Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
js-crypto-random
Advanced tools
WARNING: At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
This library is designed to 'universally' provide functions of random sequence generators, i.e., it works both on most modern browsers and on Node.js just by importing from NPM/source code. Note that in the design principle, the library fully utilizes native APIs like WebCrypto API to accelerate its operation if available.
At your project directory, do either one of the following.
$ npm install --save js-crypto-random // npm
$ yarn add js-crypto-random // yarn
$ git clone https://github.com/junkurihara/jscu.git
$ cd js-crypto-utils/packages/js-crypto-random
& yarn build
Then you should import the package as follows.
import aes from 'js-crypto-random'; // for npm
import aes from 'path/to/js-crypto-random/dist/index.js'; // for github
The bundled file is also given as js-crypto-random/dist/jscrandom.bundle.js
for a use case where the module is imported as a window.jscrandom
object via script
tags.
// now you get an Uint8Array of 32 bytes filled with randomly generated values
const randomBytes = random.getRandomBytes(32);
// now you get a string of 32 ASCII characters generated in a cryptographically random manner
const randomAscii = random.getRandomAsciiString(32);
Licensed under the MIT license, see LICENSE
file.
FAQs
Universal Module for Secure Random Generator in JavaScript
The npm package js-crypto-random receives a total of 55,207 weekly downloads. As such, js-crypto-random popularity was classified as popular.
We found that js-crypto-random demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.