What is nanoid?
The nanoid npm package is a small, secure, URL-friendly, unique string ID generator for JavaScript applications. It is designed to be fast and efficient, producing random or custom ID strings suitable for a variety of applications, including database keys, session identifiers, and more.
What are nanoid's main functionalities?
Simple ID Generation
Generate a unique, URL-friendly ID. The default ID length is 21 characters, which provides a good balance of speed and uniqueness.
const { nanoid } = require('nanoid');
console.log(nanoid()); // Example output: 'V1StGXR8_Z5jdHi6B-myT'
Custom Length ID Generation
Generate a unique ID with a custom length. This allows for shorter or longer IDs depending on the level of uniqueness required.
const { nanoid } = require('nanoid');
console.log(nanoid(10)); // Example output: 'IRFa-VaY2b'
Non-secure ID Generation
Generate a non-secure ID with a custom alphabet and length. This is useful for cases where unique IDs are needed without the cryptographic strength.
const { customAlphabet } = require('nanoid');
const nanoid = customAlphabet('1234567890abcdef', 10);
console.log(nanoid()); // Example output: '4f90d13a42'
Custom Alphabet ID Generation
Generate a unique ID using a custom alphabet. This is useful when you need to avoid certain characters or use a specific set of characters for IDs.
const { customAlphabet } = require('nanoid');
const alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
const nanoid = customAlphabet(alphabet, 10);
console.log(nanoid()); // Example output: '4f90d13a42'
Other packages similar to nanoid
uuid
The uuid package can generate RFC-compliant UUIDs. It offers different versions of UUIDs, such as v1 (timestamp-based), v4 (random), and others. Compared to nanoid, uuid provides more standardized and structured IDs, but they are not as compact as nanoid's IDs.
shortid
Shortid is another package for generating short non-sequential url-friendly unique ids. However, it is no longer recommended for use as it has been deprecated in favor of nanoid, which is more secure and maintains a smaller size.
uniqid
Uniqid is a package that generates unique IDs based on the current time and an optional prefix or suffix. It is less feature-rich compared to nanoid and does not provide the same level of customization or security.
Nano ID
A tiny, secure URL-friendly unique string ID generator for JavaScript.
var nanoid = require('nanoid')
model.id = nanoid()
Safe. It uses cryptographically strong random APIs
and guarantees a proper distribution of symbols.
Small. Only 181 bytes (minified and gzipped). No dependencies.
It uses Size Limit to control size.
Compact. It uses more symbols than UUID (A-Za-z0-9_~
)
and has the same number of unique options in just 22 symbols instead of 36.
The generator supports Node.js and all browsers starting from IE 11.
Security
See a good article about random generators theory:
Secure random values (in Node.js)
Unpredictability
Instead of unsafe Math.random()
Nano ID uses crypto
module in Node.js
and Web Crypto API in browsers.
Uniformity
random % alphabet
is a popular mistake to make when coding an ID generator.
The spread will not be even; there will be a lower chance for some symbols
to appear compared to others—so it will reduce the number of tries
when brute-forcing.
Nano ID uses a better algorithm and tests uniformity:
Comparison with UUID
Nano ID is similar to UUID v4 (random-based). It uses same number of random bits
in ID, so it has same collision probability:
For there to be a one in a billion chance of duplication,
103 trillion version 4 IDs must be generated.
There are only 2 differences between Nano ID and UUID v4:
- Nano ID uses bigger alphabet for ID, so same random bits
are packed just in 22 symbols instead of 36.
- Code of Nano ID has 2 times smaller size compare to
uuid/v4
package:
181 bytes instead of 435.
Usage
Normal
The main module uses URL-friendly symbols (A-Za-z0-9_~
) and returns an ID
with 22 characters (to have the same collisions probability as UUID v4).
var nanoid = require('nanoid')
model.id = nanoid()
Symbols -,.()
are not encoded in URL, but in the end of a link
they could be identified as a punctuation symbol.
If you want to reduce ID length (and increase collisions probability),
you can pass length as argument:
nanoid(10)
Custom Alphabet or Length
If you want to change the ID alphabet or the length
you can use low-level generate
module.
var generate = require('nanoid/generate')
model.id = generate('1234567890abcdef', 10)
Alphabet must contain less than 256 symbols.
Custom Random Bytes Generator
You can replace the default safe random generator using the format
module.
For instance, to use seed-based generator.
var format = require('nanoid/format')
function random (size) {
var result = []
for (var i = 0; i < size; i++) result.push(randomByte())
return result
}
format(random, "abcdef", 10)
random
callback must accept the array size and return an array
with random numbers.
If you want to use the same URL-friendly symbols with format
,
you can get default alphabet from the url
module:
var url = require('nanoid/url')
format(random, url, 10)