Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
If you need unique identifiers in your Node.js app for use in a database such as Apache CouchDB or Cloudant, then kuuid can generate them. The ids it generates are:
If a kuuid
-generated id were used as a database's unique identifier, it would sort roughly in time order (kuuid.id()
), or reverse time order (kuuid.idr()
)
Add kuuid to your Node.js project with:
npm install --save kuuid
Import the library into your code with:
const kuuid = require('kuuid')
Simply call the kuuid.id()
function to get an id:
let id = kuuid.id()
// 001fgS7k4gJxqY1aXpni3gHuOy0WusLe
You can use such an id as a unique identifier in your database records:
let doc = {
_id: kuuid.id(),
name: 'Glynn',
location: 'UK',
verified: true
}
// {"_id":"001fgS954GN35e4NJPyK1W9aiE44m2xD","name":"Glynn","location":"UK","verified":true}
db.insert(doc)
By default, the id()
function returns an id made up of a timestamp derived from "now" to second precision, 128 bits of data and it will sort in oldest-first order. This can be configured by overriding these defaults:
const id = kuuid.id({
timestamp: '2000-01-01T10:24:22.000Z', // use a known timestamp
random: 1, // use less random data
reverse: true, // sort in newest first order
millisecond: true // the timestamp should be to millisecond precision
})
timestamp
- an ISO string representing the date/time required or an integer representing the number of milliseconds since 1970. Default "now"random
- the quantity of random data. Between 1 and 4. Default 4
.reverse
- if true, the id will sort in newest-first order. Default false
.millisecond
- if true, the id's time component will be stored with milliecond precision. Default false
.For backwards compatibility, the id()
function will also accept a string or number parameter representing the timestamp.
// 'now'
kuuid.id()
// ISO String
kuuid.id('2018-07-20T10:10:34.234Z')
// millseconds since 1970
kuuid.id(1514764800000)
idr()
- returns an id that sorts in newest-first order.idms()
- returns an id with millisecond precision.ids()
- returns a shorter id (64-bits of random data).idsr()
- returns a short it in newest-first order.prefix()
- returns only the time prefix.prefixReverse()
- returns only the time prefix (reverse order).prefixms()
- returns only the time prefix with ms precision.prefixReverseMs()
- returns only the time prefix with ms precision. (reverse order).rand()
- returns the random portion of the id.A kuuid.id()
string has two parts:
The front eight characters allow the string to be sorted by time. Two ids created in the same second will have the same front eight characters. The remaining 24 characters contain 128 bits of random data.
The strings are encoded in "base 62" (i.e using digits and uppercase/lowercase letters) to pack more information into a smaller space.
kuuid
library can only be used to store dates after the epoch on 1970-01-01
._id
field.FAQs
Time-sortable UUID - roughly time-sortable unique id generator
We found that kuuid demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.