Insecure Random

crypto-js uses an insecure random. An attacker is able to guess and discover generated values due to biasness in the secureRandom function...

Insecure Pseudo-Random Number Generator

generate-password uses insecure pseudo-random number generator to generate a random number used in password generation. This results in biasness in the probability distribution of generated characters when the character count does not divide 256...