Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
@lukeed/uuid
Advanced tools
Readme
A tiny (~230B) and fast UUID (v4) generator for Node and the browser.
This module offers two modes for your needs:
@lukeed/uuid
Math.random
to produce UUIDs.@lukeed/uuid/secure
crypto
module.Important:
Version1.0.0
only offered a "secure" implementation.
Inv2.0.0
, this is now exported as the"@lukeed/uuid/secure"
entry.
Additionally, this module is preconfigured for native ESM support in Node.js with fallback to CommonJS. It will also work with any Rollup and webpack configuration.
$ npm install --save @lukeed/uuid
There are two "versions" of @lukeed/uuid
available:
@lukeed/uuid
Size (gzip): 231 bytes
Availability: CommonJS, ES Module, UMD
Relies on Math.random
, which means that, while faster, this mode is not cryptographically secure.
Works in Node.js and all browsers.
@lukeed/uuid/secure
Size (gzip): 235 bytes
Availability: CommonJS, ES Module, UMD
Relies on the environment's crypto
module in order to produce cryptographically secure (CSPRNG) values.
Works in all versions of Node.js. Works in all browsers with crypto.getRandomValues()
support.
import { v4 as uuid } from '@lukeed/uuid';
import { v4 as secure } from '@lukeed/uuid/secure';
uuid(); //=> '400fa120-5e9f-411e-94bd-2a23f6695704'
uuid(); //=> 'cd6ffb4d-2eda-4c84-aef5-71eb360ac8c5'
secure(); //=> '8641f70e-8112-4168-9d81-d38170bfa612'
secure(); //=> 'd175fabc-2a4d-475f-be56-29ba8104c2f2'
Returns: string
Creates a new Version 4 (random) RFC4122 UUID.
Running on Node.js v12.18.4
Validation:
✔ String.replace(Math.random)
✔ String.replace(crypto)
✔ uuid/v4
✔ @lukeed/uuid
✔ @lukeed/uuid/secure
Benchmark:
String.replace(Math.random) x 381,358 ops/sec ±0.31% (93 runs sampled)
String.replace(crypto) x 15,842 ops/sec ±1.16% (86 runs sampled)
uuid/v4 x 1,259,600 ops/sec ±0.45% (91 runs sampled)
@lukeed/uuid x 6,384,840 ops/sec ±0.22% (95 runs sampled)
@lukeed/uuid/secure x 5,439,096 ops/sec ±0.23% (98 runs sampled)
Running on Chrome v85.0.4183.121
Validation:
✔ String.replace(Math.random)
✔ uuid/v4
✔ @lukeed/uuid
✔ @lukeed/uuid/secure
Benchmark:
String.replace(Math.random) x 313,213 ops/sec ±0.58% (65 runs sampled)
uuid/v4 x 302,914 ops/sec ±0.94% (64 runs sampled)
@lukeed/uuid x 5,881,761 ops/sec ±1.29% (62 runs sampled)
@lukeed/uuid/secure x 852,939 ops/sec ±0.88% (65 runs sampled)
The reason why this UUID.V4 implementation is so much faster is two-fold:
The @lukeed/uuid/secure
module maintains an internal ArrayBuffer of 4096 bytes, which supplies 256 uuid.v4()
invocations. However, the default module preallocates 256 invocations using less memory upfront. Both implementations will regenerate its internal allocation as needed.
A larger buffer would result in higher performance over time, but I found this to be a good balance of performance and memory space.
MIT © Luke Edwards
FAQs
A tiny (230B) and fast UUID (v4) generator for Node and the browser
The npm package @lukeed/uuid receives a total of 957,539 weekly downloads. As such, @lukeed/uuid popularity was classified as popular.
We found that @lukeed/uuid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.