Gathering detailed insights and metrics for crypto-random-string
Gathering detailed insights and metrics for crypto-random-string
Gathering detailed insights and metrics for crypto-random-string
Gathering detailed insights and metrics for crypto-random-string
@types/crypto-random-string
Stub TypeScript definitions entry for crypto-random-string, which provides its own types definitions
crypto-random-hex
Get a, cryptographically strong, string of random hexadecimal characters.
crypto-random-string-es5
Generate a cryptographically strong random string
crypto-random-string-with-promisify-polyfill
Generate a cryptographically strong random string
Generate a cryptographically strong random string
npm install crypto-random-string
Typescript
Module System
Min. Node Version
Node Version
NPM Version
99.5
Supply Chain
99.5
Quality
75.6
Maintenance
100
Vulnerability
100
License
JavaScript (95.02%)
TypeScript (4.98%)
Total Downloads
3,962,844,214
Last Day
1,019,425
Last Week
17,745,809
Last Month
76,651,066
Last Year
856,853,963
MIT License
572 Stars
33 Commits
42 Forks
8 Watchers
1 Branches
8 Contributors
Updated on Jun 30, 2025
Minified
Minified + Gzipped
Latest Version
5.0.0
Package Id
crypto-random-string@5.0.0
Unpacked Size
17.27 kB
Size
5.17 kB
File Count
7
NPM Version
8.3.2
Node Version
16.15.0
Cumulative downloads
Total Downloads
Last Day
-13%
1,019,425
Compared to previous day
Last Week
-9%
17,745,809
Compared to previous week
Last Month
3.3%
76,651,066
Compared to previous month
Last Year
11.3%
856,853,963
Compared to previous year
Generate a cryptographically strong random string
Can be useful for creating an identifier, slug, salt, PIN code, fixture, etc.
Works in Node.js and browsers.
1npm install crypto-random-string
1import cryptoRandomString from 'crypto-random-string';
2
3cryptoRandomString({length: 10});
4//=> '2cf05d94db'
5
6cryptoRandomString({length: 10, type: 'base64'});
7//=> 'YMiMbaQl6I'
8
9cryptoRandomString({length: 10, type: 'url-safe'});
10//=> 'YN-tqc8pOw'
11
12cryptoRandomString({length: 10, type: 'numeric'});
13//=> '8314659141'
14
15cryptoRandomString({length: 6, type: 'distinguishable'});
16//=> 'CDEHKM'
17
18cryptoRandomString({length: 10, type: 'ascii-printable'});
19//=> '`#Rt8$IK>B'
20
21cryptoRandomString({length: 10, type: 'alphanumeric'});
22//=> 'DMuKL8YtE7'
23
24cryptoRandomString({length: 10, characters: 'abc'});
25//=> 'abaaccabac'
Returns a randomized string. Hex by default.
Returns a promise which resolves to a randomized string. Hex by default.
For most use-cases, there's really no good reason to use this async version. From the Node.js docs:
The
crypto.randomBytes()
method will not complete until there is sufficient entropy available. This should normally never take longer than a few milliseconds. The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy.
In general, anything async comes with some overhead on it's own.
1import {cryptoRandomStringAsync} from 'crypto-random-string'; 2 3await cryptoRandomStringAsync({length: 10}); 4//=> '2cf05d94db'
Type: object
Required
Type: number
Length of the returned string.
Type: string
Default: 'hex'
Values: 'hex' | 'base64' | 'url-safe' | 'numeric' | 'distinguishable' | 'ascii-printable' | 'alphanumeric'
Use only characters from a predefined set of allowed characters.
Cannot be set at the same time as the characters
option.
The distinguishable
set contains only uppercase characters that are not easily confused: CDEHKMPRTUWXY012458
. It can be useful if you need to print out a short string that you'd like users to read and type back in with minimal errors. For example, reading a code off of a screen that needs to be typed into a phone to connect two devices.
The ascii-printable
set contains all printable ASCII characters: !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Useful for generating passwords where all possible ASCII characters should be used.
The alphanumeric
set contains uppercase letters, lowercase letters, and digits: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
. Useful for generating nonce values.
Type: string
Minimum length: 1
Maximum length: 65536
Use only characters from a custom set of allowed characters.
Cannot be set at the same time as the type
option.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
Found 14/30 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More