nanoid 3.1.8 → 3.1.12

package/CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 3.1.12
+* Improve IE 11 docs.
+
+## 3.1.11
+* Fixed asynchronous `customAlphabet` in browser (by @LoneRifle).
+
+## 3.1.10
+* Fix ES modules support.
+
+## 3.1.9
+* Try to fix React Native Expo support.
+
 ## 3.1.8
 * Add React Native Expo support.
 

package/README.md

@@ -138,7 +138,7 @@ Test configuration: Dell XPS 2-in-a 7390, Fedora 32, Node.js 13.11.
   Tidelift will coordinate the fix and disclosure.
 
 [Secure random values (in Node.js)]: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba
-[better algorithm]:                  https://github.com/ai/nanoid/blob/master/format.js
+[better algorithm]:                  https://github.com/ai/nanoid/blob/master/index.js
 
 
 ## Usage
@@ -175,10 +175,14 @@ If you support IE, you need to [transpile `node_modules`] by Babel
 and add `crypto` alias:
 
 ```js
+// polyfills.js
 if (!window.crypto) {
   window.crypto = window.msCrypto
 }
+```
 
+```js
+import './polyfills.js'
 import { nanoid } from 'nanoid'
 ```
 
@@ -253,9 +257,10 @@ If you use Expo in React Native, you need a different workaround.
 
 1. Install [`expo-random`](https://www.npmjs.com/package/expo-random).
 2. Use `nanoid/async` instead of `nanoid`.
+3. Import `index.native.js` file directly.
 
 ```js
-import { nanoid } from 'nanoid/async'
+import { nanoid } from 'nanoid/async/index.native'
 
 async function createUser () {
   user.id = await nanoid()
@@ -352,12 +357,15 @@ Nano ID was ported to many languages. You can use these ports to have
 the same ID generator on the client and server side.
 
 * [C#](https://github.com/codeyu/nanoid-net)
+* [C++](https://github.com/mcmikecreations/nanoid_cpp)
 * [Clojure and ClojureScript](https://github.com/zelark/nano-id)
 * [Crystal](https://github.com/mamantoha/nanoid.cr)
 * [Dart](https://github.com/pd4d10/nanoid-dart)
+* [Deno](https://github.com/ianfabs/nanoid)
 * [Go](https://github.com/matoous/go-nanoid)
 * [Elixir](https://github.com/railsmechanic/nanoid)
 * [Haskell](https://github.com/4e6/nanoid-hs)
+* [Janet](https://sr.ht/~statianzo/janet-nanoid/)
 * [Java](https://github.com/aventrix/jnanoid)
 * [Nim](https://github.com/icyphox/nanoid.nim)
 * [PHP](https://github.com/hidehalo/nanoid-php)

package/async/index.browser.js

@@ -1,4 +1,5 @@
-import { random } from './random/index.js'
+let random = bytes =>
+  Promise.resolve(crypto.getRandomValues(new Uint8Array(bytes)))
 
 let customAlphabet = (alphabet, size) => {
   // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
@@ -34,7 +35,7 @@ let customAlphabet = (alphabet, size) => {
         // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
         id += alphabet[bytes[i] & mask] || ''
         // `id.length + 1 === size` is a more compact option.
-        if (id.length === +size) return id
+        if (id.length === +size) return Promise.resolve(id)
       }
     }
   }

package/async/index.cjs

@@ -1,5 +1,22 @@
+let crypto = require('crypto')
+
 let { urlAlphabet } = require('../url-alphabet/index.cjs')
-let { random } = require('./random/index.cjs')
+
+// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
+// because it is possible to use in combination with `Buffer.allocUnsafe()`.
+let random = bytes =>
+  new Promise((resolve, reject) => {
+    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
+    // Memory flushing is unnecessary since the buffer allocation itself resets
+    // the memory with the new bytes.
+    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
+      if (err) {
+        reject(err)
+      } else {
+        resolve(buf)
+      }
+    })
+  })
 
 let customAlphabet = (alphabet, size) => {
   // First, a bitmask is necessary to generate the ID. The bitmask makes bytes

package/async/index.js

@@ -1,5 +1,22 @@
+import crypto from 'crypto'
+
 import { urlAlphabet } from '../url-alphabet/index.js'
-import { random } from './random/index.js'
+
+// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
+// because it is possible to use in combination with `Buffer.allocUnsafe()`.
+let random = bytes =>
+  new Promise((resolve, reject) => {
+    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
+    // Memory flushing is unnecessary since the buffer allocation itself resets
+    // the memory with the new bytes.
+    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
+      if (err) {
+        reject(err)
+      } else {
+        resolve(buf)
+      }
+    })
+  })
 
 let customAlphabet = (alphabet, size) => {
   // First, a bitmask is necessary to generate the ID. The bitmask makes bytes

package/async/index.native.js

@@ -0,0 +1,58 @@
+import { getRandomBytesAsync } from 'expo-random'
+
+import { urlAlphabet } from '../url-alphabet/index.js'
+
+let random = getRandomBytesAsync
+
+let customAlphabet = (alphabet, size) => {
+  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
+  // values closer to the alphabet size. The bitmask calculates the closest
+  // `2^31 - 1` number, which exceeds the alphabet size.
+  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
+  let mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1
+  // Though, the bitmask solution is not perfect since the bytes exceeding
+  // the alphabet size are refused. Therefore, to reliably generate the ID,
+  // the random bytes redundancy has to be satisfied.
+
+  // Note: every hardware random generator call is performance expensive,
+  // because the system call for entropy collection takes a lot of time.
+  // So, to avoid additional system calls, extra bytes are requested in advance.
+
+  // Next, a step determines how many random bytes to generate.
+  // The number of random bytes gets decided upon the ID size, mask,
+  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
+  // according to benchmarks).
+  let step = Math.ceil((1.6 * mask * size) / alphabet.length)
+
+  let tick = id =>
+    random(step).then(bytes => {
+      // A compact alternative for `for (var i = 0; i < step; i++)`.
+      let i = step
+      while (i--) {
+        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
+        id += alphabet[bytes[i] & mask] || ''
+        // `id.length + 1 === size` is a more compact option.
+        if (id.length === +size) return id
+      }
+      return tick(id)
+    })
+
+  return () => tick('')
+}
+
+let nanoid = (size = 21) =>
+  random(size).then(bytes => {
+    let id = ''
+    // A compact alternative for `for (var i = 0; i < step; i++)`.
+    while (size--) {
+      // It is incorrect to use bytes exceeding the alphabet size.
+      // The following mask reduces the random byte in the 0-255 value
+      // range to the 0-63 value range. Therefore, adding hacks, such
+      // as empty string fallback or magic numbers, is unneccessary because
+      // the bitmask trims bytes down to the alphabet size.
+      id += urlAlphabet[bytes[size] & 63]
+    }
+    return id
+  })
+
+export { nanoid, customAlphabet, random }

package/async/package.json

@@ -2,7 +2,9 @@
   "type": "module",
   "main": "index.cjs",
   "module": "index.js",
-  "react-native": "index.js",
+  "react-native": {
+    "./index.js": "./index.native.js"
+  },
   "browser": {
     "./index.js": "./index.browser.js"
   }

package/index.browser.js

@@ -20,8 +20,8 @@ if (process.env.NODE_ENV !== 'production') {
   }
   if (typeof msCrypto !== 'undefined' && typeof crypto === 'undefined') {
     throw new Error(
-      'Add `if (!window.crypto) window.crypto = window.msCrypto` ' +
-        'before Nano ID to fix IE 11 support'
+      'Import file with `if (!window.crypto) window.crypto = window.msCrypto`' +
+        ' before importing Nano ID to fix IE 11 support'
     )
   }
   if (typeof crypto === 'undefined') {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nanoid",
-  "version": "3.1.8",
+  "version": "3.1.12",
   "description": "A tiny (108 bytes), secure URL-friendly unique string ID generator",
   "keywords": [
     "uuid",
@@ -24,17 +24,17 @@
   "main": "index.cjs",
   "module": "index.js",
   "exports": {
-    "./package.json": "./package.json",
     ".": {
+      "browser": "./index.browser.js",
       "require": "./index.cjs",
-      "import": "./index.js",
-      "browser": "./index.browser.js"
+      "import": "./index.js"
     },
+    "./package.json": "./package.json",
     "./async/package.json": "./async/package.json",
     "./async": {
+      "browser": "./async/index.browser.js",
       "require": "./async/index.cjs",
-      "import": "./async/index.js",
-      "browser": "./async/index.browser.js"
+      "import": "./async/index.js"
     },
     "./non-secure/package.json": "./non-secure/package.json",
     "./non-secure": {
@@ -45,12 +45,6 @@
     "./url-alphabet": {
       "require": "./url-alphabet/index.cjs",
       "import": "./url-alphabet/index.js"
-    },
-    "./async/random/package.json": "./async/random/package.json",
-    "./async/random": {
-      "require": "./async/random/index.cjs",
-      "import": "./async/random/index.js",
-      "browser": "./async/random/index.browser.js"
     }
   }
 }

package/async/random/index.browser.js

@@ -1,4 +0,0 @@
-let random = bytes =>
-  Promise.resolve(crypto.getRandomValues(new Uint8Array(bytes)))
-
-export { random }

package/async/random/index.cjs

@@ -1,19 +0,0 @@
-let crypto = require('crypto')
-
-// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
-// because it is possible to use in combination with `Buffer.allocUnsafe()`.
-let random = bytes =>
-  new Promise((resolve, reject) => {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
-      if (err) {
-        reject(err)
-      } else {
-        resolve(buf)
-      }
-    })
-  })
-
-module.exports = { random }

package/async/random/index.d.ts

@@ -1,12 +0,0 @@
-/**
- * Generate an array of random bytes collected from hardware noise.
- *
- * ```js
- * import { customRandom, random } from 'nanoid'
- * const nanoid = customRandom("abcdef", 5, random)
- * ```
- *
- * @param bytes Size of the array.
- * @returns An array of random bytes.
- */
-export function random (bytes: number): Promise<Uint8Array>

package/async/random/index.js

@@ -1,19 +0,0 @@
-import crypto from 'crypto'
-
-// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
-// because it is possible to use in combination with `Buffer.allocUnsafe()`.
-let random = bytes =>
-  new Promise((resolve, reject) => {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
-      if (err) {
-        reject(err)
-      } else {
-        resolve(buf)
-      }
-    })
-  })
-
-export { random }

package/async/random/index.native.js

@@ -1,5 +0,0 @@
-import { getRandomBytesAsync } from 'expo-random'
-
-let random = getRandomBytesAsync
-
-export { random }

package/async/random/package.json

@@ -1,11 +0,0 @@
-{
-  "type": "module",
-  "main": "index.cjs",
-  "module": "index.js",
-  "react-native": {
-    "./index.js": "./index.native.js"
-  },
-  "browser": {
-    "./index.js": "./index.browser.js"
-  }
-}