Releases: yeojz/otplib
Releases · yeojz/otplib
v13.4.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- fix(deps): resolve markdown-it ReDoS vulnerability by @yeojz in #798
- chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in #800
- chore: update dependabot to monthly cadence by @yeojz in #802
- chore: upgrade dependencies to latest versions by @Copilot in #804
- Upgrade pnpm to 10.30.1 to fix audit endpoint issue by @Copilot in #805
- chore: override minimatch by @yeojz in #806
- docs: improve package READMEs with accurate API context and usage examples by @yeojz in #803
- Fix docs by @BobTheShoplifter in #807
- ci: skip reporting job on fork PRs by @yeojz in #808
- chore: override ajv to fix moderate ReDoS vulnerability by @yeojz in #809
- feat: add IIFE/CDN build support to otplib by @yeojz in #810
- fix: update release titles to use version-prefixed format by @yeojz in #811
- chore: move otplib-cli to packages/ and sync versioning by @yeojz in #812
- docs(totp): add string secrets and authenticator compatibility notes to README by @yeojz in #813
- chore(deps-dev): bump the dev-dependencies-patch group with 5 updates by @dependabot[bot] in #814
- chore(deps): bump the github-actions group with 3 updates by @dependabot[bot] in #816
- chore(deps-dev): bump @eslint/js from 9.39.2 to 9.39.3 by @dependabot[bot] in #815
- fix: override undici package security alert by @yeojz in #818
- release(packages): v13.4.0 by @github-actions[bot] in #819
New Contributors
- @BobTheShoplifter made their first contribution in #807
Full Changelog: v13.3.0...v13.4.0
Contributors
yeojz, BobTheShoplifter, and dependabot
Assets 16
- 97.1 KB
2026-03-19T15:01:23Z - 34.6 KB
2026-03-19T15:01:23Z - 93.7 KB
2026-03-19T15:01:23Z - 14.2 KB
2026-03-19T15:01:23Z - 5.39 KB
2026-03-19T15:01:23Z - 5.17 KB
2026-03-19T15:01:24Z - 5.26 KB
2026-03-19T15:01:24Z - 4.71 KB
2026-03-19T15:01:24Z - 5.74 KB
2026-03-19T15:01:24Z - 11.3 KB
2026-03-19T15:01:24Z -
2026-03-19T12:42:01Z -
2026-03-19T12:42:01Z -
2026-03-19T12:42:01Z - Loading
v13.3.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- ci: standardize workflow naming and add release artifacts by @yeojz in #775
- chore(deps-dev): bump turbo from 2.7.5 to 2.7.6 in the dev-dependencies-patch group by @dependabot[bot] in #773
- chore(deps): bump changesets/action from 1.5.3 to 1.6.0 in the github-actions group by @dependabot[bot] in #774
- chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in #772
- feat(cli): add otplib-cli application by @yeojz in #771
- Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @yeojz in #776
- Implement least privilege permissions across all GitHub workflows by @Copilot in #777
- feat(test): add distribution tests package for cross-runtime testing by @yeojz in #778
- chore(deps): bump commander from 14.0.2 to 14.0.3 in the dependencies-patch group by @dependabot[bot] in #781
- chore(deps): bump actions/checkout from 4 to 6 in the github-actions group by @dependabot[bot] in #785
- chore(deps-dev): bump turbo from 2.7.6 to 2.8.1 in the dev-dependencies-minor group by @dependabot[bot] in #782
- chore(deps-dev): bump lefthook from 2.0.15 to 2.0.16 in the dev-dependencies-patch group by @dependabot[bot] in #783
- feat: security improvements and HOTP update-counter command by @yeojz in #780
- chore: update docs by @yeojz in #786
- Pin GitHub Actions to commit SHAs and update dependencies by @yeojz in #787
- fix: harden OTP validation and URI parsing; bubble up TOTP replay controls through otplib by @yeojz in #788
- feat: add OTPHooks for custom token encoding and validation by @yeojz in #790
- chore(deps-dev): bump the dev-dependencies-minor group with 5 updates by @dependabot[bot] in #791
- chore(deps-dev): bump turbo from 2.8.1 to 2.8.3 in the dev-dependencies-patch group by @dependabot[bot] in #792
- release(cli): v2.0.0 by @github-actions[bot] in #795
- chore: upgrade development Node.js baseline to 24 by @yeojz in #794
- chore(deps-dev): bump @types/node from 20.19.30 to 25.2.2 by @dependabot[bot] in #793
- release(packages): v13.3.0 by @github-actions[bot] in #796
New Contributors
- @Copilot made their first contribution in #777
Full Changelog: v13.2.1...v13.3.0
Contributors
yeojz and dependabot
Assets 15
v13.2.1
Immutable
release. Only release title and notes can be modified.
Contributors
yeojz
Assets 3
v13.2.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- docs: add legacy Google Authenticator troubleshooting guide by @yeojz in #754
- feat: add tuple semantics for counterTolerance with look-ahead default by @yeojz in #753
- docs: clarify Base32 as default encoding for string secrets by @yeojz in #755
- feat(docs): improve landing page UI with cipher theme by @yeojz in #757
- feat(plugin-base32-bypass): add base32 bypass plugin by @yeojz in #756
- chore(deps-dev): bump prettier from 3.7.4 to 3.8.0 in the dev-dependencies-minor group by @dependabot[bot] in #758
- feat(totp): add afterTimeStep parameter for replay protection by @yeojz in #749
- feat(adapters): initialize guardrails once in v11/v12 adapter constructors by @yeojz in #763
- docs: fix wrapResult example to use sync functions by @yeojz in #764
- chore(deps-dev): bump the dev-dependencies-patch group across 1 directory with 10 updates by @dependabot[bot] in #761
- feat(plugin-base32-alt): add hex and base64 bypass plugins by @yeojz in #765
- ci: update package versions by @github-actions[bot] in #766
Callout
- HOTP counterTolerance tuple has been fixed to
[number, number]instead of the previousnumber[]. There was an erroneous logic from the intended documentation/usage . Please double check your HOTP tolerance if it's used.
Full Changelog: v13.1.1...v13.2.0
Contributors
yeojz and dependabot
Assets 3
v13.1.1
What's Changed
- chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in #743
- Feat/docs add hotp example by @yeojz in #745
- fix: ensure guardrails parameter propagates through HOTP and TOTP call chains by @yeojz in #748
- ci: update package versions by @github-actions[bot] in #751
Full Changelog: v13.1.0...v13.1.1
Contributors
yeojz and dependabot
Assets 2
v13.1.0
Contributors
yeojz
Assets 2
v13.0.2
What's Changed
- ci: update package versions by @github-actions[bot] in #726
- Configure Dependabot for npm and GitHub Actions by @yeojz in #727
- chore(deps): bump @scure/base from 1.2.6 to 2.0.0 by @dependabot[bot] in #732
- chore(deps-dev): bump tinybench from 2.9.0 to 6.0.0 by @dependabot[bot] in #730
- chore(deps): bump the github-actions group with 7 updates by @dependabot[bot] in #729
- chore(deps-dev): bump the dev-dependencies-patch group with 2 updates by @dependabot[bot] in #734
- chore(deps): bump @noble/hashes from 1.8.0 to 2.0.1 by @dependabot[bot] in #733
- feat: adding codecov bundle analyser upload by @yeojz in #735
- ci: update package versions by @github-actions[bot] in #736
Full Changelog: v13.0.0...v13.0.2
Contributors
yeojz and dependabot
Assets 2
v13.0.0
What's Changed
Full Changelog: v12.0.1...v13.0.0
Related Issues
| Issue | Title |
|---|---|
| Closes #711 | Thirty-two... using new Buffer() |
| Closes #703 | Buffer... preventing Expo usage |
| Closes #701 | crypto.createHmac is not a function |
| Closes #609 | Can't resolve 'crypto' |
| Closes #547 | Cannot read property 'generate' of undefined |
| Closes #361 | Preset doesn't install core |
| Closes #329 | Edge SCRIPT1028 Error |
| Closes #268 | Broken Angular Karma tests |
| Closes #207 | TS verify/check Base32 typing |
| Closes #178 | Support for expo.io |
| Closes #679 | TS Consumer Version |
| Closes #660 | TSC target ES2017+ |
| Closes #693 | Documentation offline |
| Closes #425 | API docs are broken |
| Closes #677 | Defaults to 15 bytes entropy |
| Closes #671 | Secret length too low |
| Closes #376 | Window=0 returns invalid |
| Closes #555 | Too many OTPs verified |
| Closes #708 | Window not taking delay |
| Closes #698 | Custom period (15s) |
| Closes #511 | Increase step time |
| Closes #655 | Distributed systems check |
| Closes #610 | Custom Timestamp |
| Closes #536 | Stop starting with "Zero" |
| Closes #477 | Secret padding in RFC |
| Closes #710 | Node.js Live Server |
| Closes #696 | 2fa not working on live |
| Closes #649 | Client/Server different |
| Closes #439 | totp or authenticator |
| Closes #704 | Project Unmaintained |
Contributors
yeojz
Assets 2
v12.0.0
This is a rewrite of the entire library using TypeScript.
Please visit https://github.com/yeojz/otplib/wiki/Upgrading-to-v12 for major changes.
Major Changes
- Split library into
core,pluginandpreset - Better extensibility and maintainability via plugins
- Multi packages
- New website with versioning via hosting service.
asyncsupport- Smaller output size for the browser bundle
- Added tests for built packages.
- Added browser testing as part of release