Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
UUID can be suboptimal for many uses-cases because:
Instead, herein is proposed ULID:
npm install --save ulid
TypeScript, ES6+, Babel, Webpack, Rollup, etc.. environments
import { ulid } from 'ulid'
ulid() // 01ARZ3NDEKTSV4RRFFQ69G5FAV
CommonJS environments
const ULID = require('ulid')
ULID.ulid()
AMD (RequireJS) environments
define(['ULID'] , function (ULID) {
ULID.ulid()
});
Browser
<script src="/path/to/ulid.js"></script>
<script>
ULID.ulid()
</script>
To generate a ULID, simply run the function!
import { ulid } from 'ulid'
ulid() // 01ARZ3NDEKTSV4RRFFQ69G5FAV
You can also input a seed time which will consistently give you the same string for the time component. This is useful for migrating to ulid.
ulid(1469918176385) // 01ARYZ6S41TSV4RRFFQ69G5FAV
To generate monotonically increasing ULIDs, create a monotonic counter.
Note that the same seed time is being passed in for this example to demonstrate its behaviour when generating multiple ULIDs within the same millisecond
import { monotonicFactory } from 'ulid'
const ulid = monotonicFactory()
// Strict ordering for the same timestamp, by incrementing the least-significant random bit by 1
ulid(150000) // 000XAL6S41ACTAV9WEVGEMMVR8
ulid(150000) // 000XAL6S41ACTAV9WEVGEMMVR9
ulid(150000) // 000XAL6S41ACTAV9WEVGEMMVRA
ulid(150000) // 000XAL6S41ACTAV9WEVGEMMVRB
ulid(150000) // 000XAL6S41ACTAV9WEVGEMMVRC
// Even if a lower timestamp is passed (or generated), it will preserve sort order
ulid(100000) // 000XAL6S41ACTAV9WEVGEMMVRD
ulid
automatically detects a suitable (cryptographically-secure) PRNG. In the browser it will use crypto.getRandomValues
and on node it will use crypto.randomBytes
.
Math.random
By default, ulid
will not use Math.random
, because that is insecure. To allow the use of Math.random
, you'll have to use factory
and detectPrng
.
import { factory, detectPrng } from 'ulid'
const prng = detectPrng(true) // pass `true` to allow insecure
const ulid = factory(prng)
ulid() // 01BXAVRG61YJ5YSBRM51702F6M
To use your own pseudo-random number generator, import the factory, and pass it your generator function.
import { factory } from 'ulid'
import prng from 'somewhere'
const ulid = factory(prng)
ulid() // 01BXAVRG61YJ5YSBRM51702F6M
You can also pass in a prng
to the monotonicFactory
function.
import { monotonicFactory } from 'ulid'
import prng from 'somewhere'
const ulid = monotonicFactory(prng)
ulid() // 01BXAVRG61YJ5YSBRM51702F6M
Refer to ulid/spec
Refer to ulid/spec
npm test
npm run perf
ulid
336,331,131 op/s » encodeTime
102,041,736 op/s » encodeRandom
17,408 op/s » generate
Suites: 1
Benches: 3
Elapsed: 7,285.75 ms
FAQs
A universally-unique, lexicographically-sortable, identifier generator
The npm package ulid receives a total of 791,963 weekly downloads. As such, ulid popularity was classified as popular.
We found that ulid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.