ideal-auth

Auth primitives for the JS ecosystem — stateless encrypted sessions, password hashing, and two-factor support. Zero framework dependencies; inspired by Laravel's Auth and Hash facades. Current stable version is 1.2.0, released monthly. Key differentiators: uses iron-session for AES-256-CBC + HMAC encrypted cookies, supports two session modes (resolveUser for DB-backed, sessionFields for zero DB calls), built-in TOTP for 2FA, and per-request autoTouch override for frameworks like Next.js. Ships TypeScript types, requires Node >=18, and has optional bcryptjs peer dependency.