passgen - npm Package Compare versions

Comparing version 1.0.3 to 1.1.0

lib/passgen.js

@@ -6,15 +6,23 @@ (function() {
 
+	var crypto = require("crypto");
+
 	function create(len, alphabet) {
-		var result = '';
+		var token = '';
 
+		// Use default alphabet, if needed.
 		if (!alphabet) alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-		var alphabetLength = alphabet.length;
 
+		// Use default token length, if needed.
 		if ((len === undefined) || isNaN(len)) len = 64;
+
+		// Generate cryptographically strong random bytes, if possible.
+		var randomBytes = len > 0 ? crypto.randomBytes(len) : null;
+
+		// Generate token.
 		for (var i = 0; i < len; i++) {
-			var rnd = Math.floor(Math.random() * alphabetLength);
-			result += alphabet[rnd];
+			var rnd = Math.floor(randomBytes[i] * 0.00390625 /* / 256.0 */ * alphabet.length);
+			token += alphabet[rnd];
 		}
 
-		return result;
+		return token;
 	}
@@ -21,0 +29,0 @@

package.json

 {
-	"name": "passgen",
-	"version": "1.0.3",
-	"description": "Password generator",
-	"keywords": ["password", "generator", "pass", "random"],
-	"author": "Sasa Djolic <sasa.djolic@gmail.com> (https://www.linkedin.com/in/sasadjolic/)",
-	"contributors": [
-		"Sasa Djolic <sasa.djolic@gmail.com> (https://www.linkedin.com/in/sasadjolic/)"
-	],
-	"bugs": {
-		"url": "http://github.com/sasadjolic/passgen/issues" 
-	},
-	"license": "MIT",
-	"repository": {
-		"type": "git",
-		"url": "git://github.com/sasadjolic/passgen.git"
-	},
-	"main": "lib/passgen",
-	"directories": {
-		"lib": "./lib"
-	},
-	"devDependencies": {
-		"vows": ">= 0.5.13"
-	},
-	"engines": ["node >= 0.4"]
+  "name": "passgen",
+  "version": "1.1.0",
+  "description": "Password generator (CSPRNG)",
+  "keywords": [
+    "password",
+    "generator",
+    "pass",
+    "random",
+    "token",
+    "CSPRNG",
+    "cryptographically",
+    "secure",
+    "token",
+    "session"
+  ],
+  "author": "Sasa Djolic <sasa.djolic@gmail.com> (https://www.linkedin.com/in/sasadjolic/)",
+  "contributors": [
+    "Sasa Djolic <sasa.djolic@gmail.com> (https://www.linkedin.com/in/sasadjolic/)"
+  ],
+  "bugs": {
+    "url": "http://github.com/sasadjolic/passgen/issues"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sasadjolic/passgen.git"
+  },
+  "main": "lib/passgen",
+  "directories": {
+    "lib": "./lib"
+  },
+  "devDependencies": {
+    "vows": ">= 0.5.13"
+  },
+  "dependencies": {},
+  "engines": [
+    "node >= 0.4"
+  ],
+  "scripts": {
+    "test": "node test/test.js"
+  }
 }

README.md

@@ -5,2 +5,6 @@ # passgen
 
+As of v1.1.0, passgen will generate cryptographically secure tokens that can be used as automatically-generated passwords or as session tokens. You can probably find other uses, too.
+
+Relies on the Node.js built-in crypto library to generate cryptographically secure tokens. If you are wanting to use passgen in the browser, you can use the "randombytes" browserify stand-alone: https://github.com/crypto-browserify/randombytes
+
 ## Installation
@@ -31,4 +35,6 @@
 
-	vows test/test.js
+	npm run-script test
 
+passgen relies on Vows test framework.
+
 ## License
@@ -35,0 +41,0 @@

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6231

18.17%

Lines of code

67

8.06%

Number of lines in readme file

50

13.64%

Number of medium supply chain risk alerts

0

-100%

No dependency changes