Any alternative to using Math.random()?

Some security scan on our app points to that (js) api and reports that it is a weak random number generator. It also reports that there are better alternatives like using crypto.randomBytes(). 

Would want to know if this module's operation is security-critical in any way and specifically how those variables which are assigned values from expressions using `Math.random()` actually used.