proposal-csprng
proposal-csprng copied to clipboard
tc39
Cryptographically Secure Random Number Generation for ECMAScript
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. Changelog Sourced from websocket-extensions's changelog. 0.1.4 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin) Change license from...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Problems like https://github.com/uuidjs/uuid/issues/392 are another good example of why it would be _really_ helpful to have a CSPRNG baked into the JavaScript language (as @broofa noticed in https://github.com/uuidjs/uuid/issues/392#issuecomment-593622182).
This proposal should consider defining what "cryptographically secure" means, perhaps in terms of the effort an attacker needs to guess the random numbers produced. In this sense, this proposal could...
Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. Commits 6370e90 Mark version 5.7.4 fbc15b1 More rigorously check surrogate pairs in regexp validator See full diff in compare view [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot...
be aware that the default node repl exposes builtin modules as globals and `crypto` is the name of one of them. ```console $ echo 'typeof globalThis.crypto' | node -i Welcome...
The [getRandomValues](https://w3c.github.io/webcrypto/#Crypto-method-getRandomValues) method in the [Web Cryptography API](https://w3c.github.io/webcrypto/) does not specify whether a `SharedArrayBuffer` is permitted in its specification text. Per https://github.com/w3c/webcrypto/issues/213 it seems that implementations forbid its use. -...
There's a slight difference here in that `getRandomValues` as currently specified in WebCrypto must be invoked with a receiver which is a `crypto` object: `(0, crypto.getRandomValues)(new Uint8Array())` fails. Note that...
We need to discuss error compatibility with the [Web Cryptography API](https://w3c.github.io/webcrypto/). The WebCrypto definition of [getRandomValues](https://w3c.github.io/webcrypto/#Crypto-method-getRandomValues) specifies the following exceptions are thrown: > 1. If array is not of an...
This Draft PR is intended to explore the possibility of devising a `crypto` global that would be compatible with the [Web Cryptography API](https://w3c.github.io/webcrypto/), such that web hosts could extend the...