npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

crypto-randomizer

v1.1.0

Published

Cryptographically secure random string/number generator using Node.js built-in crypto module. Replaces Math.random() with a bias-free, enterprise-grade solution.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

irfanrayirfanray

Keywords

randomcryptosecurestringmathmath.randomrandom-stringcrypto-stringrandom-string-generatorcrypto-string-generatorsecure-stringsecure-string-generatorsecure-random-stringstring-generator

Readme

crypto-randomizer

npm version License: MIT

A Node.js package that generates cryptographically secure random strings using the built-in crypto module.
It replaces Math.random() — which is not cryptographically secure — with crypto.randomBytes(), making it safe for security-sensitive use-cases such as session tokens, API keys, password reset codes, and OTPs.

Features

  • ✅ Uses Node.js built-in crypto.randomBytes() — no third-party runtime dependencies
  • Bias-free — rejection sampling eliminates modulo bias
  • ✅ Supports four character sets: digits, alphabets, alphanumeric, and extended special characters
  • ✅ Strict input validation with descriptive errors
  • ✅ Full TypeScript type declarations included
  • ✅ 100 % test coverage

Requirements

  • Node.js ≥ 12.0.0

Installation

npm install crypto-randomizer

Usage

CommonJS

const generateRandom = require('crypto-randomizer');

// 16-digit numeric string (default)
console.log(generateRandom());           // e.g. "7284016395821047"

// 8-character alphabetic string
console.log(generateRandom(8, 'alphabet'));       // e.g. "gKtRwPmQ"

// 12-character alphanumeric string
console.log(generateRandom(12, 'alphaNumeric'));  // e.g. "aB3xZ9qR1mWv"

// 16-character string with special characters
console.log(generateRandom(16, 'anything'));      // e.g. "aB3!xZ@9qR#1mWv$"

Named export

const { generateRandom } = require('crypto-randomizer');

const token = generateRandom(32, 'alphaNumeric');

TypeScript / ESM (via ts-node or a bundler)

import generateRandom from 'crypto-randomizer';
// or: import { generateRandom } from 'crypto-randomizer';

const apiKey: string = generateRandom(32, 'alphaNumeric');

API

generateRandom(length?, type?)

| Parameter | Type | Default | Description | |-----------|----------|--------------|-------------| | length | number | 16 | Length of the returned string. Must be a positive integer between 1 and 1024. | | type | string | 'number' | Character set to use (see table below). |

Returns: string — a random string of exactly length characters.

Supported type values

| Value | Character set | |------------------|---------------| | 'number' | 0–9 | | 'alphabet' | A–Z, a–z | | 'alphaNumeric' | A–Z, a–z, 0–9 | | 'anything' | A–Z, a–z, 0–9, !@#$%^&*()-_=+[]{}|;:,.<>? |

Throws

| Error | When | |-------|------| | RangeError | length is not a positive integer between 1 and 1024 | | TypeError | type is not one of the four supported values |

Security

  • crypto.randomBytes() is backed by the operating system's CSPRNG (/dev/urandom on Linux/macOS, BCryptGenRandom on Windows), making it suitable for cryptographic use.
  • Rejection sampling is used to select characters so that every character in the set is equally likely (no modulo bias).
  • There is no insecure fallback — the function throws on invalid input rather than silently returning a weak value.
  • No external runtime dependencies means a minimal attack surface.

Running Tests

npm test

Tests use Jest and cover all character sets, boundary conditions, input validation, and the uniqueness property of generated values.

License

MIT