jonschlinkert / randomatic Goto Github PK

Easily generate random strings like passwords, with simple options for specifying a length and for using patterns of numeric, alpha-numeric, alphabetical, special or custom characters. (the original "generate-password")

Home Page: https://github.com/jonschlinkert

License: MIT License

JavaScript 100.00%

random-characters random generate-password digit repeat randomize password characters javascript nodejs

randomatic's Introduction

randomatic

Generate randomized strings of a specified length using simple character sequences. The original generate-password.

Please consider following this project's author, Jon Schlinkert, and consider starring the project to show your ❤️ and support.

Install

Install with npm:

$ npm install --save randomatic

Usage

var randomize = require('randomatic');

API

randomize(pattern, length, options);
randomize.isCrypto;

pattern {String}: (required) The pattern to use for randomizing
length {Number}: (optional) The length of the string to generate
options {Object}: (optional) See available options
randomize.isCrypto will be true when a cryptographically secure function is being used to generate random numbers. The value will be false when the function in use is Math.random.

pattern

The pattern to use for randomizing

Patterns can contain any combination of the below characters, specified in any order.

Example:

To generate a 10-character randomized string using all available characters:

randomize('*', 10);
//=> 'x2_^-5_T[$'

randomize('Aa0!', 10);
//=> 'LV3u~BSGhw'

a: Lowercase alpha characters (abcdefghijklmnopqrstuvwxyz')
A: Uppercase alpha characters (ABCDEFGHIJKLMNOPQRSTUVWXYZ')
0: Numeric characters (0123456789')
!: Special characters (~!@#$%^&()_+-={}[];\',.)
*: All characters (all of the above combined)
?: Custom characters (pass a string of custom characters to the options)

length

The length of the string to generate

Examples:

randomize('A', 5) will generate a 5-character, uppercase, alphabetical, randomized string, e.g. KDJWJ.
randomize('0', 2) will generate a 2-digit random number
randomize('0', 3) will generate a 3-digit random number
randomize('0', 12) will generate a 12-digit random number
randomize('A0', 16) will generate a 16-character, alpha-numeric randomized string

If length is left undefined, the length of the pattern in the first parameter will be used. For example:

randomize('00') will generate a 2-digit random number
randomize('000') will generate a 3-digit random number
randomize('0000') will generate a 4-digit random number...
randomize('AAAAA') will generate a 5-character, uppercase alphabetical random string...

These are just examples, see the tests for more use cases and examples.

options

These are options that can be passed as the third argument.

chars

Type: String

Default: undefined

Define a custom string to be randomized.

Example:

randomize('?', 20, {chars: 'jonschlinkert'}) will generate a 20-character randomized string from the letters contained in jonschlinkert.
randomize('?', {chars: 'jonschlinkert'}) will generate a 13-character randomized string from the letters contained in jonschlinkert.

exclude

Type: String|Array

Default: undefined

Specify a string or array of characters can are excluded from the possible characters used to generate the randomized string.

Example:

randomize('*', 20, { exclude: '0oOiIlL1' }) will generate a 20-character randomized string using all of possible characters except for 0oOiIlL1.

Usage Examples

randomize('A', 4) (whitespace insensitive) would result in randomized 4-digit uppercase letters, like, ZAKH, UJSL... etc.
randomize('AAAA') is equivalent to randomize('A', 4)
randomize('AAA0') and randomize('AA00') and randomize('A0A0') are equivalent to randomize('A0', 4)
randomize('aa'): results in double-digit, randomized, lower-case letters (abcdefghijklmnopqrstuvwxyz)
randomize('AAA'): results in triple-digit, randomized, upper-case letters (ABCDEFGHIJKLMNOPQRSTUVWXYZ)
randomize('0', 6): results in six-digit, randomized numbers (0123456789)
randomize('!', 5): results in single-digit randomized, valid non-letter characters (`~!@#$%^&()_+-={}[]
randomize('A!a0', 9): results in nine-digit, randomized characters (any of the above)

The order in which the characters are defined is insignificant.

About

Contributing

Pull requests and stars are always welcome. For bugs and feature requests, please create an issue.

Running Tests

Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:

$ npm install && npm test

Building docs

(This project's readme.md is generated by verb, please don't edit the readme directly. Any changes to the readme must be made in the .verb.md readme template.)

To generate the readme, run the following command:

$ npm install -g verbose/verb#dev verb-generate-readme && verb

Related projects

You might also be interested in these projects:

pad-left: Left pad a string with zeros or a specified string. Fastest implementation. | homepage
pad-right: Right pad a string with zeros or a specified string. Fastest implementation. | homepage
repeat-string: Repeat the given string n times. Fastest implementation for repeating a string. | homepage

Contributors

Commits	Contributor
56	jonschlinkert
6	doowb
4	kivlor
2	realityking
2	ywpark1
1	TrySound
1	drag0s
1	paulmillr
1	sunknudsen
1	faizulhaque-tp
1	michaelrhodes

Author

Jon Schlinkert

License

This file was generated by verb-generate-readme, v0.8.0, on October 23, 2018.

randomatic's People

Contributors

Stargazers

Watchers

randomatic's Issues

Not always using all the types in the pattern

const password = randomize("aA0", 8); console.log({password}); //{ password: 'lfwWBUif' }
in this case it didn't include any Numeric character

There is no vulnerability

For those who have seen the "vulnerability" report

There is no vulnerability in randomatic, and there never was.

randomatic, long ago, was used for generating pseudo-random strings for unit tests and temp directory names.
later, we added support for cryptographically secure random strings. At that point, we said it could be used for passwords. It was a major bump.
then, much later, someone mistakenly assumed that randomatic was previously advertised as a password generator, which it was not, and they wanted to receive a bounty from snyk or something so they reported randomatic as having a vulnerability.

We have asked the individual who created the report to close it or remove it. They won't. Please don't complain here, or on other libraries that use this. Your time would be much better served making those same complaints on NPM or Snyk, to ask them to close that issue.

Adding Hebrew randomize

I use randomatic at work and i add locally to my project a option to randomize hebrew characters
Do you interesting in something like that in your code?

New Feature For Skipping Specified Char

Recently I was working on one project and I was asked to generate a random String with numeric and letter values with specified number like 0 and specified char O as my client was getting confused in between this two char.

So I am suggesting here to add one more argument to the function with array specified value like as below.
[ '0', 'O', 'o'] so it will generate a random string without given values in array.

README file not showing 'Option'

I found that 'option' heading is missing under API section.

The link option is not working since option tag is missing.

Typescript support?

First of all, thank you for making such useful yet easy to use library. I like this library and use it whenever I can.

Lately I have some Typescript projects, which have problem with import, so for now I still mix import with require('randomatic'), just wonder is there any plan for supporting Typescript?

Regards.

Should it throw an error on `randomatic('?', 4)`?

randomatic('?', 4)

Currently if the chars option is not specified, the characters from undefined are used as the custom characters (including the fact that d, n and e are 2x more frequent than the remaining letters.

Should an error be thrown instead? Or maybe [a-z] used and a message logged to that effect?

The readme does indeed specify that the default is undefined, but it was still a little surprising to me that it was allowed to be coerced to a string if not user-specified.

npm6 vulnerability

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Cryptographically Weak PRNG                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack-cli [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack-cli > jscodeshift > micromatch > braces >            │
│               │ expand-range > fill-range > randomatic                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/157                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Cryptographically Weak PRNG                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack-cli [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack-cli > webpack-addons > jscodeshift > micromatch >    │
│               │ braces > expand-range > fill-range > randomatic              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/157                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

TypeError: Map constructor does not accept arguments

I get this error when I try to run it in IOS 8 - Safari
I didnt use it directly, I use react with some modules and honestly I dont know here it comes from. I only identifyed it in your module from the error Message.

not generating number

Just started using this package. Looks nice

Used ('Aa0!', 10) as the options and the password returned was eVs)ho=pZ; which is failing to include a number.

Is the pattern simply what the generater 'could' include when generating the password and not 'must' include perhaps?

Wondering how it ended up generating a string without a number.......

Thanks

Generate same results

I added randomize("A0", 6); in a helper function. I call it first time OK. I call second time it return same result. How to return a real random?

Math.random() is not

Shouldn't use built in JS Math.random() since it will repeat itself; too dangerous to use for 'Unique ID' etc.
https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d#.uskhjv9vc

Might be a while before I can even copy/paste & quick test a solution from there, let alone add the 'white noise' & other repeating tests.

tr;dr: "use urandom. In browser you can use crypto.getRandomValues()" I'm not sure if V8's crypto.getRandomValues() can be exposed in node; seems to have its own crypto lib. But node does have crypto.randomBytes(size[, callback])

Logo proposal

I am a graphic designer. I have a logo proposal for you. Do you have an idea? What do you say?

FIXED: NPM 6 vulnerability - Cryptographically Weak PRNG

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Cryptographically Weak PRNG │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ randomatic │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jest [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ jest > jest-cli > jest-validate > jest-config > │
│ │ jest-jasmine2 > jest-util > jest-message-util > micromatch > │
│ │ braces > expand-range > fill-range > randomatic │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/157 │
└───────────────┴──────────────────────────────────────────────────────────────┘

Cryptographically Weak PRNG

After running security audits (npm audit) on some projects I found out that packages such as jest-cli had this vulnerability due to this package.
It can be explained here: https://nodesecurity.io/advisories/157.

Exclude not working.

Hi, love what you've done. Found a little issue in 3.1.0

Exclude defined:
password = randomize('*', 10, { exclude: '0oOiIlL1$^()_{}[];',.' });

Output:
joPUbWOU21

Observations:
Exclude not working as we can see that o and O that were specified to be excluded are being used. Also, in other tests of mine, I see (){} being used output as well.

My Temp Workaround:
password = randomize('?', 10, {chars: 'abcdefghjkmnopqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ123456789~!@#&+-='});

jonschlinkert / randomatic Goto Github PK

randomatic's Introduction

randomatic

Install

Usage

API

pattern

length

options

chars

exclude

Usage Examples

About

Related projects

Contributors

Author

License

randomatic's People

Contributors

Stargazers

Watchers

Forkers

randomatic's Issues

Recommend Projects

Recommend Topics

Recommend Org