nanoid 2.1.7 → 2.1.11

package/CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 2.1.11
+* Reduce size (by Anton Evzhakov).
+
+## 2.1.10
+* Reduce size by 10% (by Anton Khlynovskiy).
+
+## 2.1.9
+* Reduce `format` and `async/format` size (by Dair Aidarkhanov).
+
+## 2.1.8
+* Improve React docs (by Nahum Zsilva).
+
 ## 2.1.7
 * Reduce `index`, `async` and `non-secure` size (by @polemius).
 

package/README.md

@@ -5,7 +5,7 @@
 
 A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
 
-* **Small.** 137 bytes (minified and gzipped). No dependencies.
+* **Small.** 119 bytes (minified and gzipped). No dependencies.
   [Size Limit] controls the size.
 * **Safe.** It uses cryptographically strong random APIs.
   Can be used in clusters.
@@ -62,8 +62,8 @@ There are three main differences between Nano ID and UUID v4:
 
 1. Nano ID uses a bigger alphabet, so a similar number of random bits
    are packed in just 21 symbols instead of 36.
-2. Nano ID code is 3 times less than `uuid/v4` package:
-   137 bytes instead of 435.
+2. Nano ID code is 4 times less than `uuid/v4` package:
+   119 bytes instead of 435.
 3. Because of memory allocation tricks, Nano ID is 16% faster than UUID.
 
 
@@ -176,13 +176,12 @@ between renders. This is bad code:
 <Item key={nanoid()} /> /* DON’T DO IT */
 ```
 
-This is good code. `this.id` will be generated only once:
+This is good code. `id` will be generated only once:
 
 ```jsx
-  id = nanoid()
-  render () {
-    return <Item key={this.id}>;
-  }
+const Element = () => {
+  const [id] = React.useState(nanoid)
+  return <Item key={id}>
 }
 ```
 

package/async/format.browser.js

@@ -1,12 +1,38 @@
+// This file replaces `async/format.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
 module.exports = function (random, alphabet, size) {
-  var mask = (2 << 31 - Math.clz32((alphabet.length - 1) | 1)) - 1
-  var step = Math.ceil(1.6 * mask * size / alphabet.length)
+  // We can’t use bytes bigger than the alphabet. To make bytes values closer
+  // to the alphabet, we apply bitmask on them. We look for the closest
+  // `2 ** x - 1` number, which will be bigger than alphabet size. If we have
+  // 30 symbols in the alphabet, we will take 31 (00011111).
+  // We do not use faster Math.clz32, because it is not available in browsers.
+  var mask = (2 << Math.log(alphabet.length - 1) / Math.LN2) - 1
+  // Bitmask is not a perfect solution (in our example it will pass 31 bytes,
+  // which is bigger than the alphabet). As a result, we will need more bytes,
+  // than ID size, because we will refuse bytes bigger than the alphabet.
+
+  // Every hardware random generator call is costly,
+  // because we need to wait for entropy collection. This is why often it will
+  // be faster to ask for few extra bytes in advance, to avoid additional calls.
+
+  // Here we calculate how many random bytes should we call in advance.
+  // It depends on ID length, mask / alphabet size and magic number 1.6
+  // (which was selected according benchmarks).
+
+  // -~f => Math.ceil(f) if n is float number
+  // -~i => i + 1 if n is integer number
+  var step = -~(1.6 * mask * size / alphabet.length)
 
   function tick (id) {
     return random(step).then(function (bytes) {
+    // Compact alternative for `for (var i = 0; i < step; i++)`
       var i = step
       while (i--) {
+        // If random byte is bigger than alphabet even after bitmask,
+        // we refuse it by `|| ''`.
         id += alphabet[bytes[i] & mask] || ''
+        // More compact than `id.length + 1 === size`
         if (id.length === +size) return id
       }
       return tick(id)

package/async/format.js

@@ -29,14 +29,33 @@
  * @function
  */
 module.exports = function (random, alphabet, size) {
-  var mask = (2 << Math.log(alphabet.length - 1) / Math.LN2) - 1
+  // We can’t use bytes bigger than the alphabet. To make bytes values closer
+  // to the alphabet, we apply bitmask on them. We look for the closest
+  // `2 ** x - 1` number, which will be bigger than alphabet size. If we have
+  // 30 symbols in the alphabet, we will take 31 (00011111).
+  var mask = (2 << 31 - Math.clz32((alphabet.length - 1) | 1)) - 1
+  // Bitmask is not a perfect solution (in our example it will pass 31 bytes,
+  // which is bigger than the alphabet). As a result, we will need more bytes,
+  // than ID size, because we will refuse bytes bigger than the alphabet.
+
+  // Every hardware random generator call is costly,
+  // because we need to wait for entropy collection. This is why often it will
+  // be faster to ask for few extra bytes in advance, to avoid additional calls.
+
+  // Here we calculate how many random bytes should we call in advance.
+  // It depends on ID length, mask / alphabet size and magic number 1.6
+  // (which was selected according benchmarks).
   var step = Math.ceil(1.6 * mask * size / alphabet.length)
 
   function tick (id) {
     return random(step).then(function (bytes) {
+      // Compact alternative for `for (var i = 0; i < step; i++)`
       var i = step
       while (i--) {
+        // If random byte is bigger than alphabet even after bitmask,
+        // we refuse it by `|| ''`.
         id += alphabet[bytes[i] & mask] || ''
+        // More compact than `id.length + 1 === size`
         if (id.length === +size) return id
       }
       return tick(id)

package/async/index.browser.js

@@ -1,17 +1,37 @@
+// This file replaces `async/index.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
 var crypto = self.crypto || self.msCrypto
 
-/*
- * This alphabet uses a-z A-Z 0-9 _- symbols.
- * Symbols order was changed for better gzip compression.
- */
-var url = 'IUint8Ar21ModulvezGFYPCJ7_p0V4XSymbLBNH6fTqQ35xD9ZREghasOw-cjkWK'
+// This alphabet uses a-z A-Z 0-9 _- symbols.
+// Symbols are generated for smaller size.
+// -_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA
+var url = '-_'
+// Loop from 36 to 0 (from z to a and 9 to 0 in Base36).
+var i = 36
+while (i--) {
+  // 36 is radix. Number.prototype.toString(36) returns number
+  // in Base36 representation. Base36 is like hex, but it uses 0–9 and a-z.
+  url += i.toString(36)
+}
+// Loop from 36 to 10 (from Z to A in Base36).
+i = 36
+while (i-- - 10) {
+  url += i.toString(36).toUpperCase()
+}
 
 module.exports = function (size) {
-  size = size || 21
   var id = ''
-  var bytes = crypto.getRandomValues(new Uint8Array(size))
-  while (size--) {
-    id += url[bytes[size] & 63]
+  var bytes = crypto.getRandomValues(new Uint8Array(size || 21))
+  i = size || 21
+
+  // Compact alternative for `for (var i = 0; i < size; i++)`
+  while (i--) {
+    // We can’t use bytes bigger than the alphabet. 63 is 00111111 bitmask.
+    // This mask reduces random byte 0-255 to 0-63 values.
+    // There is no need in `|| ''` and `* 1.6` hacks in here,
+    // because bitmask trim bytes exact to alphabet size.
+    id += url[bytes[i] & 63]
   }
   return Promise.resolve(id)
 }

package/async/index.js

@@ -24,7 +24,12 @@ module.exports = function (size) {
   size = size || 21
   return random(size).then(function (bytes) {
     var id = ''
+    // Compact alternative for `for (var i = 0; i < size; i++)`
     while (size--) {
+      // We can’t use bytes bigger than the alphabet. 63 is 00111111 bitmask.
+      // This mask reduces random byte 0-255 to 0-63 values.
+      // There is no need in `|| ''` and `* 1.6` hacks in here,
+      // because bitmask trim bytes exact to alphabet size.
       id += url[bytes[size] & 63]
     }
     return id

package/async/random.browser.js

@@ -1,3 +1,6 @@
+// This file replaces `async/random.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
 var crypto = self.crypto || self.msCrypto
 
 module.exports = function (bytes) {

package/async/random.js

@@ -1,8 +1,12 @@
 var crypto = require('crypto')
 
 if (crypto.randomFill) {
+  // `crypto.randomFill()` is a little fatser than `crypto.randomBytes()`,
+  // because we can use faster `Buffer.allocUnsafe()`.
   module.exports = function (bytes) {
     return new Promise(function (resolve, reject) {
+      // `Buffer.allocUnsafe()` faster because it don’t clean memory.
+      // We do not need it, since we will fill memory with new bytes anyway.
       crypto.randomFill(Buffer.allocUnsafe(bytes), function (err, buf) {
         if (err) {
           reject(err)

package/format.browser.js

@@ -1,13 +1,39 @@
+// This file replaces `format.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
 module.exports = function (random, alphabet, size) {
+  // We can’t use bytes bigger than the alphabet. To make bytes values closer
+  // to the alphabet, we apply bitmask on them. We look for the closest
+  // `2 ** x - 1` number, which will be bigger than alphabet size. If we have
+  // 30 symbols in the alphabet, we will take 31 (00011111).
+  // We do not use faster Math.clz32, because it is not available in browsers.
   var mask = (2 << Math.log(alphabet.length - 1) / Math.LN2) - 1
-  var step = Math.ceil(1.6 * mask * size / alphabet.length)
+  // Bitmask is not a perfect solution (in our example it will pass 31 bytes,
+  // which is bigger than the alphabet). As a result, we will need more bytes,
+  // than ID size, because we will refuse bytes bigger than the alphabet.
+
+  // Every hardware random generator call is costly,
+  // because we need to wait for entropy collection. This is why often it will
+  // be faster to ask for few extra bytes in advance, to avoid additional calls.
+
+  // Here we calculate how many random bytes should we call in advance.
+  // It depends on ID length, mask / alphabet size and magic number 1.6
+  // (which was selected according benchmarks).
+
+  // -~f => Math.ceil(f) if n is float number
+  // -~i => i + 1 if n is integer number
+  var step = -~(1.6 * mask * size / alphabet.length)
   var id = ''
 
   while (true) {
+    var bytes = random(step)
+    // Compact alternative for `for (var i = 0; i < step; i++)`
     var i = step
-    var bytes = random(i)
     while (i--) {
+      // If random byte is bigger than alphabet even after bitmask,
+      // we refuse it by `|| ''`.
       id += alphabet[bytes[i] & mask] || ''
+      // More compact than `id.length + 1 === size`
       if (id.length === +size) return id
     }
   }

package/format.js

@@ -27,15 +27,34 @@
  * @function
  */
 module.exports = function (random, alphabet, size) {
+  // We can’t use bytes bigger than the alphabet. To make bytes values closer
+  // to the alphabet, we apply bitmask on them. We look for the closest
+  // `2 ** x - 1` number, which will be bigger than alphabet size. If we have
+  // 30 symbols in the alphabet, we will take 31 (00011111).
   var mask = (2 << 31 - Math.clz32((alphabet.length - 1) | 1)) - 1
+  // Bitmask is not a perfect solution (in our example it will pass 31 bytes,
+  // which is bigger than the alphabet). As a result, we will need more bytes,
+  // than ID size, because we will refuse bytes bigger than the alphabet.
+
+  // Every hardware random generator call is costly,
+  // because we need to wait for entropy collection. This is why often it will
+  // be faster to ask for few extra bytes in advance, to avoid additional calls.
+
+  // Here we calculate how many random bytes should we call in advance.
+  // It depends on ID length, mask / alphabet size and magic number 1.6
+  // (which was selected according benchmarks).
   var step = Math.ceil(1.6 * mask * size / alphabet.length)
   var id = ''
 
   while (true) {
+    var bytes = random(step)
+    // Compact alternative for `for (var i = 0; i < step; i++)`
     var i = step
-    var bytes = random(i)
     while (i--) {
+      // If random byte is bigger than alphabet even after bitmask,
+      // we refuse it by `|| ''`.
       id += alphabet[bytes[i] & mask] || ''
+      // More compact than `id.length + 1 === size`
       if (id.length === +size) return id
     }
   }

package/index.browser.js

@@ -1,4 +1,8 @@
+// This file replaces `index.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
 if (process.env.NODE_ENV !== 'production') {
+  // All bundlers will remove this block in production bundle
   if (typeof navigator !== 'undefined' && navigator.product === 'ReactNative') {
     throw new Error(
       'React Native does not have a built-in secure random generator. ' +
@@ -16,18 +20,35 @@ if (process.env.NODE_ENV !== 'production') {
 
 var crypto = self.crypto || self.msCrypto
 
-/*
- * This alphabet uses a-z A-Z 0-9 _- symbols.
- * Symbols order was changed for better gzip compression.
- */
-var url = 'QLUint8ARdomValuesObj0h6345-79BCrypgJzHKTNYDSMkXPZ_FfG1WcqvwxEI2'
+// This alphabet uses a-z A-Z 0-9 _- symbols.
+// Symbols are generated for smaller size.
+// -_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA
+var url = '-_'
+// Loop from 36 to 0 (from z to a and 9 to 0 in Base36).
+var i = 36
+while (i--) {
+  // 36 is radix. Number.prototype.toString(36) returns number
+  // in Base36 representation. Base36 is like hex, but it uses 0–9 and a-z.
+  url += i.toString(36)
+}
+// Loop from 36 to 10 (from Z to A in Base36).
+i = 36
+while (i-- - 10) {
+  url += i.toString(36).toUpperCase()
+}
 
 module.exports = function (size) {
-  size = size || 21
   var id = ''
-  var bytes = crypto.getRandomValues(new Uint8Array(size))
-  while (size--) {
-    id += url[bytes[size] & 63]
+  var bytes = crypto.getRandomValues(new Uint8Array(size || 21))
+  i = size || 21
+
+  // Compact alternative for `for (var i = 0; i < size; i++)`
+  while (i--) {
+    // We can’t use bytes bigger than the alphabet. 63 is 00111111 bitmask.
+    // This mask reduces random byte 0-255 to 0-63 values.
+    // There is no need in `|| ''` and `* 1.6` hacks in here,
+    // because bitmask trim bytes exact to alphabet size.
+    id += url[bytes[i] & 63]
   }
   return id
 }

package/index.js

@@ -22,7 +22,12 @@ module.exports = function (size) {
   size = size || 21
   var bytes = random(size)
   var id = ''
+  // Compact alternative for `for (var i = 0; i < size; i++)`
   while (size--) {
+    // We can’t use bytes bigger than the alphabet. 63 is 00111111 bitmask.
+    // This mask reduces random byte 0-255 to 0-63 values.
+    // There is no need in `|| ''` and `* 1.6` hacks in here,
+    // because bitmask trim bytes exact to alphabet size.
     id += url[bytes[size] & 63]
   }
   return id

package/non-secure/generate.js

@@ -17,7 +17,9 @@
 module.exports = function (alphabet, size) {
   size = size || 21
   var id = ''
+  // Compact alternative for `for (var i = 0; i < size; i++)`
   while (size--) {
+    // `| 0` is compact and faster alternative for `Math.floor()`
     id += alphabet[Math.random() * alphabet.length | 0]
   }
   return id

package/non-secure/index.js

@@ -1,4 +1,19 @@
-var url = 'sOwnPropMN49CEiq-hXvHJdSymlFURTag61GQfuD8YIWz2Zk5xKB7LV30_Abject'
+// This alphabet uses a-z A-Z 0-9 _- symbols.
+// Symbols are generated for smaller size.
+// -_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA
+var url = '-_'
+// Loop from 36 to 0 (from z to a and 9 to 0 in Base36).
+var i = 36
+while (i--) {
+  // 36 is radix. Number.prototype.toString(36) returns number
+  // in Base36 representation. Base36 is like hex, but it uses 0–9 and a-z.
+  url += i.toString(36)
+}
+// Loop from 36 to 10 (from Z to A in Base36).
+i = 36
+while (i-- - 10) {
+  url += i.toString(36).toUpperCase()
+}
 
 /**
  * Generate URL-friendly unique ID. This method use non-secure predictable
@@ -16,9 +31,11 @@ var url = 'sOwnPropMN49CEiq-hXvHJdSymlFURTag61GQfuD8YIWz2Zk5xKB7LV30_Abject'
  * @function
  */
 module.exports = function (size) {
-  size = size || 21
   var id = ''
-  while (size--) {
+  i = size || 21
+  // Compact alternative for `for (var i = 0; i < size; i++)`
+  while (i--) {
+    // `| 0` is compact and faster alternative for `Math.floor()`
     id += url[Math.random() * 64 | 0]
   }
   return id

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nanoid",
-  "version": "2.1.7",
-  "description": "A tiny (137 bytes), secure URL-friendly unique string ID generator",
+  "version": "2.1.11",
+  "description": "A tiny (119 bytes), secure URL-friendly unique string ID generator",
   "keywords": [
     "uuid",
     "random",
@@ -28,6 +28,6 @@
   ],
   "sharec": {
     "config": "@logux/sharec-config",
-    "version": "0.5.3"
+    "version": "0.5.6"
   }
 }

package/random.js

@@ -1,10 +1,14 @@
 var crypto = require('crypto')
 
 if (crypto.randomFillSync) {
+  // We reuse buffers with the same size to avoid memory fragmentations
+  // for better performance
   var buffers = { }
   module.exports = function (bytes) {
     var buffer = buffers[bytes]
     if (!buffer) {
+      // `Buffer.allocUnsafe()` faster because it don’t clean memory.
+      // We do not need it, since we will fill memory with new bytes anyway.
       buffer = Buffer.allocUnsafe(bytes)
       if (bytes <= 255) buffers[bytes] = buffer
     }

package/url.js

@@ -1,9 +1,11 @@
+// This alphabet uses a-z A-Z 0-9 _- symbols.
+// Despite the fact the source code is quite long, its entropy
+// is low and there are lots of duplicates - just what compressors
+// like GZIP and Brotli likes the best.
+
 /**
  * URL safe symbols.
  *
- * This alphabet uses a-z A-Z 0-9 _- symbols.
- * Symbols order was changed for better gzip compression.
- *
  * @name url
  * @type {string}
  *
@@ -11,5 +13,15 @@
  * const url = require('nanoid/url')
  * generate(url, 10) //=> "Uakgb_J5m9"
  */
-module.exports =
-  'ModuleSymbhasOwnPr-0123456789ABCDEFGHNRVfgctiUvz_KqYTJkLxpZXIjQW'
+
+// This alphabet uses a-z A-Z 0-9 _- symbols.
+// Symbols are generated for smaller size.
+// -_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA
+module.exports = '-_'
+var i = 36
+while (i--) {
+  // 36 is radix. Number.prototype.toString(36) returns number
+  // in Base36 representation. Base36 is like hex, but it uses 0–9 and a-z.
+  module.exports += i.toString(36)
+  i > 9 && (module.exports += i.toString(36).toUpperCase())
+}