{"id":17920947,"url":"https://github.com/davidanson/math-random-polyfill","last_synced_at":"2025-10-06T14:35:35.499Z","repository":{"id":66112521,"uuid":"75366972","full_name":"DavidAnson/math-random-polyfill","owner":"DavidAnson","description":"A browser-based polyfill for JavaScript's Math.random() that tries to make it more random","archived":false,"fork":false,"pushed_at":"2016-12-05T07:38:40.000Z","size":6,"stargazers_count":23,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-04T21:12:25.865Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DavidAnson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-02T06:20:13.000Z","updated_at":"2023-09-08T17:17:49.000Z","dependencies_parsed_at":"2023-04-08T23:47:01.901Z","dependency_job_id":null,"html_url":"https://github.com/DavidAnson/math-random-polyfill","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/DavidAnson/math-random-polyfill","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidAnson%2Fmath-random-polyfill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidAnson%2Fmath-random-polyfill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidAnson%2Fmath-random-polyfill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidAnson%2Fmath-random-polyfill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DavidAnson","download_url":"https://codeload.github.com/DavidAnson/math-random-polyfill/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidAnson%2Fmath-random-polyfill/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278625465,"owners_count":26017947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-28T20:29:46.831Z","updated_at":"2025-10-06T14:35:35.480Z","avatar_url":"https://github.com/DavidAnson.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# math-random-polyfill\n\n\u003e A browser-based polyfill for JavaScript's `Math.random()` that tries to make it more random\n\n[The MDN documentation for Math.random()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random) explicitly warns that return values should not be used for cryptographic purposes.\nFailing to heed that advice can lead to problems, such as those documented in the article [TIFU by using Math.random()](https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d#.lf1mchyk9).\nHowever, there are scenarios - especially involving legacy code - that don't lend themselves to easily replacing `Math.random()` with [`crypto.getRandomValues()`](https://developer.mozilla.org/en-US/docs/Web/API/RandomSource/getRandomValues).\nFor those scenarios, `math-random-polyfill.js` attempts to provide a more random implementation of `Math.random()` to mitigate some of its disadvantages.\n\n\u003e **Important**: If at all possible, use `crypto.getRandomValues()` directly.\n\u003e `math-random-polyfill.js` tries to improve the security of legacy scripts, but is not a substitute for properly implemented cryptography.\n\n## Usage\n\nAdd `math-random-polyfill.js` to your project and reference it from a web page just like any other script:\n\n```html\n\u003cscript src=\"math-random-polyfill.js\"\u003e\u003c/script\u003e\n```\n\nDo this as early as possible for the broadest impact - some scripts capture `Math.random()` during initial load and won't benefit if loaded before `math-random-polyfill.js`.\n\n## Implementation\n\n`math-random-polyfill.js` works by intercepting calls to `Math.random()` and returning the same `0 \u003c= value \u003c 1` based on random data provided by `crypto.getRandomValues()`.\nValues returned by `Math.random()` should be completely unpredictable and evenly distributed - both of which are true of the random bits returned by `crypto.getRandomValues()`.\nThe [polyfill](https://en.wikipedia.org/wiki/Polyfill) maps those values into [floating point numbers](https://en.wikipedia.org/wiki/Floating_point) by using the random bits to create integers distributed evenly across the range `0 \u003c= value \u003c Number.MAX_SAFE_INTEGER` then dividing by `Number.MAX_SAFE_INTEGER + 1`.\nThis maintains the greatest amount of randomness and precision during the transfer from the integer domain to the floating point domain.\n\n\u003e An alternate approach that uses random bits to create floating point numbers directly suffers from the problem that the binary representation of those numbers is non-linear and therefore the resulting values would not be uniformly distributed.\n\nThe code and tests for `math-random-polyfill.js` are implemented in [ECMAScript 5](https://en.wikipedia.org/wiki/ECMAScript#5th_Edition) and should work on all browsers that implement `crypto.getRandomValues()` and [`Uint32Array`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint32Array).\n\n## Testing\n\nTests are known to pass on the following browsers:\n\n- Chrome\n- Edge\n- Firefox\n- Internet Explorer 11\n- Safari\n\nThey may pass on other browsers as well; [run the `math-random-polyfill.js` test suite](https://davidanson.github.io/math-random-polyfill/) to check.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidanson%2Fmath-random-polyfill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidanson%2Fmath-random-polyfill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidanson%2Fmath-random-polyfill/lists"}