codeql/javascript/ql/src/Security/CWE-338/examples/InsecureRandomness.js

function insecurePassword() {
    // BAD: the random suffix is not cryptographically secure
    var suffix = Math.random();
    var password = "myPassword" + suffix;
    return password;
}