Unverified input breaks nanoid
marcbachmann opened this issue · comments
Marc Bachmann commented
If a string is passed as first parameter to nanoid
after the function got called the first time (after something initialized),
it breaks the module completely.
$ node
> const { nanoid } = await import("nanoid")
> nanoid()
'sWlakJEKSOw8U8ycEpaCh'
> nanoid('a')
''
> nanoid()
''
Where as the assertion works if it's called the first time.
$ node
> const { nanoid } = await import("nanoid")
> nanoid('a')
Uncaught:
RangeError [ERR_OUT_OF_RANGE]: The value of "size" is out of range. It must be >= 0 && <= 4294967296. Received NaN
at __node_internal_captureLargerStackTrace (node:internal/errors:496:5)
at new NodeError (node:internal/errors:405:5)
at validateNumber (node:internal/validators:181:11)
at __node_internal_ (node:buffer:393:3)
at Function.allocUnsafe (node:buffer:414:3)
at fillPool (file:///./node_modules/nanoid/index.js:8:19)
at nanoid (file:///./node_modules/nanoid/index.js:39:3) {
code: 'ERR_OUT_OF_RANGE'
}
Andrey Sitnik commented
You should use TypeScript to prevent these issues.
We exports good types https://github.com/ai/nanoid/blob/main/index.d.ts#L15
Adding extra check is against nano-nature of this project.