Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is no vulnerability #26

Open
jonschlinkert opened this issue Jul 12, 2019 · 0 comments
Open

There is no vulnerability #26

jonschlinkert opened this issue Jul 12, 2019 · 0 comments

Comments

@jonschlinkert
Copy link
Owner

For those who have seen the "vulnerability" report

There is no vulnerability in randomatic, and there never was.

  1. randomatic, long ago, was used for generating pseudo-random strings for unit tests and temp directory names.
  2. later, we added support for cryptographically secure random strings. At that point, we said it could be used for passwords. It was a major bump.
  3. then, much later, someone mistakenly assumed that randomatic was previously advertised as a password generator, which it was not, and they wanted to receive a bounty from snyk or something so they reported randomatic as having a vulnerability.

We have asked the individual who created the report to close it or remove it. They won't. Please don't complain here, or on other libraries that use this. Your time would be much better served making those same complaints on NPM or Snyk, to ask them to close that issue.
@jonschlinkert jonschlinkert pinned this issue Jul 12, 2019
Repository owner locked as resolved and limited conversation to collaborators Jul 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonschlinkert