This line

if not (auth_r.substr(0, r_string.length) == r_string)

is in the npm package:

if (!auth_r.substr(0, r_string) === r_string) {

When it should be (note the extra parentheses):

if (!(auth_r.substr(0, r_string) === r_string)) {

The coffeescript playground is generating the appropriate code, so I guess the coffee script version used to generate the npm package has a bug?