changelog

Also, link to a neutral URL for the MIT license instead of the node-ses repo.

CHANGELOG.md

@@ -4,6 +4,12 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.1.4] 2024-09-26
+
+## Changes
+
+- In previous versions, if there was not enough entropy on the system, `securerandomstring` would throw an exception. Now it will retry to generate a random string until it succeeds, or the call stack becomes full.
+
 ## [1.1.0] 2017-12-26
 
 ### New Features

README.md

@@ -8,7 +8,9 @@ Node.js module that generates a cryptographically secure random string with a gi
 var srs = require('secure-random-string');
 ```
 
-### Default behavior: Generate a random string 32 characters long.
+### Default behavior: Generate a random Base64 encoded string 32 characters long.
+
+This may include alphanumeric characters as well as the following characters: +, /, =.
 
 ```javascript
 // Sync
@@ -64,4 +66,4 @@ the async API returns the error to the callback.
 
 ## License
 
-[MIT](https://github.com/aheckmann/node-ses/blob/master/LICENSE)
+[MIT](https://opensource.org/licenses/MIT)

lib/secure-random-string.js

@@ -31,6 +31,9 @@ function srs(options, cb) {
 		} else {
 			string = string.replace(/\//g, '_').replace(/\+/g, '-');
 		}
+		if (string.length < length) {
+			return _finish(crypto.randomBytes(length));
+		}
 		return string.substr(0, length);
 	}
 };

package.json

@@ -1,6 +1,6 @@
 {
   "name": "secure-random-string",
-  "version": "1.1.0",
+  "version": "1.1.4",
   "description": "Generates a secure random string with a given length",
   "main": "lib/secure-random-string.js",
   "scripts": {
@@ -8,7 +8,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/S2-/securerandomstring.git"
+    "url": "https://github.com/5im-0n/securerandomstring.git"
   },
   "keywords": [
     "crypto",
@@ -19,10 +19,12 @@
     "token"
   ],
   "author": "Simon Santoro",
-  "contributors": ["Mark Stosberg <mark@rideamigos.com>"],
+  "contributors": [
+    "Mark Stosberg <mark@rideamigos.com>"
+  ],
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/S2-/securerandomstring/issues"
+    "url": "https://github.com/5im-0n/securerandomstring/issues"
   },
-  "homepage": "https://github.com/S2-/securerandomstring"
+  "homepage": "https://github.com/5im-0n/securerandomstring"
 }

tests.js

@@ -56,10 +56,19 @@ srs({alphanumeric: true}, function(err, sr) {;
 		true
 	);
 });
+
+srs({alphanumeric: true, length: 40}, function(err, sr) {;
+	test('Must contain alphanumeric only and be 40 chars long',
+		sr.match(/^[a-zA-Z0-9_]*$/g)[0] === sr && sr.length === 40,
+		true
+	);
+});
+
 // sync tests
 test('generate a random string 32 chars long (sync)', srs().length, 32);
 test('generate a random string 1 chars long (sync)', srs({length: 1}).length, 1);
 test('generate a random string 256 chars long (sync)', srs({length: 256}).length, 256);
+test('generate a random string 10 chars long (sync)', srs({length: 10}).length, 10);
 
 
 //in 2000 chars there should be at least one substitution