OTPAuth is a One Time Password (HOTP and TOTP) library for Node.js, Deno, Bun, and browsers. It helps you generate and validate MFA or 2FA one-time codes, and it can convert TOTP settings to and from Google Authenticator key URI format.
Project status
- Actively maintained: The upstream push was on 2026-06-10, and updates continue into 2026 (latest documented update v9.5.1 on 2026-04-25), indicating ongoing maintenance rather than a dormant state.
- Update cadence: Recent updates arrive on a roughly 2 to 3 month rhythm (examples: v9.4.1 2025-08-12, v9.5.0 2026-02-04, v9.5.1 2026-04-25), with no long gaps evident in the provided history.
AI summary generated
Recent updates
v9.5.1
Release v9.5.1 primarily updates build tooling and dependencies, then republishes rebuilt distribution bundles. Release notes only mention dependency bumps, but the bundled code shows additional behavioral changes coming from the @noble/hashes upgrade.
v9.5.0
v9.5.0 primarily introduces custom HMAC support plus a new bare build intended for environments where crypto is not bundled. It also includes a number of dependency and CI tooling bumps, including @noble/hashes moving from 1.8.0 to 2.0.1 and several GitHub Actions version updates.
Featuresv9.4.1
Release v9.4.1 primarily consists of dependency bumps, including updating @noble/hashes to 1.8.0, @types/node to 24.0.3, and github/codeql-action to 3.29.2. The published artifacts (dist bundles) were regenerated accordingly, and several CI workflows were also updated.
v9.4.0
Release v9.4.0 primarily consists of dependency updates and a TOTP API enhancement. It adds a static TOTP counter helper, and the implementation now routes internal counter computation through that helper. The release notes do not fully describe the additional TOTP helpers that were introduced.
Featuresv9.3.6
v9.3.6 primarily updates several dependencies, including @noble/hashes (1.5.0 to 1.6.1), mocha (10.8.2 to 11.0.1), and GitHub CodeQL action versions. It also includes a code fix for a shifting/conversion issue in uintEncode.
v9.3.5
v9.3.5 release notes mainly describe dependency bumps (GitHub CodeQL action and npm dev dependency groups). However, the actual diff includes real runtime code changes around how the HOTP and TOTP algorithm option is normalized and validated.
v9.3.4
Release v9.3.4 primarily updates GitHub Actions workflow pins via a dependabot “github-actions-all” bump. However, the code diff also changes OTP validation behavior and TypeScript typings around the HOTP and TOTP `digits` configuration.
v9.3.3
Release v9.3.3 primarily updates bundled and CI dependencies (notably @noble/hashes) via dependabot. While the release notes describe dependency bumps only, the actual code diff also changes runtime decoding behavior in the library.
v9.3.2
Release v9.3.2 primarily updates CI tooling and development dependencies via Dependabot (actions, CodeQL, and various npm-dev packages). The library code changes visible in the diff are minimal, with regenerated dist bundles reflecting the new version. One internal crypto helper was refactored and README wording was adjusted, but the release notes do not call these out explicitly.
v9.3.1
Release v9.3.1 is documented as a Node type definition bump (@types/node 20.13.0 to 20.14.0). The code diff shows no clear runtime API changes, but there are process and documentation/example changes, including an added publishing job to JSR and an updated README snippet for computing remaining seconds.