Critiq Docs
Get started
security.cryptography

Use enough entropy for secrets and tokens

Secret-bearing tokens and secrets should use at least 16 bytes of cryptographic entropy.

#Metadata

Rule ID
ts.security.insufficiently-random-values
Severity
high
Confidence
0.9
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
cryptography, randomness, rules-catalog, security

#Why it matters

Short random values are harder to brute-force than predictable values, but they can still be guessed faster than modern secret-bearing flows should allow.

#Remediation

Generate at least 16 bytes of entropy for reset tokens, invitation codes, session secrets, and similar secret-bearing values.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.insufficiently-random-values.rule.yaml.

Back to registryOpen rule in repository