Skip to content

Generate a cryptographically strong random string

License

Notifications You must be signed in to change notification settings

sindresorhus/crypto-random-string

Repository files navigation

crypto-random-string

Generate a cryptographically strong random string

Can be useful for creating an identifier, slug, salt, PIN code, fixture, etc.

Works in Node.js and browsers.

Install

npm install crypto-random-string

Usage

import cryptoRandomString from 'crypto-random-string';

cryptoRandomString({length: 10});
//=> '2cf05d94db'

cryptoRandomString({length: 10, type: 'base64'});
//=> 'YMiMbaQl6I'

cryptoRandomString({length: 10, type: 'url-safe'});
//=> 'YN-tqc8pOw'

cryptoRandomString({length: 10, type: 'numeric'});
//=> '8314659141'

cryptoRandomString({length: 6, type: 'distinguishable'});
//=> 'CDEHKM'

cryptoRandomString({length: 10, type: 'ascii-printable'});
//=> '`#Rt8$IK>B'

cryptoRandomString({length: 10, type: 'alphanumeric'});
//=> 'DMuKL8YtE7'

cryptoRandomString({length: 10, characters: 'abc'});
//=> 'abaaccabac'

API

cryptoRandomString(options)

Returns a randomized string. Hex by default.

cryptoRandomStringAsync(options)

Returns a promise which resolves to a randomized string. Hex by default.

For most use-cases, there's really no good reason to use this async version. From the Node.js docs:

The crypto.randomBytes() method will not complete until there is sufficient entropy available. This should normally never take longer than a few milliseconds. The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy.

In general, anything async comes with some overhead on it's own.

import {cryptoRandomStringAsync} from 'crypto-random-string';

await cryptoRandomStringAsync({length: 10});
//=> '2cf05d94db'

options

Type: object

length

Required
Type: number

Length of the returned string.

type

Type: string
Default: 'hex'
Values: 'hex' | 'base64' | 'url-safe' | 'numeric' | 'distinguishable' | 'ascii-printable' | 'alphanumeric'

Use only characters from a predefined set of allowed characters.

Cannot be set at the same time as the characters option.

The distinguishable set contains only uppercase characters that are not easily confused: CDEHKMPRTUWXY012458. It can be useful if you need to print out a short string that you'd like users to read and type back in with minimal errors. For example, reading a code off of a screen that needs to be typed into a phone to connect two devices.

The ascii-printable set contains all printable ASCII characters: !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ Useful for generating passwords where all possible ASCII characters should be used.

The alphanumeric set contains uppercase letters, lowercase letters, and digits: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789. Useful for generating nonce values.

characters

Type: string
Minimum length: 1
Maximum length: 65536

Use only characters from a custom set of allowed characters.

Cannot be set at the same time as the type option.

Related


Get professional support for this package with a Tidelift subscription
Tidelift helps make open source sustainable for maintainers while giving companies
assurances about security, maintenance, and licensing for their dependencies.