A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
var nanoid = require('nanoid')
model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqLJ"Safe. It uses cryptographically strong random APIs and guarantees a proper distribution of symbols.
Small. Only 179 bytes (minified and gzipped). No dependencies. It uses Size Limit to control size.
Compact. It uses a larger alphabet than UUID (A-Za-z0-9_~)
and has a similar number of unique IDs in just 21 symbols instead of 36.
The generator supports Node.js and all browsers starting from IE 11.
See a good article about random generators theory: Secure random values (in Node.js)
Instead of using the unsafe Math.random(), Nano ID uses the crypto module
in Node.js and the Web Crypto API in browsers.
random % alphabet is a popular mistake to make when coding an ID generator.
The spread will not be even; there will be a lower chance for some symbols
to appear compared to others—so it will reduce the number of tries
when brute-forcing.
Nano ID uses a better algorithm and is tested for uniformity:
Nano ID is quite comparable to UUID v4 (random-based). It has a similar number of random bits in the ID (126 in Nano ID and 122 in UUID), so it has a similar collision probability:
For there to be a one in a billion chance of duplication, 103 trillion version 4 IDs must be generated.
There are two main differences between Nano ID and UUID v4:
- Nano ID uses a bigger alphabet, so a similar number of random bits are packed in just 21 symbols instead of 36.
- Nano ID code is less than half the size of the
uuid/v4package: 179 bytes instead of 435.
$ ./benchmark
nanoid 375,840 ops/sec
nanoid/generate 268,747 ops/sec
uuid/v4 374,767 ops/sec
shortid 41,260 ops/sec
The main module uses URL-friendly symbols (A-Za-z0-9_~) and returns an ID
with 21 characters (to have a collision probability similar to UUID v4).
var nanoid = require('nanoid')
model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqLJ"Symbols -,.() are not encoded in the URL. If used at the end of a link
they could be identified as a punctuation symbol.
If you want to reduce ID length (and increase collisions probability), you can pass the length as an argument:
nanoid(10) //=> "IRFa~VaY2b"If you want to change the ID's alphabet or length
you can use the low-level generate module.
var generate = require('nanoid/generate')
model.id = generate('1234567890abcdef', 10) //=> "4f90d13a42"Alphabet must contain 256 symbols or less. Otherwise, the generator will not be secure.
You can replace the default safe random generator using the format module.
For instance, to use a seed-based generator.
var format = require('nanoid/format')
function random (size) {
var result = []
for (var i = 0; i < size; i++) result.push(randomByte())
return result
}
format(random, "abcdef", 10) //=> "fbaefaadeb"random callback must accept the array size and return an array
with random numbers.
If you want to use the same URL-friendly symbols with format,
you can get the default alphabet from the url module:
var url = require('nanoid/url')
format(random, url, 10) //=> "93ce_Ltuub"