# Weak Random Number Generation in Security Context

- ID: javascript-weak-random
- Severity: HIGH
- CWE: Weak PRNG (CWE-338)
- Languages: JavaScript, TypeScript
- Frameworks: express, fastify

## Description

Detects use of Math.random() for security-sensitive operations like generating
tokens, session IDs, or cryptographic keys. Math.random() is not cryptographically
secure and can be predicted by attackers.

## Detection Message

Math.random() used for security-sensitive operation: {context}

## Remediation

Replace Math.random() with cryptographically secure alternatives.

## Documentation

[object Object]

## Related Rules

- **Weak Random Number Generation for Security** [HIGH]: 
- **Insecure Random Number Generation** [MEDIUM]: 
- **Cryptographically Weak Random Number Generation** [MEDIUM]: