You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For those who have seen the "vulnerability" report
There is no vulnerability in randomatic, and there never was.
randomatic, long ago, was used for generating pseudo-random strings for unit tests and temp directory names.
later, we added support for cryptographically secure random strings. At that point, we said it could be used for passwords. It was a major bump.
then, much later, someone mistakenly assumed that randomatic was previously advertised as a password generator, which it was not, and they wanted to receive a bounty from snyk or something so they reported randomatic as having a vulnerability.
We have asked the individual who created the report to close it or remove it. They won't. Please don't complain here, or on other libraries that use this. Your time would be much better served making those same complaints on NPM or Snyk, to ask them to close that issue.
The text was updated successfully, but these errors were encountered:
For those who have seen the "vulnerability" report
There is no vulnerability in randomatic, and there never was.
We have asked the individual who created the report to close it or remove it. They won't. Please don't complain here, or on other libraries that use this. Your time would be much better served making those same complaints on NPM or Snyk, to ask them to close that issue.
The text was updated successfully, but these errors were encountered: