Ready to take your JavaScript development to the next level? Meet npm Enterprise - the ultimate in enterprise JavaScript. Learn more »

tslint-no-math-random

1.0.1 • Public • Published

TSLint no-math-random Rule

TSLint rule to disallow Math.random() usage.

JavaScripts's built in Math.random() function is not seed-able, not secure, and not really that random. So, how about we disable it completely in projects where using it could cause something bad.

Usage

Add this to your package's devDependencies, then in your tsconfig.json add the following lines:

{
    "extends": {
        "tslint-no-math-random"
    },
    "rules": {
        "no-math-random": true
    }
}

That's it! With this rule enabled any calls to Math.random() will result in a linter error.

The ban alternative

TSLint's built in rule ban can accomplish much of what this package allows.

Example:

{
    "rules": {
        "ban": [
            true,
            {
                "name": ["Math", "random"],
                "message": "Use a better PRNG."
            }
        ]
    }
}

The main upside to this is that you don't need this package; Hurrah! The only downside is that if you selectively disable the ban rule for a line/block of code, you've disabled all banned syntax which could hypothetically allow other errors.

Also, I think the rule name is clearer as no-math-random rather than ban; but to each their own.

However, in reality using ban is probably easier. I won't be offended.

Motivation

I made this rule for two simple reasons:

  1. To make sure developers do not use JS's built in Math.random when better solutions exist.
  2. Because I wanted to learn some under the hood stuff with how TS and TSLint work.

The only thing you probably care about is the first. But if you did not know, JS's built in Math.random() leaves lot to be desired (seeding), and is an easy trap to fall into if you want to get into cryptography.

If in your project you use some superior source of randomness via some PRNG package, then you can ban the usage of JS's built-in PRNG using this rule!

But mostly this exists for the second reason :P

install

npm i tslint-no-math-random

Downloadsweekly downloads

31

version

1.0.1

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability