nanoid 5.1.7 → 5.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +6 -7
  3. package/SECURITY.md +21 -0
  4. package/index.browser.js +23 -5
  5. package/index.js +21 -4
  6. package/package.json +20 -20
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright 2017 Andrey Sitnik <andrey@sitnik.ru>
3
+ Copyright 2017 Andrey Sitnik <andrey@sitnik.es>
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy of
6
6
  this software and associated documentation files (the "Software"), to deal in
package/README.md CHANGED
@@ -10,12 +10,12 @@ A tiny, secure, URL-friendly, unique string ID generator for JavaScript.
10
10
  > “An amazing level of senseless perfectionism,
11
11
  > which is simply impossible not to respect.”
12
12
 
13
- * **Small.** 118 bytes (minified and brotlied). No dependencies.
13
+ - **Small.** 118 bytes (minified and brotlied). No dependencies.
14
14
  [Size Limit] controls the size.
15
- * **Safe.** It uses hardware random generator. Can be used in clusters.
16
- * **Short IDs.** It uses a larger alphabet than UUID (`A-Za-z0-9_-`).
15
+ - **Safe.** It uses hardware random generator. Can be used in clusters.
16
+ - **Short IDs.** It uses a larger alphabet than UUID (`A-Za-z0-9_-`).
17
17
  So ID size was reduced from 36 to 21 symbols.
18
- * **Portable.** Nano ID was ported
18
+ - **Portable.** Nano ID was ported
19
19
  to over [20 programming languages](./README.md#other-programming-languages).
20
20
 
21
21
  ```js
@@ -30,9 +30,8 @@ model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"
30
30
  ---
31
31
 
32
32
  [online tool]: https://gitpod.io/#https://github.com/ai/nanoid/
33
- [with Babel]: https://developer.epages.com/blog/coding/how-to-transpile-node-modules-with-babel-and-webpack-in-a-monorepo/
34
- [Size Limit]: https://github.com/ai/size-limit
35
-
33
+ [with Babel]: https://developer.epages.com/blog/coding/how-to-transpile-node-modules-with-babel-and-webpack-in-a-monorepo/
34
+ [Size Limit]: https://github.com/ai/size-limit
36
35
 
37
36
  ## Docs
38
37
  Read full docs **[here](https://github.com/ai/nanoid#readme)**.
package/SECURITY.md ADDED
@@ -0,0 +1,21 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ We supports only the latest version and `3.x` branch.
6
+
7
+ | Version | Supported |
8
+ | ------- | ------------------ |
9
+ | 5.1.x | :white_check_mark: |
10
+ | 5.0.x | :x: |
11
+ | 4.0.x | :x: |
12
+ | 3.3.x | :white_check_mark: |
13
+ | 3.0.x | :x: |
14
+ | < 3.0 | :x: |
15
+
16
+ ## Reporting a Vulnerability
17
+
18
+ To report a security vulnerability, please use the [Tidelift security contact].
19
+ Tidelift will coordinate the fix and disclosure.
20
+
21
+ [Tidelift security contact]: https://tidelift.com/security
package/index.browser.js CHANGED
@@ -3,16 +3,34 @@ import { urlAlphabet as scopedUrlAlphabet } from './url-alphabet/index.js'
3
3
  export { urlAlphabet } from './url-alphabet/index.js'
4
4
  export let random = bytes => crypto.getRandomValues(new Uint8Array(bytes))
5
5
  export let customRandom = (alphabet, defaultSize, getRandom) => {
6
- let mask = (2 << Math.log2(alphabet.length - 1)) - 1
7
- let step = -~((1.6 * mask * defaultSize) / alphabet.length)
6
+ let safeByteCutoff = 256 - (256 % alphabet.length)
7
+ if (safeByteCutoff === 256) {
8
+ let mask = alphabet.length - 1
9
+ return (size = defaultSize) => {
10
+ if (!size) return ''
11
+ let id = ''
12
+ while (true) {
13
+ let bytes = getRandom(size)
14
+ let j = size
15
+ while (j--) {
16
+ id += alphabet[bytes[j] & mask]
17
+ if (id.length >= size) return id
18
+ }
19
+ }
20
+ }
21
+ }
22
+ let step = Math.ceil((1.6 * 256 * defaultSize) / safeByteCutoff)
8
23
  return (size = defaultSize) => {
24
+ if (!size) return ''
9
25
  let id = ''
10
26
  while (true) {
11
27
  let bytes = getRandom(step)
12
- let j = step | 0
28
+ let j = step
13
29
  while (j--) {
14
- id += alphabet[bytes[j] & mask] || ''
15
- if (id.length >= size) return id
30
+ if (bytes[j] < safeByteCutoff) {
31
+ id += alphabet[bytes[j] % alphabet.length]
32
+ if (id.length >= size) return id
33
+ }
16
34
  }
17
35
  }
18
36
  }
package/index.js CHANGED
@@ -19,8 +19,23 @@ export function random(bytes) {
19
19
  return pool.subarray(poolOffset - bytes, poolOffset)
20
20
  }
21
21
  export function customRandom(alphabet, defaultSize, getRandom) {
22
- let mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1
23
- let step = Math.ceil((1.6 * mask * defaultSize) / alphabet.length)
22
+ let safeByteCutoff = 256 - (256 % alphabet.length)
23
+ if (safeByteCutoff === 256) {
24
+ let mask = alphabet.length - 1
25
+ return (size = defaultSize) => {
26
+ if (!size) return ''
27
+ let id = ''
28
+ while (true) {
29
+ let bytes = getRandom(size)
30
+ let i = size
31
+ while (i--) {
32
+ id += alphabet[bytes[i] & mask]
33
+ if (id.length >= size) return id
34
+ }
35
+ }
36
+ }
37
+ }
38
+ let step = Math.ceil((1.6 * 256 * defaultSize) / safeByteCutoff)
24
39
  return (size = defaultSize) => {
25
40
  if (!size) return ''
26
41
  let id = ''
@@ -28,8 +43,10 @@ export function customRandom(alphabet, defaultSize, getRandom) {
28
43
  let bytes = getRandom(step)
29
44
  let i = step
30
45
  while (i--) {
31
- id += alphabet[bytes[i] & mask] || ''
32
- if (id.length >= size) return id
46
+ if (bytes[i] < safeByteCutoff) {
47
+ id += alphabet[bytes[i] % alphabet.length]
48
+ if (id.length >= size) return id
49
+ }
33
50
  }
34
51
  }
35
52
  }
package/package.json CHANGED
@@ -1,26 +1,32 @@
1
1
  {
2
2
  "name": "nanoid",
3
- "version": "5.1.7",
3
+ "version": "5.1.8",
4
4
  "description": "A tiny (118 bytes), secure URL-friendly unique string ID generator",
5
5
  "keywords": [
6
- "uuid",
7
- "random",
8
6
  "id",
9
- "url"
7
+ "random",
8
+ "url",
9
+ "uuid"
10
10
  ],
11
- "type": "module",
12
- "engines": {
13
- "node": "^18 || >=20"
14
- },
11
+ "license": "MIT",
12
+ "author": "Andrey Sitnik <andrey@sitnik.es>",
13
+ "repository": "ai/nanoid",
15
14
  "funding": [
16
15
  {
17
16
  "type": "github",
18
17
  "url": "https://github.com/sponsors/ai"
19
18
  }
20
19
  ],
21
- "author": "Andrey Sitnik <andrey@sitnik.ru>",
22
- "license": "MIT",
23
- "repository": "ai/nanoid",
20
+ "bin": "./bin/nanoid.js",
21
+ "type": "module",
22
+ "sideEffects": false,
23
+ "browser": {
24
+ "./index.js": "./index.browser.js"
25
+ },
26
+ "types": "./index.d.ts",
27
+ "react-native": {
28
+ "./index.js": "./index.browser.js"
29
+ },
24
30
  "exports": {
25
31
  ".": {
26
32
  "types": "./index.d.ts",
@@ -34,13 +40,7 @@
34
40
  },
35
41
  "./package.json": "./package.json"
36
42
  },
37
- "browser": {
38
- "./index.js": "./index.browser.js"
39
- },
40
- "react-native": {
41
- "./index.js": "./index.browser.js"
42
- },
43
- "bin": "./bin/nanoid.js",
44
- "sideEffects": false,
45
- "types": "./index.d.ts"
43
+ "engines": {
44
+ "node": "^18 || >=20"
45
+ }
46
46
  }