Secure random token in Node.js
Try crypto.randomBytes():
require('crypto').randomBytes(48, function(err, buffer) { var token = buffer.toString('hex');});
The 'hex' encoding works in node v0.6.x or newer.
Synchronous option in-case if you are not a JS expert like me. Had to spend some time on how to access the inline function variable
var token = crypto.randomBytes(64).toString('hex');
1. Using nanoid third party library [NEW!]
A tiny, secure, URL-friendly, unique string ID generator for JavaScript
import { nanoid } from "nanoid";const id = nanoid(48);
2. Base 64 Encoding with URL and Filename Safe Alphabet
Page 7 of RCF 4648 describes how to encode in base 64 with URL safety.You can use an existing library like base64url to do the job.
The function will be:
var crypto = require('crypto');var base64url = require('base64url');/** Sync */function randomStringAsBase64Url(size) { return base64url(crypto.randomBytes(size));}
Usage example:
randomStringAsBase64Url(20);// Returns 'AXSGpLVjne_f7w5Xg-fWdoBwbfs' which is 27 characters length.
Note that the returned string length will not match with the size argument (size != final length).
3. Crypto random values from limited set of characters
Beware that with this solution the generated random string is not uniformly distributed.
You can also build a strong random string from a limited set of characters like that:
var crypto = require('crypto');/** Sync */function randomString(length, chars) { if (!chars) { throw new Error('Argument \'chars\' is undefined'); } const charsLength = chars.length; if (charsLength > 256) { throw new Error('Argument \'chars\' should not have more than 256 characters' + ', otherwise unpredictability will be broken'); } const randomBytes = crypto.randomBytes(length); let result = new Array(length); let cursor = 0; for (let i = 0; i < length; i++) { cursor += randomBytes[i]; result[i] = chars[cursor % charsLength]; } return result.join('');}/** Sync */function randomAsciiString(length) { return randomString(length, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789');}
Usage example:
randomAsciiString(20);// Returns 'rmRptK5niTSey7NlDk5y' which is 20 characters length.randomString(20, 'ABCDEFG');// Returns 'CCBAAGDGBBEGBDBECDCE' which is 20 characters length.