{"library":"otp-without-db","title":"Database-less OTP Verification","description":"otp-without-db is a Node.js library, currently at version 1.0.6, designed for secure, database-less One-Time Password (OTP) verification. It leverages Node.js's built-in `crypto` module to create and verify HMAC-based hashes that encapsulate the OTP, recipient identifier (phone/email), and an expiration timestamp. This approach eliminates the need for persistent storage of OTPs on the server side, reducing database load and potential attack surface. The library's core functionality revolves around `createNewOTP` for generating a verifiable hash and `verifyOTP` for validating user-submitted credentials against that hash. While it handles verification, users must implement their own OTP generation (e.g., using `otp-generator`) and delivery mechanisms (SMS, email). The project has a relatively slow release cadence, suggesting a stable, feature-complete state since its initial publication. Its primary differentiator is the stateless, cryptographic verification model, which relies heavily on a shared secret key for security.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install otp-without-db"],"cli":null},"imports":["import { createNewOTP } from 'otp-without-db';","import { verifyOTP } from 'otp-without-db';","import * as otpTool from 'otp-without-db';"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import { createNewOTP, verifyOTP } from 'otp-without-db';\nimport otpGenerator from 'otp-generator';\n\n// Ensure you have otp-generator installed: npm install otp-generator\n\nconst SECRET_KEY = process.env.OTP_SECRET_KEY ?? 'your-very-secret-key-that-you-must-change-in-production-!!!!';\nconst userIdentifier = \"+15551234567\"; // Can be phone number or email\nconst expiresInMinutes = 5;\n\n// 1. Generate OTP (using an external library like otp-generator)\nconst otp = otpGenerator.generate(6, { upperCaseAlphabets: false, specialChars: false, lowerCaseAlphabets: false });\nconsole.log(`Generated OTP: ${otp}`);\n\n// 2. Create a secure hash to send to the user (and keep track of on your server, if needed for context)\n// This hash implicitly contains the identifier, OTP, and expiration time.\nconst hash = createNewOTP(userIdentifier, otp, SECRET_KEY, expiresInMinutes);\nconsole.log(`Generated Hash: ${hash}`);\n\n// In a real application, you would now send 'otp' to the user via SMS/email and 'hash' back to the client.\n// For demonstration, we simulate the user receiving and sending back the details.\n\n// --- User verification step (e.g., in an API endpoint) ---\nconst userProvidedOTP = otp; // User enters this, received via SMS/email\nconst userProvidedHash = hash; // Client sends this back, received in step 2\nconst userProvidedIdentifier = userIdentifier; // Client sends this back\n\n// 3. Verify the OTP hash\nconst isVerified = verifyOTP(userProvidedIdentifier, userProvidedOTP, userProvidedHash, SECRET_KEY);\n\nif (isVerified) {\n  console.log(\"OTP Verified Successfully!\");\n} else {\n  console.log(\"OTP Verification Failed or Expired.\");\n}\n","lang":"javascript","description":"Demonstrates the full workflow of generating an OTP hash, simulating user input, and verifying the OTP without a database, using `otp-generator` and `otp-without-db`.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}