⚡ Powered by Rust + WebAssembly

Lightning-Fast
TOTP Generation

High-performance TypeScript library for generating Time-based One-Time Passwords (TOTP) with a Rust backend. RFC 6238 compliant with sub-millisecond performance.

npm install totp-turbo
<1ms
Generation Time
327KB
WASM Size
100%
RFC 6238

Why Choose TOTP Turbo?

Built for performance, security, and developer experience

🚀

Blazing Fast

Sub-millisecond token generation powered by optimized Rust code and WebAssembly

🔒

Secure & Compliant

RFC 6238 compliant implementation with support for SHA1, SHA256, and SHA512 algorithms

📱

Cross-Platform

Works seamlessly in browsers, Node.js, and any JavaScript runtime with WASM support

🎯

Type-Safe

Full TypeScript support with comprehensive type definitions and IntelliSense

⚙️

Configurable

Flexible configuration options including custom periods, algorithms, and token lengths

📦

Lightweight

Optimized bundle size under 350KB with tree-shaking support for minimal overhead

Interactive Demo

Try TOTP Turbo in your browser right now

Generated TOTP
------
30s

Quick Start

Get up and running in seconds

# Install via npm
npm install totp-turbo

# Install via yarn
yarn add totp-turbo

# Install via pnpm
pnpm add totp-turbo
import { TotpGenerator, Totp } from 'totp-turbo';

// Class-based API (recommended for repeated use)
const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP'
});

const token = totp.generate();
console.log(`Current TOTP: ${token}`);

// Verify a token
const isValid = totp.verify('123456');
console.log(`Token valid: ${isValid}`);

// Static API (for one-off generation)
const quickToken = Totp.generate('JBSWY3DPEHPK3PXP');
console.log(`Quick token: ${quickToken}`);
import { TotpGenerator, Totp } from 'totp-turbo';

// Advanced configuration
const totp = new TotpGenerator({
  secret: 'JBSWY3DPEHPK3PXP',
  digits: 8,                    // 8-digit tokens
  period: 60,                   // 60-second periods
  algorithm: 'SHA256',          // SHA256 algorithm
  skew: 2                       // Allow 2-step clock skew
});

// Generate token for specific timestamp
const historicalToken = totp.generateAt(1640995200);

// Generate Google Authenticator compatible URI
const uri = totp.generateUri('MyApp', 'user@example.com');
console.log(uri);
// otpauth://totp/MyApp:user@example.com?secret=...

// Generate random secret
const secret = TotpGenerator.generateSecret();
console.log(`New secret: ${secret}`);
interface TotpConfig {
  secret: string;                    // Base32 encoded secret (required)
  digits?: number;                   // Token length 4-8 (default: 6)
  period?: number;                   // Time step in seconds (default: 30)
  algorithm?: 'SHA1' | 'SHA256' | 'SHA512'; // Hash algorithm (default: SHA1)
  skew?: number;                     // Clock skew tolerance (default: 1)
  explicitZeroPad?: boolean;         // Zero padding (default: true)
  timestamp?: number;                // Custom timestamp in ms
}

// Example configurations
const configs = [
  { secret: 'ABC123', digits: 6 },
  { secret: 'DEF456', digits: 8, algorithm: 'SHA256' },
  { secret: 'GHI789', period: 60, skew: 3 },
  { secret: 'JKL012', timestamp: Date.now() }
];

Performance Benchmarks

Optimized for speed and efficiency

Token Generation
< 1ms
Average time per token
Memory Usage
< 1MB
Runtime footprint
Bundle Size
327KB
Optimized WASM
Browser Support
98%+
Modern browsers