generate-password
Advanced tools
generate-password - npm Package Compare versions
+6
-0
@@ -0,1 +1,7 @@ | ||
| # 1.4.2 / 2019-6-16 | ||
| Includes a performance improvement in the random number generator. | ||
| #### Notable Changes | ||
| - [`ea642553c`](https://github.com/brendanashworth/generate-password/commit/ea642553c5ba327989f36d0b0f2d4e80ff25b45a) - Optimized fetch of random values using cache (Sebastien ROBERT) | ||
| # 1.4.1 / 2018-10-28 | ||
@@ -2,0 +8,0 @@ Bug fix to `randomNumber()` function that reduced entropy, resulting in a bias towards letters, generally. |
+1
-1
| { | ||
| "name": "generate-password", | ||
| "version": "1.4.1", | ||
| "version": "1.4.2", | ||
| "description": "Easy library for generating unique passwords.", | ||
@@ -5,0 +5,0 @@ "main": "main.js", |
+19
-2
@@ -5,8 +5,25 @@ var crypto = require('crypto'); | ||
| const RANDOM_BATCH_SIZE = 256; | ||
| var randomIndex; | ||
| var randomBytes; | ||
| var getNextRandomValue = function() { | ||
| if (randomIndex === undefined || randomIndex >= randomBytes.length) { | ||
| randomIndex = 0; | ||
| randomBytes = crypto.randomBytes(RANDOM_BATCH_SIZE); | ||
| } | ||
| var result = randomBytes[randomIndex]; | ||
| randomIndex += 1; | ||
| return result; | ||
| }; | ||
| // Generates a random number | ||
| var randomNumber = function(max) { | ||
| // gives a number between 0 (inclusive) and max (exclusive) | ||
| var rand = crypto.randomBytes(1)[0]; | ||
| var rand = getNextRandomValue(); | ||
| while (rand >= 256 - (256 % max)) { | ||
| rand = crypto.randomBytes(1)[0]; | ||
| rand = getNextRandomValue(); | ||
| } | ||
@@ -13,0 +30,0 @@ return rand % max; |
Sorry, the diff of this file is not supported yet
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
17278
3.37%- Lines of code
238
5.31%Worsened metrics
- Number of package files
12
-7.69%