Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
A small Node.js class to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
The hashids npm package is a small JavaScript library that generates short, unique, non-sequential ids from numbers. It is useful for creating URL-friendly ids, obfuscating database ids, and more.
Encoding Numbers
This feature allows you to encode a single number into a unique, short string. This is useful for creating URL-friendly ids.
const Hashids = require('hashids/cjs');
const hashids = new Hashids();
const id = hashids.encode(12345);
console.log(id); // e.g., 'NkK9'
Decoding Numbers
This feature allows you to decode a previously encoded string back into the original number. This is useful for retrieving the original id from a URL-friendly id.
const Hashids = require('hashids/cjs');
const hashids = new Hashids();
const numbers = hashids.decode('NkK9');
console.log(numbers); // [12345]
Encoding Multiple Numbers
This feature allows you to encode multiple numbers into a single unique string. This can be useful for combining multiple ids into one.
const Hashids = require('hashids/cjs');
const hashids = new Hashids();
const id = hashids.encode(1, 2, 3);
console.log(id); // e.g., 'laHquq'
Decoding Multiple Numbers
This feature allows you to decode a previously encoded string back into the original set of numbers. This is useful for retrieving multiple ids from a single URL-friendly id.
const Hashids = require('hashids/cjs');
const hashids = new Hashids();
const numbers = hashids.decode('laHquq');
console.log(numbers); // [1, 2, 3]
Custom Alphabet
This feature allows you to specify a custom alphabet for encoding. This can be useful for ensuring that the generated ids meet specific requirements or constraints.
const Hashids = require('hashids/cjs');
const hashids = new Hashids('', 0, 'abcdefghijklmnopqrstuvwxyz');
const id = hashids.encode(12345);
console.log(id); // e.g., 'dplb'
The shortid package generates short, unique, non-sequential ids. It is similar to hashids in that it creates URL-friendly ids, but it does not provide the ability to encode and decode numbers.
The nanoid package is a tiny, secure, URL-friendly, unique string ID generator. It is similar to hashids in that it creates short, unique ids, but it focuses on security and performance rather than encoding and decoding numbers.
The uuid package generates RFC-compliant UUIDs (Universally Unique Identifiers). It is different from hashids in that it generates longer, globally unique ids, and does not provide the ability to encode and decode numbers.
A small Node.js class to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
http://www.hashids.org/node-js/
hashids (Hash ID's) creates short, unique, decryptable hashes from unsigned integers.
It was designed for websites to use in URL shortening, tracking stuff, or making pages private (or at least unguessable).
This algorithm tries to satisfy the following requirements:
Instead of showing items as 1
, 2
, or 3
, you could show them as U6dc
, u87U
, and HMou
.
You don't have to store these hashes in the database, but can encrypt + decrypt on the fly.
All integers need to be greater than or equal to zero.
Grab Node.js and install if you haven't already: http://nodejs.org/download/
Install using npm:
npm install hashids
You can pass a unique salt value so your hashes differ from everyone else's. I use "this is my salt" as an example.
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var hash = hashes.encrypt(12345);
hash
is now going to be:
ryKo
Notice during decryption, same salt value is used:
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var numbers = hashes.decrypt("ryKo");
numbers
is now going to be:
[ 12345 ]
Decryption will not work if salt is changed:
var hashids = require("hashids"),
hashes = new hashids("this is my pepper");
var numbers = hashes.decrypt("ryKo");
numbers
is now going to be:
[]
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var hash = hashes.encrypt(683, 94108, 123, 5);
hash
is now going to be:
zKphM54nuAyu5
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var numbers = hashes.decrypt("zKphM54nuAyu5");
numbers
is now going to be:
[ 683, 94108, 123, 5 ]
Here we encrypt integer 1, and set the minimum hash length to 8 (by default it's 0 -- meaning hashes will be the shortest possible length).
var hashids = require("hashids"),
hashes = new hashids("this is my salt", 8);
var hash = hashes.encrypt(1);
hash
is now going to be:
rjiMRirL
var hashids = require("hashids"),
hashes = new hashids("this is my salt", 8);
var numbers = hashes.decrypt("rjiMRirL");
numbers
is now going to be:
[ 1 ]
Here we set the alphabet to consist of only four letters: "abcd"
var hashids = require("hashids"),
hashes = new hashids("this is my salt", 0, "abcd");
var hash = hashes.encrypt(1, 2, 3, 4, 5);
hash
is now going to be:
adcdacddcdaacdad
The primary purpose of hashids is to obfuscate ids. It's not meant or tested to be used for security purposes or compression. Having said that, this algorithm does try to make these hashes unguessable and unpredictable:
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var hash = hashes.encrypt(5, 5, 5, 5);
You don't see any repeating patterns that might show there's 4 identical numbers in the hash:
GMh5SAt9
Same with incremented numbers:
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var hash = hashes.encrypt(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
hash
will be :
zEUzHySGIpuyhpF6Tasj
var hashids = require("hashids"),
hashes = new hashids("this is my salt");
var hash1 = hashes.encrypt(1), /* MR */
hash2 = hashes.encrypt(2), /* ed */
hash3 = hashes.encrypt(3), /* o9 */
hash4 = hashes.encrypt(4), /* 4n */
hash5 = hashes.encrypt(5); /* a5 */
Even though speed is an important factor of every hashing algorithm, primary goal here was encoding several numbers at once and making the hash unique and random.
With Node 0.8.8, on a 2.7 GHz Intel Core i7 with 16GB of RAM, it takes roughly 0.08 seconds to:
hashids.encrypt(12);
hashids.decrypt(hash);
while ensuring they are validIf we do the same with 3 integers, for example: hashids.encrypt(10, 11, 12);
-- the number jumps up to 0.13 seconds on the same machine.
Sidenote: The numbers tested with were relatively small -- if you increase them, the speed will obviously decrease.
Usually people either encrypt or decrypt one hash per request, so the algorithm should already be fast enough for that. However, there are still several things you could do:
I wrote this class with the intent of placing these hashes in visible places - like the URL. If I create a unique hash for each user, it would be unfortunate if the hash ended up accidentally being a bad word. Imagine auto-creating a URL with hash for your user that looks like this - http://example.com/user/a**hole
Therefore, this algorithm tries to avoid generating most common English curse words with the default alphabet. This is done by never placing the following letters next to each other:
c, C, s, S, f, F, h, H, u, U, i, I, t, T
0.1.3 - Current Stable
Warning: If you are using 0.1.2 or below, updating to this version will change your hashes.
0.1.2
Warning: If you are using 0.1.1 or below, updating to this version will change your hashes.
encode/decode
to encrypt/decrypt
0.1.1
0.1.0
Follow me @IvanAkimov
MIT License. See the LICENSE
file.
FAQs
Generate YouTube-like ids from numbers. Use Hashids when you do not want to expose your database ids to the user.
The npm package hashids receives a total of 172,168 weekly downloads. As such, hashids popularity was classified as popular.
We found that hashids demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.