Skip to content

Add Quantum Randomness extension for Scratch #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DashDevmationsDash wants to merge 1 commit into
base: main
Choose a base branch
from
+98 −0
Open

Add Quantum Randomness extension for Scratch #513

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 98 additions & 0 deletions -Devmations-/Quantum Randomness.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
(function (Scratch) {
'use strict';

let apikey = '';
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is global state, it might be a good idea to add a serializer for this so it doesn't need to be set on project start each time.


class Extension {
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a requirement, but it'd be nice if this were named something relevant rather than just "Extension."

getInfo() {
return {
id: 'anuqrngisfreakingawesome',
name: 'Quantum Randomness',
color1: '#21ab61',
blocks: [
{
opcode: 'how2getapikey',
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Buttons don't need opcodes, this can just use the func key.

text: 'How To Get An Api Key',
blockType: Scratch.BlockType.BUTTON
},
{
opcode: 'nrandomnumbers',
text: 'Get Random Number Inbetween [MIN] To [MAX]',
blockType: Scratch.BlockType.REPORTER,
arguments: {
MIN: {
type: Scratch.ArgumentType.NUMBER,
defaultValue: 1
},
MAX: {
type: Scratch.ArgumentType.NUMBER,
defaultValue: 10
}
}
},
{
opcode: 'setapikey',
text: 'Set Api Key To [APIKEY]',
blockType: Scratch.BlockType.COMMAND,
arguments: {
APIKEY: {
type: Scratch.ArgumentType.STRING,
defaultValue: 'Insert Api Key'
}
}
}
]
};
}

how2getapikey() {
alert(
"How To Get An Api Key(100% Clickbait)(Cops Called)(At 3 Am)Works In 2026\n\n" +
"1. Go to https://quantumnumbers.anu.edu.au/\n\n" +
"2. Create an account or log in.\n\n" +
"3. Open your Dashboard or Account page.\n\n" +
"4. Locate your API Key section.\n\n" +
"5. Copy your Free API Key.\n\n" +
"6. Paste it into the 'Set Api Key' block.\n\n" +
"Pro Tip: Try Encoding Your Api Key Cuz In A Site Where Seeing The Code Of Projects Is As Easy As A Click Of A Button... You Will Need It"
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security through obscurity is not real security, it's like hiding spare keys under a rock in your yard. Sure, nobody will know it's there unless you tell them, or they scope it out, but if they know it's there, then it's pretty easy to break into your house.

Copy link
Member

@Ianyourgod Ianyourgod Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not even that. its REALLY easy to find the api key. you can just look at the network tab in inspect element.

Copy link

@the-can-of-soup the-can-of-soup Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can confirm
image

);
}


async nrandomnumbers(args) {
let min = Number(args.MIN);
let max = Number(args.MAX);
if (min > max) [min, max] = [max, min];
if (min === max) return min;
try {
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), 3000);
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd specify a message to say that this abortion was because it got timed out.


const response = await fetch(
'https://api.quantumnumbers.anu.edu.au?length=1&type=uint8',
{
headers: {
'x-api-key': apikey
},
signal: controller.signal
}
);
clearTimeout(timeout);
const json = await response.json();
const quantumValue = json.data[0] / 256;
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation specifies that the number will always be between 0 and 255, not 256, so this should be dividing by 255.


return Math.floor(min + quantumValue * (max - min + 1));

} catch (error) {
console.warn("Quantum API failed, using Math.random()", error);
return Math.floor(min + Math.random() * (max - min + 1));
}
Comment on lines +86 to +89
Copy link
Contributor

@Steve0Greatness Steve0Greatness Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should probably be using the web-crypto method getRandomValues here, as it's closer to true random than Math.random is.

const value = new Uint8Array(1);
crypto.getRandomValues(value);
return Math.floor(min + (value[0]/255) * (max - min + 1));

}

setapikey(args) {
apikey = args.APIKEY;
}
}

Scratch.extensions.register(new Extension());
})(Scratch);