Have you looked at PlantUML?

Yes, but is it "as [TypeScript] code"?

It's time to stop using TOTP, it's vulnerable to AitM phishing. Use FIDO2 hardware keys or passkeys instead.

It's very easy to fall prey to an Evilginx or similar AITM phishing attack. Passkeys or TLS client certificates are the only guaranteed defense. Relying on the user noticing the different domain or the lack of autofill by the password manager, not so much.

Betteridge's law of headlines says no.