machinepack-strings - npm Package Compare versions

Comparing version 5.2.0-2 to 6.0.0-0

lib/random.js

@@ -9,3 +9,3 @@ module.exports = {
 
-  extendedDescription: 'Internally, this method uses either the native Buffer from Node.js or the [hat](https://github.com/substack/node-hat) package from [Substack](https://github.com/substack).  If you are interested in learning more about psuedo-random number/string generators, you might be interested in reading the Wikipedia list of [random number generator algorithms](http://en.wikipedia.org/wiki/List_of_random_number_generators).',
+  extendedDescription: 'Internally, this method uses either the native Buffer from Node.js or the algorithm from the [hat](https://github.com/substack/node-hat) package by [@substack](https://github.com/substack).  If you are interested in learning more about psuedo-random number/string generators, you might be interested in reading the Wikipedia list of [random number generator algorithms](http://en.wikipedia.org/wiki/List_of_random_number_generators).\n\nNote that, while it is tempting to consider providing a per-process (pseudo-)guarantee of uniqueness by using a process-global "rack" to store past tokens, this module has opted against it in the latest release.  This feature was removed to avoid complications around use cases with memory overflow.',
 
@@ -46,2 +46,3 @@
       outputDescription: 'A random string.',
+      extendedDescription: 'A generated alphanumeric random string will look something like "1a17d9af25aef464b46481d901ba2005", and a url-friendly random string will look something like "vt8qeSpSG9+HVXyhoRlecw==".',
       outputExample: '1a17d9af25aef464b46481d901ba2005'
@@ -55,9 +56,7 @@ }
 
-    // Import `hat`.
-    var Hat = require('hat');
-
     var token;
 
     if (inputs.style === 'url-friendly') {
-      // Generate a url-friendly token
+
+      // Generate a url-friendly token (e.g. for password reset or invitations)
       // https://github.com/substack/node-password-reset/blob/master/index.js
@@ -81,17 +80,46 @@ var buf = new Buffer(16);
       // > ...we just change it anyway to avoid issues.
-      token.replace(/\+/g, '');
-    }
-    else if (inputs.style === 'alphanumeric') {
-      // Provide a pseudo-guarantee of uniqueness by using a process-global "rack" to store past tokens.
-      // (note this is stored as a proprety of the module exports of this machine-- meaning it is a property on
-      // the machine def. NEVER COUNT ON THESE TOKENS BEING ANYTHING MORE THAN "PROBABLY" UNIQUE!!)
-      module.exports._rack = module.exports._rack || Hat.rack();
+      token = token.replace(/\+/g, '');
 
-      // Generate and return the new probably-unique token through the `success` exit.
-      token = module.exports._rack();
-    }
-    else {
+    }else if (inputs.style === 'alphanumeric') {
+
+      // Generate a random, alphanumeric token.
+      // Lifted more or less straight from `hat`
+      // (Thanks @substack, for the amazing work!)
+      // —· See https://github.com/substack/node-hat for more info.
+      token = (function $recursivelyBuildingAlphanumericToken(bits, base) {
+
+        var digits = Math.log(Math.pow(2, bits)) / Math.log(base);
+        for (var i = 2; digits === Infinity; i *= 2) {
+          digits = Math.log(Math.pow(2, bits / i)) / Math.log(base) * i;
+        }
+
+        var rem = digits - Math.floor(digits);
+
+        var result = '';
+
+        for (var i = 0; i < Math.floor(digits); i++) {
+          var x = Math.floor(Math.random() * base).toString(base);
+          result = x + result;
+        }
+
+        if (rem) {
+          var b = Math.pow(base, rem);
+          var x = Math.floor(Math.random() * b).toString(base);
+          result = x + result;
+        }
+
+        var parsed = parseInt(result, base);
+        if (parsed !== Infinity && parsed >= Math.pow(2, bits)) {
+          return $recursivelyBuildingAlphanumericToken(bits, base);
+        }else {
+          return result;
+        }
+
+      })(128, 16);//®
+
+    }else {
       throw new Error('Unrecognized random string style: `'+inputs.style+'`');
     }
 
+    // Return our new probably-unique token through the `success` exit.
     return exits.success(token);
@@ -98,0 +126,0 @@ }

package.json

 {
   "name": "machinepack-strings",
-  "version": "5.2.0-2",
+  "version": "6.0.0-0",
   "description": "Work with strings.",
@@ -22,5 +22,4 @@ "scripts": {
   "dependencies": {
-    "@sailshq/lodash": "3.10.2",
+    "@sailshq/lodash": "^3.10.2",
     "browserify-transform-machinepack": "^1.0.3",
-    "hat": "0.0.3",
     "machine": "^15.0.0-2",
@@ -27,0 +26,0 @@ "uuid": "2.0.2"

New alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

101762

1.27%

Dependency count

4

-20%

Lines of code

2549

0.79%

Dependency changes

• - Removed

  hat@0.0.3

• - Removed

  @sailshq/lodash@3.10.2
  (transitive)

• - Removed

  hat@0.0.3
  (transitive)

• Updated

  @sailshq/lodash@^3.10.2