random-number-csprng

A CommonJS module for generating cryptographically secure pseudo-random numbers.

Works in Node.js, and should work in the browser as well, using Webpack or Browserify.

This module is based on code originally written by Scott Arciszewski, released under the WTFPL / CC0 / ZAP.

License

WTFPL or CC0, whichever you prefer. A donation and/or attribution are appreciated, but not required.

Donate

My income consists largely of donations for my projects. If this module is useful to you, consider making a donation!

You can donate using Bitcoin, PayPal, Flattr, cash-in-mail, SEPA transfers, and pretty much anything else.

Contributing

Pull requests welcome. Please make sure your modifications are in line with the overall code style, and ensure that you're editing the files in src/, not those in lib/.

Build tool of choice is gulp; simply run gulp while developing, and it will watch for changes.

Be aware that by making a pull request, you agree to release your modifications under the licenses stated above.

Usage

This module will return the result asynchronously - this is necessary to avoid blocking your entire application while generating a number.

An example:

var Promise = require("bluebird");
var randomNumber = require("random-number-csprng");
 
Promise.try(function() {
    return randomNumber(10, 30);
}).then(function(number) {
    console.log("Your random number:", number);
}).catch({code: "RandomGenerationError"}, function(err) {
    console.log("Something went wrong!");
});

API

randomNumber(minimum, maximum, [cb])

Returns a Promise that resolves to a random number within the specified range.

Note that the range is inclusive, and both numbers must be integer values. It is not possible to securely generate a random value for floating point numbers, so if you are working with fractional numbers (eg. 1.24), you will have to decide on a fixed 'precision' and turn them into integer values (eg. 124).

• minimum: The lowest possible value in the range.
• maximum: The highest possible value in the range. Inclusive.

Optionally also accepts a nodeback as cb, but seriously, you should be using Promises.

randomNumber.RandomGenerationError

Any errors that occur during the random number generation process will be of this type. The error object will also have a code property, set to the string "RandomGenerationError".

The error message will provide more information, but this kind of error will generally mean that the arguments you've specified are somehow invalid.

Changelog

• 1.0.2 (March 8, 2016): Security release! Patched handling of large numbers; input values are now checked for MIN_SAFE_INTEGER and MAX_SAFE_INTEGER, and the correct bitwise operator is used (>>> rather than >>).
• 1.0.1 (March 8, 2016): Unimportant file cleanup.
• 1.0.0 (March 8, 2016): Initial release.