🚀 Native Performance

High-Performance
TOTP Library

Lightweight, RFC 6238 compliant TOTP implementation using native Web Crypto API. Zero dependencies, full TypeScript support, works everywhere.

npm install totp-native
Try Interactive Demo View on GitHub
totp-example.ts 
import { TotpGenerator } from 'totp-native';

// Create TOTP generator
const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP',
  digits: 6,
  algorithm: 'SHA1'
});

// Generate current token
const token = await totp.generate();
console.log(`TOTP: ${token}`); // 123456

// Verify token
const isValid = await totp.verify(token);
console.log(`Valid: ${isValid}`); // true

Why Choose TOTP Native?

Built for modern applications with performance and security in mind

Native Performance

Uses Web Crypto API for optimal performance. No external dependencies, minimal bundle size.

🔒

RFC 6238 Compliant

Follows official TOTP specification with support for SHA-1, SHA-256, and SHA-512 algorithms.

📦

Zero Dependencies

No external dependencies required. Pure TypeScript implementation with full type safety.

🌐

Universal Support

Works in browsers and Node.js (16+). Same API across all environments.

🎯

Dual API Design

Both class-based API for repeated use and static methods for one-off operations.

📱

Google Authenticator

Generate standard otpauth:// URIs compatible with Google Authenticator and other apps.

Interactive Demo

Try TOTP Native in your browser with live token generation

Configuration

Live TOTP Token

------
Generating...

Code Examples

Get started quickly with these practical examples

import { TotpGenerator, Totp } from 'totp-native';

// Class-based API (recommended for repeated use)
const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP'
});

const token = await totp.generate();
console.log(`Current TOTP: ${token}`);

// Static API (for one-off operations)
const staticToken = await Totp.generate('JBSWY3DPEHPK3PXP');
console.log(`Static TOTP: ${staticToken}`);
import { TotpGenerator } from 'totp-native';

// Advanced configuration
const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP',
  digits: 8,              // 8-digit tokens
  period: 60,             // 60-second validity
  algorithm: 'SHA256',    // SHA-256 algorithm
  skew: 2                 // Allow 2-step time drift
});

// Generate for specific timestamp
const historicalToken = await totp.generateAt(1640995200);

// Get remaining time in current window
const remaining = Totp.getRemainingTime(60);
console.log(`Token expires in ${remaining} seconds`);
import { TotpGenerator } from 'totp-native';

const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP',
  skew: 1  // Allow 1-step clock drift
});

// Verify current token
const userToken = '123456';
const isValid = await totp.verify(userToken);

if (isValid) {
  console.log('✅ Token is valid');
} else {
  console.log('❌ Token is invalid');
}

// Verify with custom skew tolerance
const isValidWithSkew = await totp.verifyWithSkew(userToken, 2);
console.log(`Valid with 2-step skew: ${isValidWithSkew}`);
import { TotpGenerator } from 'totp-native';

// Generate secret
const secret = TotpGenerator.generateSecret();
console.log(`Secret: ${secret}`);

// Create TOTP generator
const totp = new TotpGenerator({ secret });

// Generate Google Authenticator URI
const uri = totp.generateUri('MyApp', 'user@example.com');
console.log(`URI: ${uri}`);

// Parse existing URI
const config = TotpGenerator.parseUri(uri);
console.log('Parsed config:', config);

// Use with QR code library
import QRCode from 'qrcode';
const qrCodeDataUrl = await QRCode.toDataURL(uri);
console.log(`QR Code: ${qrCodeDataUrl}`);

Performance Metrics

Optimized for speed and efficiency in all environments

📦
11.3kB
Bundle Size
Minified + Gzipped
<1ms
Generation Time
Average per token
🎯
0
Dependencies
Zero external deps
🌐
99%
Browser Support
Modern browsers

Benchmark Comparison

TOTP Native

Size: 11.3kB
Deps: 0
Speed: 1000 ops/sec

Alternative Libraries

Size: ~50kB
Deps: 3-5
Speed: 500 ops/sec