A One Time Password (OTP) generator npm library based on nanoid
Mobile number has become the defacto user authentication mechanism in India and hence, OTP generation is a very common use case. otp-gen-agent is a Nano ID based small utility lib to generate OTP (one time password).
Why avoid Math.random()?
In the documentation for Math.random(); the note mentions
Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security. Use the Web Crypto API instead, and more precisely the window.crypto.getRandomValues() method.
Read the blog, a real world scenario, Facebook JavaScript API; where the attacker was able to exploit the vulnerability.
Installation
npm install otp-gen-agent --save
Usage
Nano ID is a tiny, secure, URL-friendly, unique string ID generator for JavaScript.
- Small: 130 bytes (minified and gzipped). No dependencies. Size Limit controls the size.
- Safe: It uses hardware random generator. Can be used in clusters.
Read more in the section Security.
i) default
const { otpGen } = require('otp-gen-agent')…
