Nano ID — Tiny Secure URL-Friendly Unique ID Generator

Introduction

Nano ID generates compact, URL-friendly, cryptographically secure unique identifiers in JavaScript. At only 118 bytes (minified and gzipped), it replaces UUID v4 in scenarios where shorter, safer IDs matter — from database primary keys to session tokens.

What Nano ID Does

• Generates 21-character unique string IDs by default using a URL-safe alphabet (A-Za-z0-9_-)
• Uses the Web Crypto API (or Node.js crypto) for true randomness, avoiding Math.random pitfalls
• Supports custom alphabets and ID lengths for domain-specific needs
• Provides a non-secure variant for performance-critical paths where collision risk is acceptable
• Ships as an ES module with zero dependencies, keeping bundle size minimal

Architecture Overview

Nano ID relies on a uniform distribution algorithm that maps random bytes onto a custom alphabet without modulo bias. The default alphabet contains 64 characters, so each character encodes 6 bits of entropy — a 21-character ID provides 126 bits, exceeding UUID v4's 122 bits. The library detects its runtime (browser vs. Node.js vs. Deno) and selects the appropriate cryptographic random source automatically.

Self-Hosting & Configuration

• Install via npm, pnpm, or yarn — no native addons needed
• Import from 'nanoid' (secure) or 'nanoid/non-secure' (faster, no crypto)
• Set a custom size: nanoid(10) for 10-character IDs
• Use customAlphabet to define project-specific character sets (e.g., lowercase only)
• Works in Node.js 18+, all modern browsers, Deno, Bun, and Cloudflare Workers

Key Features

• 118 bytes gzipped — smallest secure ID generator available
• Cryptographically strong random values by default
• No modulo bias thanks to a rejection-sampling approach over the alphabet
• Fully tree-shakeable ES module with named exports
• Over 26,000 GitHub stars and 60 million weekly npm downloads

Comparison with Similar Tools

• uuid — generates RFC-4122 compliant 36-character strings; Nano ID is shorter and URL-safe by default
• cuid2 — collision-resistant and sortable; Nano ID is smaller and does not require monotonic ordering
• shortid — deprecated due to predictability; Nano ID uses crypto-safe randomness
• ulid — time-sorted 26-character IDs; Nano ID is not time-ordered but more compact
• crypto.randomUUID() — native and fast for UUID v4; Nano ID wins on length and custom alphabets

FAQ

Q: Is Nano ID safe for database primary keys? A: Yes. With 21 characters at 64-symbol alphabet, the probability of collision is negligible even at billions of IDs, comparable to UUID v4.

Q: Can I make IDs shorter? A: Yes, pass a length argument like nanoid(12). Shorter IDs raise collision probability, so size it according to your dataset scale.

Q: Does it work in edge runtimes? A: It works in Cloudflare Workers, Deno Deploy, Vercel Edge Functions, and any environment exposing the Web Crypto API.

Q: How does performance compare to UUID? A: Nano ID benchmarks slightly slower than crypto.randomUUID() in Node.js but remains under 1 microsecond per call — fast enough for virtually all workloads.

Sources

• https://github.com/ai/nanoid
• https://zelark.github.io/nano-id-cc/