get-random-values-polypony
get-random-values-polypony is a thorougly tested, normalizing ponyfill for crypto.getRandomValues with a polyfill option.
- It is tested to work with react-native(ios, android), expo, node 6+, IE 11, Metro, Firefox, Safari
- No dependencies.
npm i get-random-values-polypony --save
Usage
You can use it like an other randomBytes function by calling:
const getRandomValues = const randomUint8Array = Or setup the polyfill like:
cryptoWhy?
Normalizing behavior both in ponyfill and polyfill
The polyfill respects (unlike other implementations) that the native crypto.getRandomValues do not support Float32Array, Float64Array, DataView, BigInt64Array or BigUint64Array and behaves likewise on node/react-native.
Similarly the crypto.getRandomValues polyfill does not accept a ArrayBuffer that has more than 65536 bytes.
The ponyfill on the other hand will accept all native ArrayBufferView implementations at any size, on all platforms.
Expo support
This library works out-of-the-box with expo - no additional setup needed.
No dependencies
Other react-native implementations use base64 to process the native data in JavaScript, this implementation works around this by using hex encoded data which can be easily processed without a library (also: it uses less data).
Some other implementations use like this a random-seed implementations. Those dependencies are often part of a bigger crypto suite that comes with dependencies and dependencies of dependencies, bloating the package tree while not necessarily improving the safety.
Chrome logic for react-native
To implement it for react-native, this library ported google chrome's random implementation to javascript. The advantage of google's implementation is the small initial random value (64bit) which is easy to supply - even in expo. It should also come with the same level of security as chrome does.
Non-blocking
Other implementations such as react-native-get-random-values use blocking native calls in react-native that may create locks between the native and JS thread.
get-random-values-polypony only requires a secure initial seed, like browsers and the rest is executed on the javascript thread.