Menu
What Is React Doctor?
Quickstart
CLI to CI
How to Fix Issues
GitHub Actions Setup
Other CI Providers
Migrating to CI v2
Config Files
ESLint & oxlint Plugins
CLI Reference
GitHub Action Reference
Node.js API
Changelog
Terms of Service
Privacy Policy
Data Use
Security
Support
Rules reference

react-doctor/insecure-crypto-risk

Weak primitives (MD5, SHA-1, DES, RC4), non-timing-safe comparisons, or `Math.random()` for security values make signatures, tokens, and passwords easier to forge or guess.

  • Category: Security
  • Severity: warn
  • Source: oxlint-plugin-react-doctor
  • Framework: global
  • Enabled when: production source files (.js/.ts/.jsx/.tsx); test/build/doc/generated, example/demo/sample/playground dirs, and protocol-named files (gravatar/digest-auth/oauth1/etag/checksum/cache-key/fingerprint) skipped

Validation prompt

Use this to decide whether a fired diagnostic is real or a false positive.

Fires on the first of: a weak hash createHash('md5'|'sha1') or md5( with a security word (password/token/secret/signature/auth/credential/session/cookie/csrf/api-key) within ~250 chars; a weak cipher (createCipheriv('des'|'rc4'|'blowfish'|…), deprecated createCipher/createDecipher, or a DES/RC4/Blowfish name in a cipher context); a timing-unsafe signature comparison with ==/=== in a non-.jsx/.tsx file that lacks timingSafeEqual; or Math.random() on a line also naming token/secret/password/nonce/salt/csrf/credential/otp. FALSE POSITIVE: the hash/random is non-secret (cache key, _id/etag, a UI focus-nonce), the comparison is against an enum/status/boolean or a signatureMethod/signatureType metadata name (all explicitly excluded), or a protocol mandates md5/sha1 (Gravatar, HTTP Digest, OAuth 1.0) — those contexts are exempted by path and surrounding-text checks.

Fix prompt

Use this once validation confirms the diagnostic is real.

Replace MD5/SHA-1 with SHA-256 or stronger (and bcrypt/scrypt/argon2 for passwords); replace DES/RC4/Blowfish and createCipher/createDecipher with AES-256-GCM via createCipheriv. Compare signatures and MACs with crypto.timingSafeEqual on the server, and generate tokens, nonces, and salts with crypto.randomBytes/crypto.getRandomValues, never Math.random(). Where MD5/SHA-1 is genuinely non-security (checksums, cache keys), move it off the security path or rename it so the intent is clear.