Open
Description
For those who have seen the "vulnerability" report
There is no vulnerability in randomatic, and there never was.
- randomatic, long ago, was used for generating pseudo-random strings for unit tests and temp directory names.
- later, we added support for cryptographically secure random strings. At that point, we said it could be used for passwords. It was a major bump.
- then, much later, someone mistakenly assumed that randomatic was previously advertised as a password generator, which it was not, and they wanted to receive a bounty from snyk or something so they reported randomatic as having a vulnerability.
We have asked the individual who created the report to close it or remove it. They won't. Please don't complain here, or on other libraries that use this. Your time would be much better served making those same complaints on NPM or Snyk, to ask them to close that issue.
Metadata
Metadata
Assignees
Labels
No labels