SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I've been trying to find information in the docs but haven't come across the answer yet.

For the username + password recipe is there support for being able to lock an account out after N number of failed login attempts? Also, are login attempts logged anywhere so that we can integrate that information in audits and dashboards?

this can be implemented by overriding the sign in recipe function

in which you call the original implementation first and if that fails, then you increment some counter if that fails.

If the counter has reached a limit, then you can check that before calling the original impl, and reject the sign in attempt.