtures__",
+    "!**/__mocks__",
+    "!**/.*"
+  ],
+  "workspaces": [
+    "example"
+  ],
+  "scripts": {
+    "example": "yarn workspace react-native-otp-auto-verify-example",
+    "clean": "del-cli android/build example/android/build example/android/app/build example/ios/build lib",
+    "prepare": "bob build",
+    "typecheck": "tsc",
+    "lint": "eslint \"**/*.{js,ts,tsx}\"",
+    "test": "jest",
+    "release": "release-it --only-version"
+  },
+  "dependencies": {
+   
+  },
+  "devDependencies": {
+    "@commitlint/config-conventional": "^19.8.1",
+    "@eslint/compat": "^1.3.2",
+    "@eslint/eslintrc": "^3.3.1",
+    "@eslint/js": "^9.35.0",
+    "@react-native/babel-preset": "0.83.0",
+    "@react-native/eslint-config": "0.83.0",
+    "@release-it/conventional-changelog": "^10.0.1",
+    "@types/jest": "^29.5.14",
+    "@types/react": "^19.2.0",
+    "commitlint": "^19.8.1",
+    "del-cli": "^6.0.0",
+    "eslint": "^9.35.0",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-prettier": "^5.5.4",
+    "jest": "^29.7.0",
+    "lefthook": "^2.0.3",
+    "prettier": "^2.8.8",
+    "react": "19.2.0",
+    "react-native": "0.83.0",
+    "react-native-builder-bob": "0.39.1",
+    "release-it": "^19.0.4",
+    "turbo": "^2.5.6",
+    "typescript": "^5.9.2"
+  },
+  "peerDependencies": {
+    "react": "*",
+    "react-native": "*"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/"
+  },
+  "packageManager": "yarn@4.11.0",
+  "react-native-builder-bob": {
+    "source": "src",
+    "output": "lib",
+    "targets": [
+      [
+        "module",
+        {
+          "esm": true
+        }
+      ],
+      [
+        "typescript",
+        {
+          "project": "tsconfig.build.json"
+        }
+      ]
+    ]
+  },
+  "codegenConfig": {
+    "name": "OtpAutoVerifySpec",
+    "type": "modules",
+    "jsSrcsDir": "src",
+    "android": {
+      "javaPackageName": "com.otpautoverify"
+    }
+  },
+  "prettier": {
+    "quoteProps": "consistent",
+    "singleQuote": true,
+    "tabWidth": 2,
+    "trailingComma": "es5",
+    "useTabs": false
+  },
+  "jest": {
+    "preset": "react-native",
+    "modulePathIgnorePatterns": [
+      "<rootDir>/example/node_modules",
+      "<rootDir>/lib/"
+    ]
+  },
+  "commitlint": {
+    "extends": [
+      "@commitlint/config-conventional"
+    ]
+  },
+  "release-it": {
+    "git": {
+      "commitMessage": "chore: release ${version}",
+      "tagName": "v${version}"
+    },
+    "npm": {
+      "publish": true
+    },
+    "github": {
+      "release": true
+    },
+    "plugins": {
+      "@release-it/conventional-changelog": {
+        "preset": {
+          "name": "angular"
+        }
+      }
+    }
+  },
+  "create-react-native-library": {
+    "type": "turbo-module",
+    "languages": "kotlin-objc",
+    "tools": [
+      "eslint",
+      "jest",
+      "lefthook",
+      "release-it"
+    ],
+    "version": "0.57.0"
+  }
+}

package/react-native.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  dependency: {
+    platforms: {
+      android: {},
+      ios: {},
+    },
+  },
+};

package/src/NativeOtpAutoVerify.ts

@@ -0,0 +1,11 @@
+import { TurboModuleRegistry, type TurboModule } from 'react-native';
+
+export interface Spec extends TurboModule {
+  getConstants(): { OTP_RECEIVED_EVENT: string };
+  getHash(): Promise<ReadonlyArray<string>>;
+  startSmsRetriever(): Promise<boolean>;
+  addListener(eventName: string): void;
+  removeListeners(count: number): void;
+}
+
+export default TurboModuleRegistry.getEnforcing<Spec>('OtpAutoVerify');

package/src/index.tsx

@@ -0,0 +1,163 @@
+import * as React from 'react';
+import { NativeEventEmitter, NativeModules, Platform } from 'react-native';
+import NativeOtpAutoVerify from './NativeOtpAutoVerify';
+
+const { OtpAutoVerify } = NativeModules;
+const eventEmitter =
+  Platform.OS === 'android' && OtpAutoVerify
+    ? new NativeEventEmitter(OtpAutoVerify)
+    : null;
+
+const OTP_RECEIVED_EVENT =
+  (NativeOtpAutoVerify.getConstants?.()?.OTP_RECEIVED_EVENT as string) ??
+  'otpReceived';
+
+const TIMEOUT_MESSAGE = 'Timeout Error.';
+const DEFAULT_DIGITS = 6;
+
+export type OtpDigits = 4 | 5 | 6;
+
+const OTP_REGEX: Record<OtpDigits, RegExp> = {
+  4: /\b(\d{4})\b/,
+  5: /\b(\d{5})\b/,
+  6: /\b(\d{6})\b/,
+};
+
+export interface UseOtpVerificationOptions {
+  /** Extract OTP with this many digits (4, 5, or 6). OTP is set when SMS is received. */
+  numberOfDigits?: OtpDigits;
+}
+
+export interface UseOtpVerificationResult {
+  /** App hash string for SMS (e.g. "uW87Uq6teXc"). Use at end of your OTP message. */
+  hashCode: string;
+  /** Extracted OTP when numberOfDigits is set and an SMS was received. */
+  otp: string | null;
+  /** Full SMS text when received. */
+  sms: string | null;
+  /** True when the 5-minute SMS Retriever timeout occurred. */
+  timeoutError: boolean;
+  /** Start listening for OTP again (e.g. after timeout or error). */
+  startListening: () => Promise<void>;
+  /** Stop listening and clean up. Call on unmount. */
+  stopListening: () => void;
+}
+
+export interface OtpListenerSubscription {
+  remove: () => void;
+}
+
+/** Extracts a numeric OTP of 4–6 digits from SMS text. */
+export function extractOtp(
+  sms: string,
+  numberOfDigits: OtpDigits = DEFAULT_DIGITS
+): string | null {
+  if (!sms || typeof sms !== 'string') return null;
+  const match = sms.match(OTP_REGEX[numberOfDigits]);
+  return match ? match[1]! : null;
+}
+
+/** Returns app hash strings for the current app. Android only; iOS returns []. */
+export async function getHash(): Promise<string[]> {
+  if (Platform.OS !== 'android') return [];
+  const arr = await NativeOtpAutoVerify.getHash();
+  return Array.from(arr);
+}
+
+/** Starts SMS Retriever and subscribes to OTP events. Returns subscription with remove(). */
+export async function activateOtpListener(
+  handler: (sms: string, extractedOtp?: string | null) => void,
+  options?: { numberOfDigits?: OtpDigits }
+): Promise<OtpListenerSubscription> {
+  if (Platform.OS !== 'android' || !eventEmitter) {
+    throw new Error('SMS Retriever is only supported on Android.');
+  }
+
+  const numberOfDigits = options?.numberOfDigits ?? DEFAULT_DIGITS;
+  const subscription = eventEmitter.addListener(
+    OTP_RECEIVED_EVENT,
+    (...args: unknown[]) => {
+      const smsText = String(args[0] ?? '');
+      handler(smsText, extractOtp(smsText, numberOfDigits));
+    }
+  );
+
+  await NativeOtpAutoVerify.startSmsRetriever();
+  return {
+    remove: () => {
+      subscription.remove();
+      NativeOtpAutoVerify.removeListeners(0);
+    },
+  };
+}
+
+/** Stops SMS listening and removes all listeners. */
+export function removeListener(): void {
+  if (Platform.OS === 'android') {
+    NativeOtpAutoVerify.removeListeners(0);
+  }
+}
+
+/** Hook for OTP verification. Stops listener on unmount. */
+export function useOtpVerification(
+  options: UseOtpVerificationOptions = {}
+): UseOtpVerificationResult {
+  const numberOfDigits = options.numberOfDigits ?? DEFAULT_DIGITS;
+  const [hashCode, setHashCode] = React.useState('');
+  const [otp, setOtp] = React.useState<string | null>(null);
+  const [sms, setSms] = React.useState<string | null>(null);
+  const [timeoutError, setTimeoutError] = React.useState(false);
+  const subscriptionRef = React.useRef<OtpListenerSubscription | null>(null);
+
+  const stopListening = React.useCallback(() => {
+    subscriptionRef.current?.remove();
+    subscriptionRef.current = null;
+    removeListener();
+  }, []);
+
+  const startListening = React.useCallback(async () => {
+    if (Platform.OS !== 'android') return;
+    setOtp(null);
+    setSms(null);
+    setTimeoutError(false);
+    try {
+      const hashes = await getHash();
+      setHashCode(hashes[0] ?? '');
+    } catch {
+      // getHash failed; continue to start listener
+    }
+    try {
+      const sub = await activateOtpListener(
+        (smsText: string, extractedOtp: string | null | undefined) => {
+          setSms(smsText);
+          if (smsText === TIMEOUT_MESSAGE) {
+            setTimeoutError(true);
+            return;
+          }
+          if (extractedOtp) setOtp(extractedOtp);
+        },
+        { numberOfDigits }
+      );
+      subscriptionRef.current = sub;
+    } catch {
+      subscriptionRef.current = null;
+      throw new Error('Failed to start OTP listener');
+    }
+  }, [numberOfDigits]);
+
+  React.useEffect(() => () => stopListening(), [stopListening]);
+
+  return React.useMemo(
+    () => ({
+      hashCode,
+      otp,
+      sms,
+      timeoutError,
+      startListening,
+      stopListening,
+    }),
+    [hashCode, otp, sms, timeoutError, startListening, stopListening]
+  );
+}
+
+export { OTP_RECEIVED_EVENT };