Hi everyone 👋

I'm a beginner trying to understand how the otplib library works under the hood.

I know that it can generate and validate OTPs based on TOTP/HOTP standards, but I'm confused about how it handles OTP storage. Specifically:

Does otplib store generated OTPs anywhere?
(In memory, on disk, or something else?)

When validating an OTP, how does it verify it without storing anything?

I’m curious because it seems like the library can check an OTP without actually saving what was generated.

I’d really appreciate a beginner-friendly explanation or any resources that help explain what’s happening behind the scenes 🙏

Thanks in advance!