A One Time Password (OTP) generator npm library based on nanoid

Mobile number has become the defacto user authentication mechanism in India and hence, OTP generation is a very common use case. otp-gen-agent is a Nano ID based small utility lib to generate OTP (one time password).

Why avoid Math.random()?

In the documentation for Math.random(); the note mentions

Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security. Use the Web Crypto API instead, and more precisely the window.crypto.getRandomValues() method.

Read the blog, a real world scenario, Facebook JavaScript API; where the attacker was able to exploit the vulnerability.

Installation

npm install otp-gen-agent --save

Usage

Nano ID is a tiny, secure, URL-friendly, unique string ID generator for JavaScript.

• Small: 130 bytes (minified and gzipped). No dependencies. Size Limit controls the size.
• Safe: It uses hardware random generator. Can be used in clusters.

Read more in the section Security.

i) default

1
2
3
4

const { otpGen } = require('otp-gen-agent');

const otp = await otpGen(); // '344156'  (OTP length is 6 digit by default)

• Default OTP lenght is 6
• Default characters used to generate OTP is 0123456789

ii) custom otp generator

1
2
3
4

const { customOtpGen } = require('otp-gen-agent');

const otp = await customOtpGen({length: 4, chars: 'abc123'}); // 'a3c1'

arguments:

• options: optional
  • length: custom otp length
  • chars: custom characters

You can customise the OTP length and also the characters to be used for OTP generation.

iii) bulk otp generator

1
2
3
4

const { bulkOtpGen } = require('otp-gen-agent');

const otp = await bulkOtpGen(2); // Array of otps: ['344156', '512398']

1
2
3
4

const { bulkOtpGen } = require('otp-gen-agent');

const otp = await bulkOtpGen(2, {length = 5, chars: 'abcd123'} ); // Array of otps: ['312b3', 'bcddd']

arguments:

• num: number of OTPs to be generated in bulk
• opts: optional argument
  • length: custom otp length (default: 6)
  • chars: custom characters (default: 0123456789)

Useful in cases where number of OTPs to be generated is known before hand.

Conclusion

Nano ID uses the crypto module in Node.js and the Web Crypto API in browsers. These modules use unpredictable hardware random generator. otp-gen-agent is a small utility lib based on Nano ID for generating otp.

✨ Thank you for reading and I hope you find it helpful. I sincerely request for your feedback in the comment’s section.