Luarocks.org Security Incident March 2019

Because LuaRocks.org is opensource, someone could gain understanding of how the system works and guess the random number generator’s seed. The random number generator was only used for API keys and password reset tokens so the search space to guess the tokens was small, as nothing else as would have been incrementing the seed. LuaRocks.org is a package manager, so the security of accounts is critical.

Source: luarocks.org