Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
By Trevor Norris - Jan 09, 2025
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
anonymous-user-id
Advanced tools
anonymous-user-id
[](https://www.npmjs.com/package/anonymous-user-id) [](package.json) [
anonymous-user-id is a JavaScript library that allows you to anonymously identify unique users on your website without requiring them to store (and consent to) a tracking cookie. Instead, we generate a unique ID for each user based on information that can be pulled out of a regular HTTP request, mainly the source IP address and User-Agent header.
The method we use to do this is heavily inspired by Plausible Analytics, with BLAKE2s as the hash function.
Supported Algorithms
-
hash(salt + domain + ip + user_agent)- This is the same algorithm used by Plausible Analytics. It relies on a salt you need to rotate at least once a day, preventing you (or anyone else) from tracking the actions of a single user for longer than the lifespan of a single salt. -
hash(hash(secret + date) + domain + ip + user_agent)- This is a modified (and less secure) variant of the original algorithm, meant for apps that can't reliably keep state (such as serverless functions), preventing them from storing a salt. Instead, we generate the salt from a long-lived secret (which you can set as e.g. an environment variable) and the current date.
Getting Started
Prerequisites
- Node >= 10 (if using in Node)
Installing
npm:
npm i anonymous-user-id
yarn:
yarn add anonymous-user-id
Usage
For each algorithm this package supports, it exports a function you can use to generate an ID with it.
-
getAnonymousUserId(salt: string, request: RequestDetails)- implements
hash(salt + domain + ip + user_agent)
- implements
-
getAnonymousUserIdWithSecret(secret: string, request: RequestDetails)- implements
hash(hash(secret + date) + domain + ip + user_agent)
- implements
Example
import {
getAnonymousUserId,
getAnonymousUserIdWithSecret,
} from 'anonymous-user-id';
const requestDetails = {
domain: 'test.test',
ip: '1.1.1.1',
userAgent: 'test/1.0',
};
const id1 = getAnonymousUserId('salt', requestDetails);
const id2 = getAnonymousUserIdWithSecret('secret', requestDetails);
Contributing
If you have Docker and Docker Compose installed, you can run docker-compose up to immediately get a working development environment for this package, with Jest running the tests in watch mode.
You can also use yarn link to use your local version of the package in a different project.
Authors
- Veselin Romić (omegavesko@gmail.com)
License
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
[](https://www.npmjs.com/package/anonymous-user-id) [](package.json) [
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
By Kirill Boychenko - Jan 08, 2025
Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
By Sarah Gooding - Jan 07, 2025