nanoid 1.3.4 → 2.0.3

package/CHANGELOG.md

@@ -1,6 +1,20 @@
 # Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 2.0.3
+* Fix freeze on string in ID length.
+
+## 2.0.2
+* Improve docs (by Sylvanus Kateile and Mark Stosberg).
+
+## 2.0.1
+* Reduce npm package size.
+* Mark package as not having side effects (by @xiaody).
+
+## 2.0
+* Use `-` instead of `~` in default alphabet to by file name safe.
+* Add `nanoid/non-secure/generate`.
+
 ## 1.3.4
 * Reduce `non-secure` size.
 * Add `async` callback type check.

package/README.md

@@ -5,17 +5,17 @@
 
 A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
 
-* **Small.** 142 bytes (minified and gzipped). No dependencies.
-It uses [Size Limit] to control size.
+* **Small.** 141 bytes (minified and gzipped). No dependencies.
+[Size Limit] controls the size.
 * **Safe.** It uses cryptographically strong random APIs
 and tests distribution of symbols.
 * **Fast.** It’s 16% faster than UUID.
-* **Compact.** It uses a larger alphabet than UUID (`A-Za-z0-9_~`).
+* **Compact.** It uses a larger alphabet than UUID (`A-Za-z0-9_-`).
 So ID size was reduced from 36 to 21 symbols.
 
 ```js
 var nanoid = require('nanoid')
-model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B~myT"
+model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"
 ```
 
 The generator supports Node.js, React Native, and [all browsers].
@@ -29,6 +29,47 @@ The generator supports Node.js, React Native, and [all browsers].
 </a>
 
 
+## Comparison with UUID
+
+Nano ID is quite comparable to UUID v4 (random-based).
+It has a similar number of random bits in the ID
+(126 in Nano ID and 122 in UUID), so it has a similar collision probability:
+
+> For there to be a one in a billion chance of duplication,
+> 103 trillion version 4 IDs must be generated.
+
+There are three main differences between Nano ID and UUID v4:
+
+1. Nano ID uses a bigger alphabet, so a similar number of random bits
+   are packed in just 21 symbols instead of 36.
+2. Nano ID code is 3 times less than `uuid/v4` package:
+   141 bytes instead of 435.
+3. Because of memory allocation tricks, Nano ID 16% faster than UUID.
+
+
+## Benchmark
+
+```rust
+$ ./test/benchmark
+nanoid                    693,132 ops/sec
+nanoid/generate           624,291 ops/sec
+uid.sync                  487,706 ops/sec
+uuid/v4                   471,299 ops/sec
+secure-random-string      448,386 ops/sec
+shortid                    66,809 ops/sec
+
+Async:
+nanoid/async              105,024 ops/sec
+nanoid/async/generate     106,682 ops/sec
+secure-random-string       94,217 ops/sec
+uid                        92,026 ops/sec
+
+Non-secure:
+nanoid/non-secure       2,555,814 ops/sec
+rndm                    2,413,565 ops/sec
+```
+
+
 ## Security
 
 *See a good article about random generators theory:
@@ -58,64 +99,56 @@ Nano ID uses a [better algorithm] and is tested for uniformity.
 [better algorithm]: https://github.com/ai/nanoid/blob/master/format.js
 
 
-## Comparison with UUID
-
-Nano ID is quite comparable to UUID v4 (random-based).
-It has a similar number of random bits in the ID
-(126 in Nano ID and 122 in UUID), so it has a similar collision probability:
-
-> For there to be a one in a billion chance of duplication,
-> 103 trillion version 4 IDs must be generated.
+## Tools
 
-There are two main differences between Nano ID and UUID v4:
+* [ID size calculator] to choice smaller ID size depends on your case.
+* [`nanoid-dictionary`] with popular alphabets to use with `nanoid/generate`.
+* [`nanoid-cli`] to generate ID from CLI.
+* [`nanoid-good`] to be sure that your ID doesn't contain any obscene words.
 
-1. Nano ID uses a bigger alphabet, so a similar number of random bits
-   are packed in just 21 symbols instead of 36.
-2. Nano ID code is 3 times less than `uuid/v4` package:
-   142 bytes instead of 435.
+[`nanoid-dictionary`]: https://github.com/CyberAP/nanoid-dictionary
+[ID size calculator]:  https://zelark.github.io/nano-id-cc/
+[`nanoid-cli`]:        https://github.com/twhitbeck/nanoid-cli
+[`nanoid-good`]:       https://github.com/y-gagar1n/nanoid-good
 
 
-## Benchmark
+## Other Programming Languages
 
-```rust
-$ ./test/benchmark
-nanoid                    413,579 ops/sec
-nanoid/generate           401,349 ops/sec
-uid.sync                  354,882 ops/sec
-uuid/v4                   353,836 ops/sec
-shortid                    39,152 ops/sec
+* [C#](https://github.com/codeyu/nanoid-net)
+* [Clojure and ClojureScript](https://github.com/zelark/nano-id)
+* [Crystal](https://github.com/mamantoha/nanoid.cr)
+* [Dart](https://github.com/pd4d10/nanoid)
+* [Go](https://github.com/matoous/go-nanoid)
+* [Elixir](https://github.com/railsmechanic/nanoid)
+* [Haskell](https://github.com/4e6/nanoid-hs)
+* [Java](https://github.com/aventrix/jnanoid)
+* [Nim](https://github.com/icyphox/nanoid.nim)
+* [PHP](https://github.com/hidehalo/nanoid-php)
+* [Python](https://github.com/puyuan/py-nanoid) with [dictionaries](https://github.com/aidarkhanov/py-nanoid-dictionary)
+* [Ruby](https://github.com/radeno/nanoid.rb)
+* [Rust](https://github.com/nikolay-govorov/nanoid)
+* [Swift](https://github.com/antiflasher/NanoID)
 
-Async:
-nanoid/async               85,168 ops/sec
-nanoid/async/generate      81,037 ops/sec
-uid                        78,426 ops/sec
+Also, [CLI tool] is available to generate IDs from a command line.
 
-Non-secure:
-nanoid/non-secure       2,718,186 ops/sec
-rndm                    2,544,612 ops/sec
-```
+[CLI tool]: https://github.com/twhitbeck/nanoid-cli
 
 
 ## Usage
 
-### Normal
-
-The main module uses URL-friendly symbols (`A-Za-z0-9_~`) and returns an ID
+The main module uses URL-friendly symbols (`A-Za-z0-9_-`) and returns an ID
 with 21 characters (to have a collision probability similar to UUID v4).
 
 ```js
 const nanoid = require('nanoid')
-model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqLJ"
+model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqLJ"
 ```
 
-Symbols `-,.()` are not encoded in the URL. If used at the end of a link
-they could be identified as a punctuation symbol.
-
 If you want to reduce ID length (and increase collisions probability),
 you can pass the length as an argument.
 
 ```js
-nanoid(10) //=> "IRFa~VaY2b"
+nanoid(10) //=> "IRFa-VaY2b"
 ```
 
 Don’t forget to check the safety of your ID length
@@ -123,6 +156,30 @@ in our [ID collision probability] calculator.
 
 [ID collision probability]: https://zelark.github.io/nano-id-cc/
 
+### React
+
+**Do not** use a nanoid for `key` prop. In React `key` should be consistence
+between renders. This is bad code:
+
+```jsx
+<Item key={nanoid()} /> /* DON’T DO IT */
+```
+
+This is good code. Note, that we added `"input"` string in front of `id`,
+because Nano ID could be started from number. HTML ID can’t be started
+from the number.
+
+```jsx
+  id = 'input' + nanoid()
+
+  render () {
+    return <>
+      <label htmlFor={this.id}>Label text</label>
+      <input id={this.id} type="text"/>
+    </>;
+  }
+}
+```
 
 ### React Native
 
@@ -142,6 +199,18 @@ async function createUser () {
 [a native random generator]: https://github.com/rh389/react-native-securerandom
 
 
+### Mongoose
+
+```js
+const mySchema = new Schema({
+  _id: {
+    type: String,
+    default: () => nanoid(10)
+  }
+})
+```
+
+
 ### Web Workers
 
 Web Workers don’t have access to a secure random generator.
@@ -154,11 +223,11 @@ you can use non‑secure ID generator.
 
 ```js
 const nanoid = require('nanoid/non-secure')
-model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqLJ"
+model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqLJ"
 ```
 
 
-## Async
+### Async
 
 To generate hardware random bytes, CPU will collect electromagnetic noise.
 During the collection, CPU doesn’t work.
@@ -178,7 +247,7 @@ Unfortunately, you will not have any benefits in a browser, since Web Crypto A
 doesn’t have asynchronous API.
 
 
-## Custom Alphabet or Length
+### Custom Alphabet or Length
 
 If you want to change the ID's alphabet or length
 you can use the low-level `generate` module.
@@ -195,7 +264,7 @@ You can find popular alphabets in [`nanoid-dictionary`].
 Alphabet must contain 256 symbols or less.
 Otherwise, the generator will not be secure.
 
-Asynchronous API is also available:
+Asynchronous and non-secure API is also available:
 
 ```js
 const generate = require('nanoid/async/generate')
@@ -204,11 +273,17 @@ async function createUser () {
 }
 ```
 
+```js
+const generate = require('nanoid/non-secure/generate')
+
+user.id = generate('1234567890abcdef', 10)
+```
+
 [ID collision probability]: https://alex7kom.github.io/nano-nanoid-cc/
 [`nanoid-dictionary`]:      https://github.com/CyberAP/nanoid-dictionary
 
 
-## Custom Random Bytes Generator
+### Custom Random Bytes Generator
 
 You can replace the default safe random generator using the `format` module.
 For instance, to use a seed-based generator.
@@ -252,38 +327,3 @@ async function createUser () {
   user.id = await format(random, url, 10)
 }
 ```
-
-
-## Tools
-
-* [ID size calculator] to choice smaller ID size depends on your case.
-* [`nanoid-dictionary`] with popular alphabets to use with `nanoid/generate`.
-* [`nanoid-cli`] to generate ID from CLI.
-* [`nanoid-good`] to be sure that your ID doesn't contain any obscene words.
-
-[`nanoid-dictionary`]: https://github.com/CyberAP/nanoid-dictionary
-[ID size calculator]:  https://zelark.github.io/nano-id-cc/
-[`nanoid-cli`]:        https://github.com/twhitbeck/nanoid-cli
-[`nanoid-good`]:       https://github.com/y-gagar1n/nanoid-good
-
-
-## Other Programming Languages
-
-* [C#](https://github.com/codeyu/nanoid-net)
-* [Clojure and ClojureScript](https://github.com/zelark/nano-id)
-* [Crystal](https://github.com/mamantoha/nanoid.cr)
-* [Dart](https://github.com/pd4d10/nanoid)
-* [Go](https://github.com/matoous/go-nanoid)
-* [Elixir](https://github.com/railsmechanic/nanoid)
-* [Haskell](https://github.com/4e6/nanoid-hs)
-* [Java](https://github.com/aventrix/jnanoid)
-* [Nim](https://github.com/icyphox/nanoid.nim)
-* [PHP](https://github.com/hidehalo/nanoid-php)
-* [Python](https://github.com/puyuan/py-nanoid)
-* [Ruby](https://github.com/radeno/nanoid.rb)
-* [Rust](https://github.com/nikolay-govorov/nanoid)
-* [Swift](https://github.com/antiflasher/NanoID)
-
-Also, [CLI tool] is available to generate IDs from a command line.
-
-[CLI tool]: https://github.com/twhitbeck/nanoid-cli

package/async/format.js

@@ -31,6 +31,7 @@
 module.exports = function (random, alphabet, size) {
   var mask = (2 << Math.log(alphabet.length - 1) / Math.LN2) - 1
   var step = Math.ceil(1.6 * mask * size / alphabet.length)
+  size = +size
 
   function tick (id) {
     return random(step).then(function (bytes) {

package/async/index.browser.js

@@ -1,10 +1,10 @@
 var crypto = self.crypto || self.msCrypto
 
 /*
- * This alphabet uses a-z A-Z 0-9 _~ symbols.
+ * This alphabet uses a-z A-Z 0-9 _- symbols.
  * Symbols order was changed for better gzip compression.
  */
-var url = 'ModuleSymbhasOwnPr0123456789ABCDEFGHIJKLNQRTUVWXYZ_cfgijkpqtvxz~'
+var url = 'Uint8ArModuleSymbhasOw-012345679BCDEFGHIJKLNPQRTVWXYZ_cfgjkpqvxz'
 
 module.exports = function (size) {
   size = size || 21

package/async/index.js

@@ -1,16 +1,6 @@
-var crypto = require('crypto')
-
+var random = require('./random')
 var url = require('../url')
 
-var random
-if (crypto.randomFill) {
-  random = function (bytes, callback) {
-    return crypto.randomFill(Buffer.allocUnsafe(bytes), callback)
-  }
-} else {
-  random = crypto.randomBytes
-}
-
 /**
  * Generate secure URL-friendly unique ID. Non-blocking version.
  *
@@ -18,7 +8,6 @@ if (crypto.randomFill) {
  * to UUID v4.
  *
  * @param {number} [size=21] The number of symbols in ID.
- * @param {function} [callback] for environments without `Promise`.
  *
  * @return {Promise} Promise with random string.
  *
@@ -31,41 +20,13 @@ if (crypto.randomFill) {
  * @name async
  * @function
  */
-module.exports = function (size, callback, attempt) {
+module.exports = function (size) {
   size = size || 21
-
-  if (!callback) {
-    if (typeof Promise !== 'function') {
-      throw new TypeError('Function callback is required')
-    }
-    return new Promise(function (resolve, reject) {
-      module.exports(size, function (error, id) {
-        if (error) {
-          reject(error)
-        } else {
-          resolve(id)
-        }
-      })
-    })
-  } else if (typeof callback !== 'function') {
-    throw new TypeError('Callback is not a function')
-  }
-
-  random(size, function (err, bytes) {
-    if (err) {
-      if (typeof attempt === 'undefined') attempt = 3
-      attempt -= 1
-      if (attempt === 0) {
-        callback(err)
-      } else {
-        setTimeout(module.exports.bind(null, size, callback, attempt), 10)
-      }
-    } else {
-      var id = ''
-      while (0 < size--) {
-        id += url[bytes[size] & 63]
-      }
-      callback(null, id)
+  return random(size).then(function (bytes) {
+    var id = ''
+    while (0 < size--) {
+      id += url[bytes[size] & 63]
     }
+    return id
   })
 }

package/format.js

@@ -29,6 +29,7 @@
 module.exports = function (random, alphabet, size) {
   var mask = (2 << Math.log(alphabet.length - 1) / Math.LN2) - 1
   var step = Math.ceil(1.6 * mask * size / alphabet.length)
+  size = +size
 
   var id = ''
   while (true) {

package/index.browser.js

@@ -10,10 +10,10 @@ if (process.env.NODE_ENV !== 'production') {
 var crypto = self.crypto || self.msCrypto
 
 /*
- * This alphabet uses a-z A-Z 0-9 _~ symbols.
+ * This alphabet uses a-z A-Z 0-9 _- symbols.
  * Symbols order was changed for better gzip compression.
  */
-var url = 'Uint8ArdomValuesObj012345679BCDEFGHIJKLMNPQRSTWXYZ_cfghkpqvwxyz~'
+var url = 'Uint8ArdomValuesObj012345679BCDEFGHIJKLMNPQRSTWXYZ_cfghkpqvwxyz-'
 
 module.exports = function (size) {
   size = size || 21

package/index.js

@@ -13,31 +13,17 @@ var url = require('./url')
  *
  * @example
  * const nanoid = require('nanoid')
- * model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqL"
+ * model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqL"
  *
  * @name nanoid
  * @function
  */
-module.exports = function (size, attempt) {
+module.exports = function (size) {
   size = size || 21
-
-  var bytes
-  try {
-    bytes = random(size)
-  } catch (e) {
-    if (typeof attempt === 'undefined') attempt = 3
-    attempt -= 1
-    if (attempt === 0) {
-      throw e
-    } else {
-      return module.exports(size, attempt)
-    }
-  }
-
+  var bytes = random(size)
   var id = ''
   while (0 < size--) {
     id += url[bytes[size] & 63]
   }
-
   return id
 }

package/non-secure/generate.js

@@ -0,0 +1,27 @@
+/**
+ * Generate URL-friendly unique ID. This method use non-secure predictable
+ * random generator.
+ *
+ * By default, ID will have 21 symbols to have a collision probability similar
+ * to UUID v4.
+ *
+ * @param {string} alphabet Symbols to be used in ID.
+ * @param {number} [size=21] The number of symbols in ID.
+ *
+ * @return {string} Random string.
+ *
+ * @example
+ * const nanoid = require('nanoid/non-secure')
+ * model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqL"
+ *
+ * @name nonSecure
+ * @function
+ */
+module.exports = function (alphabet, size) {
+  size = size || 21
+  var id = ''
+  while (0 < size--) {
+    id += alphabet[Math.random() * alphabet.length | 0]
+  }
+  return id
+}

package/{non-secure.js → non-secure/index.js}

@@ -1,4 +1,4 @@
-var url = 'bjectxporhasOwnP0123456789ABCDEFGHIJKLMNQRSTUVWXYZ_dfgiklmquvyz~'
+var url = 'bjectSymhasOwnProp-0123456789ABCDEFGHIJKLMNQRTUVWXYZ_dfgiklquvxz'
 
 /**
  * Generate URL-friendly unique ID. This method use non-secure predictable
@@ -13,7 +13,7 @@ var url = 'bjectxporhasOwnP0123456789ABCDEFGHIJKLMNQRSTUVWXYZ_dfgiklmquvyz~'
  *
  * @example
  * const nanoid = require('nanoid/non-secure')
- * model.id = nanoid() //=> "Uakgb_J5m9g~0JDMbcJqL"
+ * model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqL"
  *
  * @name nonSecure
  * @function

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nanoid",
-  "version": "1.3.4",
-  "description": "A tiny (143 bytes), secure URL-friendly unique string ID generator",
+  "version": "2.0.3",
+  "description": "A tiny (141 bytes), secure URL-friendly unique string ID generator",
   "keywords": [
     "uuid",
     "random",
@@ -17,9 +17,5 @@
     "./async/index.js": "./async/index.browser.js",
     "./async/random.js": "./async/random.browser.js"
   },
-  "husky": {
-    "hooks": {
-      "pre-commit": "lint-staged"
-    }
-  }
+  "sideEffects": false
 }

package/url.js

@@ -1,7 +1,7 @@
 /**
  * URL safe symbols.
  *
- * This alphabet uses a-z A-Z 0-9 _~ symbols.
+ * This alphabet uses a-z A-Z 0-9 _- symbols.
  * Symbols order was changed for better gzip compression.
  *
  * @name url
@@ -12,4 +12,4 @@
  * generate(url, 10) //=> "Uakgb_J5m9"
  */
 module.exports =
-  'SymboljecthasOwnPr0123456789ABCDEFGHIJKLMNQRTUVWXYZ_dfgikpquvxz~'
+  'ModuleSymbhasOwnPr-0123456789ABCDEFGHIJKLNQRTUVWXYZ_cfgijkpqtvxz'