Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.
yarn add @deepsource/shiftyShifty is built for the browser and won't work with Node. You can use the built-in crypto module instead.
import Shifty from "@deepsource/shifty";
const shifty = new Shifty((harden = true), (defaultLength = 16));
shifty.generate((length = 12)); // G8qZt7PEha^s| Parameter | Default | Description |
|---|---|---|
harden |
true |
This flag enables adding special characters in the generated secret |
defaultLength |
16 |
Set the default length of the secrets generated |
| Parameter | Default | Description |
|---|---|---|
length |
Shifty.defaultLength |
Length of the secret to be generated |
The Web Crypto API is an interface allowing a script to use cryptographic primitives in order to build systems using cryptography. This library leverages the Web Crypto API to generate secrets and passwords for the web.
In case the browser does not support the Web Crypto API, the library uses a fallback, it generates the string using Math.random(). This is not cryptographically safe, but is still usable.
The algorithm for generating the password is quite simple
- Generate a array of 8-bit unsigned integers using Uint8Array
- Check if the browser crypto API is supported
- If the browser supports crypto, use the generate array as the seed to fill in with random values using window.crypto.getRandomValues
- Else use the fallback method, loop over the seed array, for every element, generate a random number between 0 to 255
- Initalize the secret string
- Start a while loop, until the length condition is matched
- Start a for loop over the generated numbers
- Convert the number to a character using
String.fromCharCode - If the character code is valid, append it to the secret string from step 3
- If the character limit is satisfied, break. Else, regenerate the seed array from step 2
- Return the generated string