Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
csprpg
basic cryptographically secure pseudo-random password generator based on node crypto's randombytes or webCrypto.getRandomValues in the browser
csprpg
basic cryptographically secure pseudo-random password generator based on node crypto's randombytes or webCrypto.getRandomValues in the browser.
Example
import csprpg from 'csprpg'
const log = label => console.log.bind(console, label)
const spec = {
length: 16, // characters, default 12, min 4, max 4096
lowercase: true, // default
numbers: true, // default
symbols: '!$?#@+-=', // default true = `^!$%&/{([)]=}?\\+*~#<>|,;.:-_`
uppercase: true // default
}
log('sync')(csprpg(spec))
csprpg(spec, log('async'))
API v1
export default function csprpg (
opts?: Partial<CsprpgSpec> | CsprpgCallback,
cb?: Partial<CsprpgSpec> | CsprpgCallback
): string
export interface CsprpgSpec {
randombytes: typeof randombytes
length: number
lowercase: boolean | string
uppercase: boolean | string
numbers: boolean | string
symbols: boolean | string
}
export interface CsprpgCallback {
(err?: any, rnd?: string): void
}
TypeScript
although this library is written in TypeScript, it may also be imported into plain JavaScript code: code editors will still benefit from the available type definition, e.g. for helpful code completion.
License
Copyright 2019 ZenyWay S.A.S., Stephane M. Catala
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and Limitations under the License.
FAQs
basic cryptographically secure pseudo-random password generator based on node crypto's randombytes or webCrypto.getRandomValues in the browser
We found that csprpg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025