Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Amazingly short non-sequential url-friendly unique id generator.
ShortId creates amazingly short non-sequential url-friendly unique ids. Perfect for url shorteners, MongoDB and Redis ids, and any other id users might see.
A-Z
, a-z
, 0-9
, _-
cluster
(automatically), custom seeds, custom alphabet.ShortId does not generate cryptographically secure ids, so don't rely on it to make IDs which are impossible to guess.
var shortid = require('shortid');
console.log(shortid.generate());
// PPBqWA9
Mongoose Unique Id
_id: {
'type': String,
'default': shortid.generate
},
The best way to use shortid
in the browser is via browserify or webpack.
These tools will automatically only include the files necessary for browser compatibility.
All tests will run in the browser as well:
## build the bundle, then open Mocha in a browser to see the tests run.
$ grunt build open
~/projects/shortid ❯ node examples/examples.js
eWRhpRV
23TplPdS
46Juzcyx
dBvJIh-H
2WEKaVNO
7oet_d9Z
dogPzIz8
nYrnfYEv
a4vhAoFG
hwX6aOr7
shortId
was created for Node Knockout 2011 winner for Most Fun Doodle Or Die.
Millions of doodles have been saved with shortId
filenames. Every log message gets a shortId
to make it easy
for us to look up later.
Here are some other projects that use shortId:
var shortid = require('shortid');
shortid.generate()
Returns string
non-sequential unique id.
Example
users.insert({
_id: shortid.generate(),
name: '...',
email: '...'
});
shortid.characters(string)
Default: '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_'
Returns new alphabet as a string
Recommendation: If you don't like _ or -, you can to set new characters to use.
Optional
Change the characters used.
You must provide a string of all 64 unique characters. Order is not important.
The default characters provided were selected because they are url safe.
Example
// use $ and @ instead of - and _
shortid.characters('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$@');
// any 64 unicode characters work, but I wouldn't recommend this.
shortid.characters('ⒶⒷⒸⒹⒺⒻⒼⒽⒾⒿⓀⓁⓂⓃⓄⓅⓆⓇⓈⓉⓊⓋⓌⓍⓎⓏⓐⓑⓒⓓⓔⓕⓖⓗⓘⓙⓚⓛⓜⓝⓞⓟⓠⓡⓢⓣⓤⓥⓦⓧⓨⓩ①②③④⑤⑥⑦⑧⑨⑩⑪⑫');
shortid.isValid(id)
Returns boolean
Check to see if an id is a valid shortid
. Note: This only means the id could have been generated by shortid
, it doesn't guarantee it.
Example
shortid.isValid('41XTDbE');
// true
shortid.isValid('i have spaces');
// false
shortid.worker(integer)
Default: process.env.NODE_UNIQUE_ID || 0
Recommendation: You typically won't want to change this.
Optional
If you are running multiple server processes then you should make sure every one has a unique worker
id. Should be an integer between 0 and 16.
If you do not do this there is very little chance of two servers generating the same id, but it is theoretically possible
if both are generated in the exact same second and are generating the same number of ids that second and a half-dozen random numbers are all exactly the same.
Example
shortid.worker(1);
shortid.seed(integer)
Default: 1
Recommendation: You typically won't want to change this.
Optional
Choose a unique value that will seed the random number generator so users won't be able to figure out the pattern of the unique ids. Call it just once in your application before using shortId
and always use the same value in your application.
Most developers won't need to use this, it's mainly for testing ShortId.
If you are worried about users somehow decrypting the id then use it as a secret value for increased encryption.
Example
shortid.seed(1000);
Hi! Thanks for checking out this project! My name is Dylan Greene. When not overwhelmed with my two young kids I enjoy contributing to the open source community. I'm also a tech lead at Opower.
Here's some of my other Node projects:
Name | Description | npm Downloads |
---|---|---|
npm‑check | Check for outdated, incorrect, and unused dependencies. | |
grunt‑notify | Automatic desktop notifications for Grunt errors and warnings. Supports OS X, Windows, Linux. | |
space‑hogs | Discover surprisingly large directories from the command line. | |
rss | RSS feed generator. Add RSS feeds to any project. Supports enclosures and GeoRSS. | |
grunt‑prompt | Interactive prompt for your Grunt config using console checkboxes, text input with filtering, password fields. | |
xml | Fast and simple xml generator. Supports attributes, CDATA, etc. Includes tests and examples. | |
changelog | Command line tool (and Node module) that generates a changelog in color output, markdown, or json for modules in npmjs.org's registry as well as any public github.com repo. | |
grunt‑attention | Display attention-grabbing messages in the terminal | |
observatory | Beautiful UI for showing tasks running on the command line. | |
anthology | Module information and stats for any @npmjs user | |
grunt‑cat | Echo a file to the terminal. Works with text, figlets, ascii art, and full-color ansi. |
This list was generated using anthology.
Copyright (c) 2016 Dylan Greene, contributors.
Released under the MIT license.
Screenshots are CC BY-SA (Attribution-ShareAlike).
2.2.12
FAQs
Amazingly short non-sequential url-friendly unique id generator.
The npm package shortid receives a total of 822,106 weekly downloads. As such, shortid popularity was classified as popular.
We found that shortid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.