# Nano ID
**English** | [日本語](./README.ja.md) | [Русский](./README.ru.md) | [简体中文](./README.zh-CN.md) | [Bahasa Indonesia](./README.id-ID.md) | [한국어](./README.ko.md) | [العربية](./README.ar.md)
A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
> “An amazing level of senseless perfectionism,
> which is simply impossible not to respect.”
- **Small.** 118 bytes (minified and brotlied). No dependencies.
[Size Limit] controls the size.
- **Fast.** 50% faster than native `crypto.randomUUID()`.
- **Safe.** It uses hardware random generator. Can be used in clusters.
- **Short IDs.** It uses a larger alphabet than UUID (`A-Za-z0-9_-`).
So ID size was reduced from 36 to 21 symbols.
- **Portable.** Nano ID was ported
to over [20 programming languages](./README.md#other-programming-languages).
```js
import { nanoid } from 'nanoid'
model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"
```
---
Made at Evil Martians, product consulting for developer tools.
---
[Size Limit]: https://github.com/ai/size-limit
## Table of Contents
- [Table of Contents](#table-of-contents)
- [Comparison with UUID](#comparison-with-uuid)
- [Benchmark](#benchmark)
- [Security](#security)
- [Install](#install)
- [JSR](#jsr)
- [CDN](#cdn)
- [API](#api)
- [Custom Alphabet or Size](#custom-alphabet-or-size)
- [Custom Random Bytes Generator](#custom-random-bytes-generator)
- [Non-Secure](#non-secure)
- [Usage](#usage)
- [React](#react)
- [React Native](#react-native)
- [PouchDB and CouchDB](#pouchdb-and-couchdb)
- [CLI](#cli)
- [TypeScript](#typescript)
- [Other Programming Languages](#other-programming-languages)
- [Tools](#tools)
## Comparison with UUID
Nano ID is quite comparable to UUID v4 (random-based).
It has a similar number of random bits in the ID
(126 in Nano ID and 122 in UUID), so it has a similar collision probability:
> For there to be a one in a billion chance of duplication,
> 103 trillion version 4 IDs must be generated.
There are two main differences between Nano ID and UUID v4:
1. Nano ID uses a bigger alphabet, so a similar number of random bits
are packed in just 21 symbols instead of 36.
2. Nano ID is faster than `crypto.randomUUID` and `uuid/v4`.
## Benchmark
```rust
$ node ./test/benchmark.js
nope-id 20,386,830 ops/sec
nanoid 20,434,827 ops/sec
customAlphabet 20,544,476 ops/sec
crypto.randomUUID 12,865,759 ops/sec
uuid v4 7,930,104 ops/sec
@napi-rs/uuid 5,573,171 ops/sec
uid/secure 6,308,267 ops/sec
@lukeed/uuid 5,278,597 ops/sec
nanoid for browser 311,497 ops/sec
secure-random-string 301,667 ops/sec
uid-safe.sync 297,815 ops/sec
Non-secure:
uid 20,286,757 ops/sec
nanoid/non-secure 2,397,594 ops/sec
rndm 2,445,462 ops/sec
```
## Security
_See a good article about random generators theory:
[Secure random values (in Node.js)]_
- **Unpredictability.** Instead of using the unsafe `Math.random()`, Nano ID
uses the `crypto` module in Node.js and the Web Crypto API in browsers.
These modules use unpredictable hardware random generator.
- **Uniformity.** `random % alphabet` is a popular mistake to make when coding
an ID generator. The distribution will not be even; there will be a lower
chance for some symbols to appear compared to others. So, it will reduce
the number of tries when brute-forcing. Nano ID uses a [better algorithm]
and is tested for uniformity.
- **Well-documented:** all Nano ID hacks are documented. See comments
in [the source].
- **Vulnerabilities:** to report a security vulnerability, please use
the [Tidelift security contact](https://tidelift.com/security).
Tidelift will coordinate the fix and disclosure.
[Secure random values (in Node.js)]: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba
[better algorithm]: https://github.com/ai/nanoid/blob/main/index.js
[the source]: https://github.com/ai/nanoid/blob/main/index.js
## Install
```bash
npm install nanoid
```
### JSR
[JSR](https://jsr.io) is a replacement for npm with open governance
and active development (in contrast to npm).
```bash
npx jsr add @sitnik/nanoid
```
You can use it in Node.js, Deno, Bun, etc.
```js
// Replace `nanoid` to `@sitnik/nanoid` in all imports
import { nanoid } from '@sitnik/nanoid'
```
For Deno install it by `deno add jsr:@sitnik/nanoid` or import
from `jsr:@sitnik/nanoid`.
### CDN
For quick hacks, you can load Nano ID from CDN. Though, it is not recommended
to be used in production because of the lower loading performance.
```js
import { nanoid } from 'https://cdn.jsdelivr.net/npm/nanoid/nanoid.js'
```
## API
By default, Nano ID uses URL-friendly symbols (`A-Za-z0-9_-`) and returns an ID
with 21 characters (to have a collision probability similar to UUID v4).
```js
import { nanoid } from 'nanoid'
model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"
```
If you want to reduce the ID size (and increase collisions probability),
you can pass the size as an argument.
```js
nanoid(10) //=> "IRFa-VaY2b"
```
Don’t forget to check the safety of your ID size
in our [ID collision probability] calculator.
You can also use a [custom alphabet](#custom-alphabet-or-size)
or a [random generator](#custom-random-bytes-generator).
[ID collision probability]: https://zelark.github.io/nano-id-cc/
### Custom Alphabet or Size
`customAlphabet` returns a function that allows you to create `nanoid`
with your own alphabet and ID size.
```js
import { customAlphabet } from 'nanoid'
const nanoid = customAlphabet('1234567890abcdef', 10)
model.id = nanoid() //=> "4f90d13a42"
```
```js
import { customAlphabet } from 'nanoid/non-secure'
const nanoid = customAlphabet('1234567890abcdef', 10)
user.id = nanoid()
```
Check the safety of your custom alphabet and ID size in our
[ID collision probability] calculator. For more alphabets, check out the options
in [`nanoid-dictionary`].
Alphabet must contain 256 symbols or less.
Otherwise, the security of the internal generator algorithm is not guaranteed.
In addition to setting a default size, you can change the ID size when calling
the function:
```js
import { customAlphabet } from 'nanoid'
const nanoid = customAlphabet('1234567890abcdef', 10)
model.id = nanoid(5) //=> "f01a2"
```
[`nanoid-dictionary`]: https://github.com/CyberAP/nanoid-dictionary
### Custom Random Bytes Generator
`customRandom` allows you to create a `nanoid` and replace alphabet
and the default random bytes generator.
In this example, a seed-based generator is used:
```js
import { customRandom } from 'nanoid'
const rng = seedrandom(seed)
const nanoid = customRandom('abcdef', 10, size => {
return new Uint8Array(size).map(() => 256 * rng())
})
nanoid() //=> "fbaefaadeb"
```
`random` callback must accept the array size and return an array
with random numbers.
If you want to use the same URL-friendly symbols with `customRandom`,
you can get the default alphabet using the `urlAlphabet`.
```js
import { customRandom, urlAlphabet } from 'nanoid'
const nanoid = customRandom(urlAlphabet, 10, random)
```
Note, that between Nano ID versions we may change random generator
call sequence. If you are using seed-based generators, we do not guarantee
the same result.
### Non-Secure
Nano ID uses hardware random bytes generation for security and low collision
probability. If you are not so concerned with security, you can use it
for environments without hardware random generators.
```js
import { nanoid } from 'nanoid/non-secure'
const id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqLJ"
```
Note, that non-secure version is _slower_ than secure.
Use it only if you have to.
## Usage
### React
There’s no correct way to use Nano ID for React `key` prop
since it should be consistent among renders.
```jsx
function Todos({ todos }) {
return (