prefer-random-secure

v1.38.0

warning

effort: 2m

has IDE fix

has auto-fix

pro+

Warns when Random is used in a security-sensitive context.

The output of Random is predictable and must not be used in security-sensitive contexts.

Example

❌ Bad:

void fn() {
  // LINT: The output of Random is predictable and must not be used in security-sensitive contexts.
  //  Try using 'Random.secure()' instead.
  final random = Random();
}

✅ Good:

void fn() {
  final random = Random.secure();
}

Additional Resources

CWE-330: Use of Insufficiently Random Values

Example​

Additional Resources​

Example

Additional Resources