MercuryWorkshop · markrosenbaum · Sep 8, 2023 · Sep 8, 2023 · Sep 8, 2023
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,5 +1,6 @@
 [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=MercuryWorkshop_anuraOS&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=MercuryWorkshop_anuraOS)
 [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=MercuryWorkshop_anuraOS&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=MercuryWorkshop_anuraOS)
+
 # Security Policy
 
 ## Supported Versions(Will be added in prod)

diff --git a/package.json b/package.json
@@ -32,7 +32,7 @@
         "typescript": "=5.0.4"
     },
     "devDependencies": {
-        "@types/node": "^20.4.2",
+        "@types/node": "^20.5.9",
         "prettier": "^3.0.0"
     }
 }
diff --git a/server/server.ts b/server/server.ts
@@ -12,6 +12,8 @@ import basicAuth from "express-basic-auth";
 
 import { readFileSync } from "fs";
 
+import * as crypto from "crypto";
+
 const useAuth = process.argv.includes("--auth");
 const useParanoidAuth = process.argv.includes("--paranoid-auth");
 // paranoid auth requests the user to send the server a passkey instead of a password, it's recommended to generate this passkey
@@ -26,6 +28,13 @@ spawn(
     },
 );
 
+function cryptoRandom() {
+    const typedArray = new Uint8Array(1);
+    const randomValue = crypto.getRandomValues(typedArray)[0];
+    const randomFloat = randomValue / Math.pow(2, 8);
+    return randomFloat;
+}
+
 function shutdown() {
     console.log();
     // https://expressjs.com/en/advanced/healthcheck-graceful-shutdown.html
@@ -180,9 +189,10 @@ function sessionPassword(length: number) {
     let counter = 0;
     while (counter < length) {
         result += characters.charAt(
-            Math.floor(Math.random() * charactersLength),
+            Math.floor(cryptoRandom() * charactersLength),
         );
         counter += 1;
     }
+    console.log("The username for this session is: demouser");
     return result;
 }