🎉 Fallback to Math.random when debugger is attached (#8)

Normally this calls a synchronous native method, which is more secure and of course the point of this library, but calling synchronous native methods is not supported when the debugger is attached.

Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>

Author: TheAlmightyBob

index.js

@@ -4,6 +4,21 @@ const base64Decode = require('fast-base64-decode')
 class TypeMismatchError extends Error {}
 class QuotaExceededError extends Error {}
 
+let warned = false
+function insecureRandomValues (array) {
+  if (!warned) {
+    console.warn('Using an insecure random number generator, this should only happen when running in a debugger without support for crypto.getRandomValues')
+    warned = true
+  }
+
+  for (let i = 0, r; i < array.length; i++) {
+    if ((i & 0x03) === 0) r = Math.random() * 0x100000000
+    array[i] = (r >>> ((i & 0x03) << 3)) & 0xff
+  }
+
+  return array
+}
+
 /**
  * @param {Int8Array|Uint8Array|Int16Array|Uint16Array|Int32Array|Uint32Array|Uint8ClampedArray} array
  */
@@ -16,6 +31,15 @@ function getRandomValues (array) {
     throw new QuotaExceededError('Can only request a maximum of 65536 bytes')
   }
 
+  // Calling RNGetRandomValues.getRandomBase64 in debug mode leads to the error
+  // "Calling synchronous methods on native modules is not supported in Chrome".
+  // So in that specific case we fall back to just using Math.random.
+  if (__DEV__) {
+    if (typeof global.nativeCallSyncHook === 'undefined') {
+      return insecureRandomValues(array)
+    }
+  }
+
   base64Decode(RNGetRandomValues.getRandomBase64(array.byteLength), new Uint8Array(array.buffer, array.byteOffset, array.byteLength))
 
   return array