nanoid 3.1.14 → 3.1.18

package/CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 3.1.18
+* Fixed `package.exports`.
+
+## 3.1.17
+* Added files without `process`.
+
+## 3.1.16
+* Speeded up Nano ID 4 times (by Peter Boyer).
+
+## 3.1.15
+* Fixed `package.types` path.
+
 ## 3.1.14
 * Added `package.types`.
 

package/README.md

@@ -10,7 +10,7 @@ A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
 
 * **Small.** 108 bytes (minified and gzipped). No dependencies.
   [Size Limit] controls the size.
-* **Fast.** It is 40% faster than UUID.
+* **Fast.** It is 60% faster than UUID.
 * **Safe.** It uses cryptographically strong random APIs.
   Can be used in clusters.
 * **Compact.** It uses a larger alphabet than UUID (`A-Za-z0-9_-`).
@@ -82,27 +82,27 @@ There are three main differences between Nano ID and UUID v4:
 ## Benchmark
 
 ```rust
-$ ./test/benchmark
-nanoid                      655,798 ops/sec
-customAlphabet              635,421 ops/sec
-uid.sync                    375,816 ops/sec
-uuid v4                     396,756 ops/sec
-secure-random-string        366,434 ops/sec
-cuid                        183,998 ops/sec
-shortid                      59,343 ops/sec
+$ node ./test/benchmark.js
+nanoid                    2,280,683 ops/sec
+customAlphabet            1,851,117 ops/sec
+uid.sync                    313,306 ops/sec
+uuid v4                   1,348,425 ops/sec
+secure-random-string        294,161 ops/sec
+cuid                        158,988 ops/sec
+shortid                      37,222 ops/sec
 
 Async:
-async nanoid                101,966 ops/sec
-async customAlphabet        102,471 ops/sec
-async secure-random-string   97,206 ops/sec
-uid                          91,291 ops/sec
+async nanoid                 95,500 ops/sec
+async customAlphabet         93,800 ops/sec
+async secure-random-string   90,316 ops/sec
+uid                          85,583 ops/sec
 
 Non-secure:
-non-secure nanoid         2,754,423 ops/sec
-rndm                      2,437,262 ops/sec
+non-secure nanoid         2,641,654 ops/sec
+rndm                      2,447,086 ops/sec
 ```
 
-Test configuration: Dell XPS 2-in-a 7390, Fedora 32, Node.js 13.11.
+Test configuration: Dell XPS 2-in-1 7390, Fedora 32, Node.js 15.1.
 
 
 ## Tools
@@ -151,7 +151,7 @@ with 21 characters (to have a collision probability similar to UUID v4).
 
 ```js
 import { nanoid } from 'nanoid'
-model.id = nanoid() //=> "Uakgb_J5m9g-0JDMbcJqLJ"
+model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"
 ```
 
 If you want to reduce the ID size (and increase collisions probability),

package/index.cjs

@@ -2,19 +2,27 @@ let crypto = require('crypto')
 
 let { urlAlphabet } = require('./url-alphabet/index.cjs')
 
-// We reuse buffers with the same size to avoid memory fragmentations
-// for better performance.
-let buffers = {}
+// It is best to make fewer, larger requests to the crypto module to
+// avoid system call overhead. So, random numbers are generated in a
+// pool. The pool is a Buffer that is larger than the initial random
+// request size by this multiplier. The pool is enlarged if subsequent
+// requests exceed the maximum buffer size.
+const POOL_SIZE_MULTIPLIER = 32
+let pool, poolOffset
+
 let random = bytes => {
-  let buffer = buffers[bytes]
-  if (!buffer) {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    buffer = Buffer.allocUnsafe(bytes)
-    if (bytes <= 255) buffers[bytes] = buffer
+  if (!pool || pool.length < bytes) {
+    pool = Buffer.allocUnsafe(bytes * POOL_SIZE_MULTIPLIER)
+    crypto.randomFillSync(pool)
+    poolOffset = 0
+  } else if (poolOffset + bytes > pool.length) {
+    crypto.randomFillSync(pool)
+    poolOffset = 0
   }
-  return crypto.randomFillSync(buffer)
+
+  let res = pool.subarray(poolOffset, poolOffset + bytes)
+  poolOffset += bytes
+  return res
 }
 
 let customRandom = (alphabet, size, getRandom) => {

package/index.dev.js

@@ -0,0 +1,106 @@
+// This file replaces `index.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
+import { urlAlphabet } from './url-alphabet/index.js'
+
+if (true) {
+  // All bundlers will remove this block in the production bundle.
+  if (
+    typeof navigator !== 'undefined' &&
+    navigator.product === 'ReactNative' &&
+    typeof crypto === 'undefined'
+  ) {
+    throw new Error(
+      'React Native does not have a built-in secure random generator. ' +
+        'If you don’t need unpredictable IDs use `nanoid/non-secure`. ' +
+        'For secure IDs, import `react-native-get-random-values` ' +
+        'before Nano ID. If you use Expo, install `expo-random` ' +
+        'and use `nanoid/async`.'
+    )
+  }
+  if (typeof msCrypto !== 'undefined' && typeof crypto === 'undefined') {
+    throw new Error(
+      'Import file with `if (!window.crypto) window.crypto = window.msCrypto`' +
+        ' before importing Nano ID to fix IE 11 support'
+    )
+  }
+  if (typeof crypto === 'undefined') {
+    throw new Error(
+      'Your browser does not have secure random generator. ' +
+        'If you don’t need unpredictable IDs, you can use nanoid/non-secure.'
+    )
+  }
+}
+
+let random = bytes => crypto.getRandomValues(new Uint8Array(bytes))
+
+let customRandom = (alphabet, size, getRandom) => {
+  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
+  // values closer to the alphabet size. The bitmask calculates the closest
+  // `2^31 - 1` number, which exceeds the alphabet size.
+  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
+  // `Math.clz32` is not used, because it is not available in browsers.
+  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
+  // Though, the bitmask solution is not perfect since the bytes exceeding
+  // the alphabet size are refused. Therefore, to reliably generate the ID,
+  // the random bytes redundancy has to be satisfied.
+
+  // Note: every hardware random generator call is performance expensive,
+  // because the system call for entropy collection takes a lot of time.
+  // So, to avoid additional system calls, extra bytes are requested in advance.
+
+  // Next, a step determines how many random bytes to generate.
+  // The number of random bytes gets decided upon the ID size, mask,
+  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
+  // according to benchmarks).
+
+  // `-~f => Math.ceil(f)` if f is a float
+  // `-~i => i + 1` if i is an integer
+  let step = -~((1.6 * mask * size) / alphabet.length)
+
+  return () => {
+    let id = ''
+    while (true) {
+      let bytes = getRandom(step)
+      // A compact alternative for `for (var i = 0; i < step; i++)`.
+      let j = step
+      while (j--) {
+        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
+        id += alphabet[bytes[j] & mask] || ''
+        // `id.length + 1 === size` is a more compact option.
+        if (id.length === +size) return id
+      }
+    }
+  }
+}
+
+let customAlphabet = (alphabet, size) => customRandom(alphabet, size, random)
+
+let nanoid = (size = 21) => {
+  let id = ''
+  let bytes = crypto.getRandomValues(new Uint8Array(size))
+
+  // A compact alternative for `for (var i = 0; i < step; i++)`.
+  while (size--) {
+    // It is incorrect to use bytes exceeding the alphabet size.
+    // The following mask reduces the random byte in the 0-255 value
+    // range to the 0-63 value range. Therefore, adding hacks, such
+    // as empty string fallback or magic numbers, is unneccessary because
+    // the bitmask trims bytes down to the alphabet size.
+    let byte = bytes[size] & 63
+    if (byte < 36) {
+      // `0-9a-z`
+      id += byte.toString(36)
+    } else if (byte < 62) {
+      // `A-Z`
+      id += (byte - 26).toString(36).toUpperCase()
+    } else if (byte < 63) {
+      id += '_'
+    } else {
+      id += '-'
+    }
+  }
+  return id
+}
+
+export { nanoid, customAlphabet, customRandom, urlAlphabet, random }

package/index.js

@@ -2,19 +2,27 @@ import crypto from 'crypto'
 
 import { urlAlphabet } from './url-alphabet/index.js'
 
-// We reuse buffers with the same size to avoid memory fragmentations
-// for better performance.
-let buffers = {}
+// It is best to make fewer, larger requests to the crypto module to
+// avoid system call overhead. So, random numbers are generated in a
+// pool. The pool is a Buffer that is larger than the initial random
+// request size by this multiplier. The pool is enlarged if subsequent
+// requests exceed the maximum buffer size.
+const POOL_SIZE_MULTIPLIER = 32
+let pool, poolOffset
+
 let random = bytes => {
-  let buffer = buffers[bytes]
-  if (!buffer) {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    buffer = Buffer.allocUnsafe(bytes)
-    if (bytes <= 255) buffers[bytes] = buffer
+  if (!pool || pool.length < bytes) {
+    pool = Buffer.allocUnsafe(bytes * POOL_SIZE_MULTIPLIER)
+    crypto.randomFillSync(pool)
+    poolOffset = 0
+  } else if (poolOffset + bytes > pool.length) {
+    crypto.randomFillSync(pool)
+    poolOffset = 0
   }
-  return crypto.randomFillSync(buffer)
+
+  let res = pool.subarray(poolOffset, poolOffset + bytes)
+  poolOffset += bytes
+  return res
 }
 
 let customRandom = (alphabet, size, getRandom) => {

package/index.prod.js

@@ -0,0 +1,106 @@
+// This file replaces `index.js` in bundlers like webpack or Rollup,
+// according to `browser` config in `package.json`.
+
+import { urlAlphabet } from './url-alphabet/index.js'
+
+if (false) {
+  // All bundlers will remove this block in the production bundle.
+  if (
+    typeof navigator !== 'undefined' &&
+    navigator.product === 'ReactNative' &&
+    typeof crypto === 'undefined'
+  ) {
+    throw new Error(
+      'React Native does not have a built-in secure random generator. ' +
+        'If you don’t need unpredictable IDs use `nanoid/non-secure`. ' +
+        'For secure IDs, import `react-native-get-random-values` ' +
+        'before Nano ID. If you use Expo, install `expo-random` ' +
+        'and use `nanoid/async`.'
+    )
+  }
+  if (typeof msCrypto !== 'undefined' && typeof crypto === 'undefined') {
+    throw new Error(
+      'Import file with `if (!window.crypto) window.crypto = window.msCrypto`' +
+        ' before importing Nano ID to fix IE 11 support'
+    )
+  }
+  if (typeof crypto === 'undefined') {
+    throw new Error(
+      'Your browser does not have secure random generator. ' +
+        'If you don’t need unpredictable IDs, you can use nanoid/non-secure.'
+    )
+  }
+}
+
+let random = bytes => crypto.getRandomValues(new Uint8Array(bytes))
+
+let customRandom = (alphabet, size, getRandom) => {
+  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
+  // values closer to the alphabet size. The bitmask calculates the closest
+  // `2^31 - 1` number, which exceeds the alphabet size.
+  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
+  // `Math.clz32` is not used, because it is not available in browsers.
+  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
+  // Though, the bitmask solution is not perfect since the bytes exceeding
+  // the alphabet size are refused. Therefore, to reliably generate the ID,
+  // the random bytes redundancy has to be satisfied.
+
+  // Note: every hardware random generator call is performance expensive,
+  // because the system call for entropy collection takes a lot of time.
+  // So, to avoid additional system calls, extra bytes are requested in advance.
+
+  // Next, a step determines how many random bytes to generate.
+  // The number of random bytes gets decided upon the ID size, mask,
+  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
+  // according to benchmarks).
+
+  // `-~f => Math.ceil(f)` if f is a float
+  // `-~i => i + 1` if i is an integer
+  let step = -~((1.6 * mask * size) / alphabet.length)
+
+  return () => {
+    let id = ''
+    while (true) {
+      let bytes = getRandom(step)
+      // A compact alternative for `for (var i = 0; i < step; i++)`.
+      let j = step
+      while (j--) {
+        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
+        id += alphabet[bytes[j] & mask] || ''
+        // `id.length + 1 === size` is a more compact option.
+        if (id.length === +size) return id
+      }
+    }
+  }
+}
+
+let customAlphabet = (alphabet, size) => customRandom(alphabet, size, random)
+
+let nanoid = (size = 21) => {
+  let id = ''
+  let bytes = crypto.getRandomValues(new Uint8Array(size))
+
+  // A compact alternative for `for (var i = 0; i < step; i++)`.
+  while (size--) {
+    // It is incorrect to use bytes exceeding the alphabet size.
+    // The following mask reduces the random byte in the 0-255 value
+    // range to the 0-63 value range. Therefore, adding hacks, such
+    // as empty string fallback or magic numbers, is unneccessary because
+    // the bitmask trims bytes down to the alphabet size.
+    let byte = bytes[size] & 63
+    if (byte < 36) {
+      // `0-9a-z`
+      id += byte.toString(36)
+    } else if (byte < 62) {
+      // `A-Z`
+      id += (byte - 26).toString(36).toUpperCase()
+    } else if (byte < 63) {
+      id += '_'
+    } else {
+      id += '-'
+    }
+  }
+  return id
+}
+
+export { nanoid, customAlphabet, customRandom, urlAlphabet, random }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nanoid",
-  "version": "3.1.14",
+  "version": "3.1.18",
   "description": "A tiny (108 bytes), secure URL-friendly unique string ID generator",
   "keywords": [
     "uuid",
@@ -20,16 +20,19 @@
   "react-native": "index.js",
   "bin": "./bin/nanoid.cjs",
   "sideEffects": false,
-  "types": "index.d.ts",
+  "types": "./index.d.ts",
   "type": "module",
   "main": "index.cjs",
   "module": "index.js",
   "exports": {
     ".": {
-      "browser": "./index.browser.js",
+      "browser": {
+        "development": "./index.dev.js",
+        "production": "./index.prod.js"
+      },
       "require": "./index.cjs",
       "import": "./index.js",
-      "types": "index.d.ts"
+      "types": "./index.d.ts"
     },
     "./package.json": "./package.json",
     "./async/package.json": "./async/package.json",
@@ -48,6 +51,6 @@
       "require": "./url-alphabet/index.cjs",
       "import": "./url-alphabet/index.js"
     },
-    "index.d.ts": "index.d.ts"
+    "./index.d.ts": "./index.d.ts"
   }
 }