Fix for code scanning alert no. 1: Insecure randomness#11
Conversation
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
@copilot check build and behavior |
Agent-Logs-Url: https://github.com/feuvan/abyssfire/sessions/6057e0af-7e85-4099-837d-d0aa575a7494 Co-authored-by: feuvan <7534+feuvan@users.noreply.github.com>
The original fix used Node's Fixed in ce38087 by replacing it with the browser's Web Crypto API: uid: `gem_${Date.now()}_${Array.from(globalThis.crypto.getRandomValues(new Uint8Array(4))).map(b => b.toString(16).padStart(2, '0')).join('')}`,
|
| const gemBase = getItemBase(gem.gemId); | ||
| const gemItem: ItemInstance = { | ||
| uid: `gem_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`, | ||
| uid: `gem_${Date.now()}_${Array.from(globalThis.crypto.getRandomValues(new Uint8Array(4))).map(b => b.toString(16).padStart(2, '0')).join('')}`, |
Agent-Logs-Url: https://github.com/feuvan/abyssfire/sessions/0f7840da-6eaa-47c4-9e87-564e64d394f1 Co-authored-by: feuvan <7534+feuvan@users.noreply.github.com>
✅ Build passes (
Neither Phaser nor a Node-for-browser polyfill is needed here. Phaser's RNG ( The correct browser-native solution is exactly what's already in place: |
import * as crypto from 'crypto'doesn't work in this browser-based Vite/Phaser projectglobalThis.crypto.getRandomValues)randomHex(bytes)helper for readabilitytsc && vite build)🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.