You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 5, 2026. It is now read-only.
As a developer I want to replace insecure random ID generation in src/javascript/shared/utils.js with a cryptographically secure method So that identifiers (e.g., session IDs, tokens) are not predictable and cannot be exploited
Acceptance Criteria
Replace uses of Math.random()-based ID generation with crypto.randomBytes (Node) or other secure random APIs.
Details
The utils file comments indicate "Insecure random ID generation". Using non-crypto random for IDs is unsafe for security-sensitive contexts.
As a developer
I want to replace insecure random ID generation in
src/javascript/shared/utils.jswith a cryptographically secure methodSo that identifiers (e.g., session IDs, tokens) are not predictable and cannot be exploited
Acceptance Criteria
Math.random()-based ID generation withcrypto.randomBytes(Node) or other secure random APIs.Details
The utils file comments indicate "Insecure random ID generation". Using non-crypto random for IDs is unsafe for security-sensitive contexts.