marcio0

import React from "react";
import PropTypes from "prop-types";
import { has } from "lodash";
import PatchEvent, { set, unset } from "part:@sanity/form-builder/patch-event";
import ReferenceInput from "@sanity/form-builder/lib/inputs/ReferenceInput";
import { withDocument } from "part:@sanity/form-builder";
import { map } from "rxjs/operators";
import client from "part:@sanity/base/client";
import { createWeightedSearch } from "../../utils/search";
import { observeForPreview } from "part:@sanity/base/preview";

joepie91

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

• Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
• Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
• If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
• If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's