sigilid 0.1.0

package/LICENSE

@@ -0,0 +1,7 @@
+Copyright 2026 Moritz Andrè Myrseth
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,37 @@
+# sigilid
+
+**A tiny, tree-shakeable ID toolkit for TypeScript apps.**
+
+[![CI](https://github.com/moritzmyrz/sigilid/actions/workflows/ci.yml/badge.svg)](https://github.com/moritzmyrz/sigilid/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/sigilid)](https://www.npmjs.com/package/sigilid)
+[![license](https://img.shields.io/npm/l/sigilid)](./LICENSE)
+
+Zero runtime dependencies. ESM-first with CJS compatibility. Strong TypeScript support.
+
+```ts
+import { generateId } from "sigilid";
+generateId(); // "K7gkJ_q3vR2nL8xH5eM0w"
+```
+
+For full documentation, see the [repository README](https://github.com/sigilid/sigilid#readme).
+
+## Install
+
+```bash
+npm install sigilid
+```
+
+## Subpath exports
+
+| Import | Description |
+|---|---|
+| `sigilid` | Secure random ID generator |
+| `sigilid/non-secure` | Math.random-based generator |
+| `sigilid/prefix` | Prefixed IDs (`usr_abc123`) |
+| `sigilid/typed` | Branded TypeScript ID types |
+| `sigilid/validate` | Validation helpers |
+| `sigilid/alphabet` | Custom alphabet factory |
+
+## License
+
+MIT

package/dist/alphabet.cjs

@@ -0,0 +1,82 @@
+'use strict';
+
+// src/internal/alphabet.ts
+var MIN_ALPHABET_SIZE = 2;
+var MAX_ALPHABET_SIZE = 256;
+function validateAlphabetString(alphabet) {
+  if (typeof alphabet !== "string") {
+    throw new TypeError("Alphabet must be a string");
+  }
+  if (alphabet.length < MIN_ALPHABET_SIZE) {
+    throw new RangeError(
+      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`
+    );
+  }
+  if (alphabet.length > MAX_ALPHABET_SIZE) {
+    throw new RangeError(
+      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`
+    );
+  }
+  const seen = /* @__PURE__ */ new Set();
+  for (const char of alphabet) {
+    if (seen.has(char)) {
+      throw new TypeError(`Alphabet contains duplicate character: "${char}"`);
+    }
+    seen.add(char);
+  }
+}
+function generateFromAlphabet(alphabet, length, getBytes) {
+  const alphabetSize = alphabet.length;
+  let mask = 1;
+  while (mask < alphabetSize) mask = mask << 1 | 1;
+  const bufferMultiplier = Math.ceil(1.6 * mask * length / alphabetSize);
+  let result = "";
+  while (result.length < length) {
+    const bytes = getBytes(bufferMultiplier);
+    for (let i = 0; i < bytes.length && result.length < length; i++) {
+      const byte = bytes[i] & mask;
+      if (byte < alphabetSize) {
+        result += alphabet[byte];
+      }
+    }
+  }
+  return result;
+}
+
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/internal/random.ts
+function randomBytes(count) {
+  const bytes = new Uint8Array(count);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+
+// src/alphabet.ts
+var DEFAULT_LENGTH = 21;
+function validateAlphabet(alphabet) {
+  validateAlphabetString(alphabet);
+}
+function createAlphabet(alphabet) {
+  validateAlphabetString(alphabet);
+  return {
+    generate(length = DEFAULT_LENGTH) {
+      assertLength(length);
+      return generateFromAlphabet(alphabet, length, randomBytes);
+    }
+  };
+}
+
+exports.createAlphabet = createAlphabet;
+exports.validateAlphabet = validateAlphabet;
+//# sourceMappingURL=alphabet.cjs.map
+//# sourceMappingURL=alphabet.cjs.map

package/dist/alphabet.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/alphabet.ts","../src/internal/assert.ts","../src/internal/random.ts","../src/alphabet.ts"],"names":[],"mappings":";;;AAAA,IAAM,iBAAA,GAAoB,CAAA;AAC1B,IAAM,iBAAA,GAAoB,GAAA;AAEnB,SAAS,uBAAuB,QAAA,EAAwB;AAC7D,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,MAAM,IAAI,UAAU,2BAA2B,CAAA;AAAA,EACjD;AACA,EAAA,IAAI,QAAA,CAAS,SAAS,iBAAA,EAAmB;AACvC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,4BAAA,EAA+B,iBAAiB,CAAA,iBAAA,EAAoB,QAAA,CAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACA,EAAA,IAAI,QAAA,CAAS,SAAS,iBAAA,EAAmB;AACvC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,2BAAA,EAA8B,iBAAiB,CAAA,iBAAA,EAAoB,QAAA,CAAS,MAAM,CAAA;AAAA,KACpF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,KAAA,MAAW,QAAQ,QAAA,EAAU;AAC3B,IAAA,IAAI,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,EAAG;AAClB,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,wCAAA,EAA2C,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACxE;AACA,IAAA,IAAA,CAAK,IAAI,IAAI,CAAA;AAAA,EACf;AACF;AASO,SAAS,oBAAA,CACd,QAAA,EACA,MAAA,EACA,QAAA,EACQ;AACR,EAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAG9B,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,OAAO,IAAA,GAAO,YAAA,EAAc,IAAA,GAAQ,IAAA,IAAQ,CAAA,GAAK,CAAA;AAGjD,EAAA,MAAM,mBAAmB,IAAA,CAAK,IAAA,CAAM,GAAA,GAAM,IAAA,GAAO,SAAU,YAAY,CAAA;AACvE,EAAA,IAAI,MAAA,GAAS,EAAA;AAEb,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,SAAS,gBAAgB,CAAA;AACvC,IAAA,KAAA,IAAS,CAAA,GAAI,GAAG,CAAA,GAAI,KAAA,CAAM,UAAU,MAAA,CAAO,MAAA,GAAS,QAAQ,CAAA,EAAA,EAAK;AAC/D,MAAA,MAAM,IAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAe,IAAA;AACpC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAA,IAAU,SAAS,IAAI,CAAA;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC3DA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACPO,SAAS,YAAY,KAAA,EAA2B;AACrD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,KAAK,CAAA;AAClC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA;AACT;;;ACFA,IAAM,cAAA,GAAiB,EAAA;AAgBhB,SAAS,iBAAiB,QAAA,EAAwB;AACvD,EAAA,sBAAA,CAAuB,QAAQ,CAAA;AACjC;AAgBO,SAAS,eAAe,QAAA,EAAyD;AACtF,EAAA,sBAAA,CAAuB,QAAQ,CAAA;AAC/B,EAAA,OAAO;AAAA,IACL,QAAA,CAAS,SAAiB,cAAA,EAAwB;AAChD,MAAA,YAAA,CAAa,MAAM,CAAA;AACnB,MAAA,OAAO,oBAAA,CAAqB,QAAA,EAAU,MAAA,EAAQ,WAAW,CAAA;AAAA,IAC3D;AAAA,GACF;AACF","file":"alphabet.cjs","sourcesContent":["const MIN_ALPHABET_SIZE = 2;\nconst MAX_ALPHABET_SIZE = 256;\n\nexport function validateAlphabetString(alphabet: string): void {\n  if (typeof alphabet !== \"string\") {\n    throw new TypeError(\"Alphabet must be a string\");\n  }\n  if (alphabet.length < MIN_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  if (alphabet.length > MAX_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  const seen = new Set<string>();\n  for (const char of alphabet) {\n    if (seen.has(char)) {\n      throw new TypeError(`Alphabet contains duplicate character: \"${char}\"`);\n    }\n    seen.add(char);\n  }\n}\n\n/**\n * Generates an ID of `length` characters drawn from `alphabet` using\n * rejection sampling to avoid modulo bias.\n *\n * The caller is responsible for providing valid `alphabet` and `length` values.\n * Use `validateAlphabetString` and `assertLength` before calling this.\n */\nexport function generateFromAlphabet(\n  alphabet: string,\n  length: number,\n  getBytes: (count: number) => Uint8Array,\n): string {\n  const alphabetSize = alphabet.length;\n\n  // Find the smallest bitmask >= alphabetSize to reduce rejection rate.\n  let mask = 1;\n  while (mask < alphabetSize) mask = (mask << 1) | 1;\n\n  // Overshoot buffer size to reduce round-trips. Most cases complete in one pass.\n  const bufferMultiplier = Math.ceil((1.6 * mask * length) / alphabetSize);\n  let result = \"\";\n\n  while (result.length < length) {\n    const bytes = getBytes(bufferMultiplier);\n    for (let i = 0; i < bytes.length && result.length < length; i++) {\n      const byte = (bytes[i] as number) & mask;\n      if (byte < alphabetSize) {\n        result += alphabet[byte];\n      }\n    }\n  }\n\n  return result;\n}\n","const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","// Returns a Uint8Array of `count` cryptographically secure random bytes.\n// Works in Node 18+, all modern browsers, and edge runtimes that expose `crypto`.\nexport function randomBytes(count: number): Uint8Array {\n  const bytes = new Uint8Array(count);\n  crypto.getRandomValues(bytes);\n  return bytes;\n}\n","import { generateFromAlphabet, validateAlphabetString } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Validates a custom alphabet string.\n *\n * Throws if the alphabet:\n * - is not a string\n * - has fewer than 2 characters\n * - has more than 256 characters\n * - contains duplicate characters\n *\n * @example\n * import { validateAlphabet } from \"sigilid/alphabet\";\n * validateAlphabet(\"abc123\"); // ok\n * validateAlphabet(\"aab\");    // throws: duplicate character\n */\nexport function validateAlphabet(alphabet: string): void {\n  validateAlphabetString(alphabet);\n}\n\n/**\n * Creates a secure ID generator bound to a custom alphabet.\n *\n * The alphabet is validated once at creation time. The returned object\n * has a single `generate(length?)` method.\n *\n * @param alphabet - A string of unique characters to draw from.\n * @returns An object with a `generate(length?: number): string` method.\n *\n * @example\n * import { createAlphabet } from \"sigilid/alphabet\";\n * const hex = createAlphabet(\"0123456789abcdef\");\n * hex.generate(32); // \"3f2a8c1d...\" (32 hex characters)\n */\nexport function createAlphabet(alphabet: string): { generate(length?: number): string } {\n  validateAlphabetString(alphabet);\n  return {\n    generate(length: number = DEFAULT_LENGTH): string {\n      assertLength(length);\n      return generateFromAlphabet(alphabet, length, randomBytes);\n    },\n  };\n}\n"]}

package/dist/alphabet.d.cts

@@ -0,0 +1,34 @@
+/**
+ * Validates a custom alphabet string.
+ *
+ * Throws if the alphabet:
+ * - is not a string
+ * - has fewer than 2 characters
+ * - has more than 256 characters
+ * - contains duplicate characters
+ *
+ * @example
+ * import { validateAlphabet } from "sigilid/alphabet";
+ * validateAlphabet("abc123"); // ok
+ * validateAlphabet("aab");    // throws: duplicate character
+ */
+declare function validateAlphabet(alphabet: string): void;
+/**
+ * Creates a secure ID generator bound to a custom alphabet.
+ *
+ * The alphabet is validated once at creation time. The returned object
+ * has a single `generate(length?)` method.
+ *
+ * @param alphabet - A string of unique characters to draw from.
+ * @returns An object with a `generate(length?: number): string` method.
+ *
+ * @example
+ * import { createAlphabet } from "sigilid/alphabet";
+ * const hex = createAlphabet("0123456789abcdef");
+ * hex.generate(32); // "3f2a8c1d..." (32 hex characters)
+ */
+declare function createAlphabet(alphabet: string): {
+    generate(length?: number): string;
+};
+
+export { createAlphabet, validateAlphabet };

package/dist/alphabet.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Validates a custom alphabet string.
+ *
+ * Throws if the alphabet:
+ * - is not a string
+ * - has fewer than 2 characters
+ * - has more than 256 characters
+ * - contains duplicate characters
+ *
+ * @example
+ * import { validateAlphabet } from "sigilid/alphabet";
+ * validateAlphabet("abc123"); // ok
+ * validateAlphabet("aab");    // throws: duplicate character
+ */
+declare function validateAlphabet(alphabet: string): void;
+/**
+ * Creates a secure ID generator bound to a custom alphabet.
+ *
+ * The alphabet is validated once at creation time. The returned object
+ * has a single `generate(length?)` method.
+ *
+ * @param alphabet - A string of unique characters to draw from.
+ * @returns An object with a `generate(length?: number): string` method.
+ *
+ * @example
+ * import { createAlphabet } from "sigilid/alphabet";
+ * const hex = createAlphabet("0123456789abcdef");
+ * hex.generate(32); // "3f2a8c1d..." (32 hex characters)
+ */
+declare function createAlphabet(alphabet: string): {
+    generate(length?: number): string;
+};
+
+export { createAlphabet, validateAlphabet };

package/dist/alphabet.js

@@ -0,0 +1,79 @@
+// src/internal/alphabet.ts
+var MIN_ALPHABET_SIZE = 2;
+var MAX_ALPHABET_SIZE = 256;
+function validateAlphabetString(alphabet) {
+  if (typeof alphabet !== "string") {
+    throw new TypeError("Alphabet must be a string");
+  }
+  if (alphabet.length < MIN_ALPHABET_SIZE) {
+    throw new RangeError(
+      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`
+    );
+  }
+  if (alphabet.length > MAX_ALPHABET_SIZE) {
+    throw new RangeError(
+      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`
+    );
+  }
+  const seen = /* @__PURE__ */ new Set();
+  for (const char of alphabet) {
+    if (seen.has(char)) {
+      throw new TypeError(`Alphabet contains duplicate character: "${char}"`);
+    }
+    seen.add(char);
+  }
+}
+function generateFromAlphabet(alphabet, length, getBytes) {
+  const alphabetSize = alphabet.length;
+  let mask = 1;
+  while (mask < alphabetSize) mask = mask << 1 | 1;
+  const bufferMultiplier = Math.ceil(1.6 * mask * length / alphabetSize);
+  let result = "";
+  while (result.length < length) {
+    const bytes = getBytes(bufferMultiplier);
+    for (let i = 0; i < bytes.length && result.length < length; i++) {
+      const byte = bytes[i] & mask;
+      if (byte < alphabetSize) {
+        result += alphabet[byte];
+      }
+    }
+  }
+  return result;
+}
+
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/internal/random.ts
+function randomBytes(count) {
+  const bytes = new Uint8Array(count);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+
+// src/alphabet.ts
+var DEFAULT_LENGTH = 21;
+function validateAlphabet(alphabet) {
+  validateAlphabetString(alphabet);
+}
+function createAlphabet(alphabet) {
+  validateAlphabetString(alphabet);
+  return {
+    generate(length = DEFAULT_LENGTH) {
+      assertLength(length);
+      return generateFromAlphabet(alphabet, length, randomBytes);
+    }
+  };
+}
+
+export { createAlphabet, validateAlphabet };
+//# sourceMappingURL=alphabet.js.map
+//# sourceMappingURL=alphabet.js.map

package/dist/alphabet.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/alphabet.ts","../src/internal/assert.ts","../src/internal/random.ts","../src/alphabet.ts"],"names":[],"mappings":";AAAA,IAAM,iBAAA,GAAoB,CAAA;AAC1B,IAAM,iBAAA,GAAoB,GAAA;AAEnB,SAAS,uBAAuB,QAAA,EAAwB;AAC7D,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,MAAM,IAAI,UAAU,2BAA2B,CAAA;AAAA,EACjD;AACA,EAAA,IAAI,QAAA,CAAS,SAAS,iBAAA,EAAmB;AACvC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,4BAAA,EAA+B,iBAAiB,CAAA,iBAAA,EAAoB,QAAA,CAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACA,EAAA,IAAI,QAAA,CAAS,SAAS,iBAAA,EAAmB;AACvC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,2BAAA,EAA8B,iBAAiB,CAAA,iBAAA,EAAoB,QAAA,CAAS,MAAM,CAAA;AAAA,KACpF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,KAAA,MAAW,QAAQ,QAAA,EAAU;AAC3B,IAAA,IAAI,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,EAAG;AAClB,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,wCAAA,EAA2C,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACxE;AACA,IAAA,IAAA,CAAK,IAAI,IAAI,CAAA;AAAA,EACf;AACF;AASO,SAAS,oBAAA,CACd,QAAA,EACA,MAAA,EACA,QAAA,EACQ;AACR,EAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAG9B,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,OAAO,IAAA,GAAO,YAAA,EAAc,IAAA,GAAQ,IAAA,IAAQ,CAAA,GAAK,CAAA;AAGjD,EAAA,MAAM,mBAAmB,IAAA,CAAK,IAAA,CAAM,GAAA,GAAM,IAAA,GAAO,SAAU,YAAY,CAAA;AACvE,EAAA,IAAI,MAAA,GAAS,EAAA;AAEb,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,SAAS,gBAAgB,CAAA;AACvC,IAAA,KAAA,IAAS,CAAA,GAAI,GAAG,CAAA,GAAI,KAAA,CAAM,UAAU,MAAA,CAAO,MAAA,GAAS,QAAQ,CAAA,EAAA,EAAK;AAC/D,MAAA,MAAM,IAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAe,IAAA;AACpC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAA,IAAU,SAAS,IAAI,CAAA;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC3DA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACPO,SAAS,YAAY,KAAA,EAA2B;AACrD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,KAAK,CAAA;AAClC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA;AACT;;;ACFA,IAAM,cAAA,GAAiB,EAAA;AAgBhB,SAAS,iBAAiB,QAAA,EAAwB;AACvD,EAAA,sBAAA,CAAuB,QAAQ,CAAA;AACjC;AAgBO,SAAS,eAAe,QAAA,EAAyD;AACtF,EAAA,sBAAA,CAAuB,QAAQ,CAAA;AAC/B,EAAA,OAAO;AAAA,IACL,QAAA,CAAS,SAAiB,cAAA,EAAwB;AAChD,MAAA,YAAA,CAAa,MAAM,CAAA;AACnB,MAAA,OAAO,oBAAA,CAAqB,QAAA,EAAU,MAAA,EAAQ,WAAW,CAAA;AAAA,IAC3D;AAAA,GACF;AACF","file":"alphabet.js","sourcesContent":["const MIN_ALPHABET_SIZE = 2;\nconst MAX_ALPHABET_SIZE = 256;\n\nexport function validateAlphabetString(alphabet: string): void {\n  if (typeof alphabet !== \"string\") {\n    throw new TypeError(\"Alphabet must be a string\");\n  }\n  if (alphabet.length < MIN_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  if (alphabet.length > MAX_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  const seen = new Set<string>();\n  for (const char of alphabet) {\n    if (seen.has(char)) {\n      throw new TypeError(`Alphabet contains duplicate character: \"${char}\"`);\n    }\n    seen.add(char);\n  }\n}\n\n/**\n * Generates an ID of `length` characters drawn from `alphabet` using\n * rejection sampling to avoid modulo bias.\n *\n * The caller is responsible for providing valid `alphabet` and `length` values.\n * Use `validateAlphabetString` and `assertLength` before calling this.\n */\nexport function generateFromAlphabet(\n  alphabet: string,\n  length: number,\n  getBytes: (count: number) => Uint8Array,\n): string {\n  const alphabetSize = alphabet.length;\n\n  // Find the smallest bitmask >= alphabetSize to reduce rejection rate.\n  let mask = 1;\n  while (mask < alphabetSize) mask = (mask << 1) | 1;\n\n  // Overshoot buffer size to reduce round-trips. Most cases complete in one pass.\n  const bufferMultiplier = Math.ceil((1.6 * mask * length) / alphabetSize);\n  let result = \"\";\n\n  while (result.length < length) {\n    const bytes = getBytes(bufferMultiplier);\n    for (let i = 0; i < bytes.length && result.length < length; i++) {\n      const byte = (bytes[i] as number) & mask;\n      if (byte < alphabetSize) {\n        result += alphabet[byte];\n      }\n    }\n  }\n\n  return result;\n}\n","const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","// Returns a Uint8Array of `count` cryptographically secure random bytes.\n// Works in Node 18+, all modern browsers, and edge runtimes that expose `crypto`.\nexport function randomBytes(count: number): Uint8Array {\n  const bytes = new Uint8Array(count);\n  crypto.getRandomValues(bytes);\n  return bytes;\n}\n","import { generateFromAlphabet, validateAlphabetString } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Validates a custom alphabet string.\n *\n * Throws if the alphabet:\n * - is not a string\n * - has fewer than 2 characters\n * - has more than 256 characters\n * - contains duplicate characters\n *\n * @example\n * import { validateAlphabet } from \"sigilid/alphabet\";\n * validateAlphabet(\"abc123\"); // ok\n * validateAlphabet(\"aab\");    // throws: duplicate character\n */\nexport function validateAlphabet(alphabet: string): void {\n  validateAlphabetString(alphabet);\n}\n\n/**\n * Creates a secure ID generator bound to a custom alphabet.\n *\n * The alphabet is validated once at creation time. The returned object\n * has a single `generate(length?)` method.\n *\n * @param alphabet - A string of unique characters to draw from.\n * @returns An object with a `generate(length?: number): string` method.\n *\n * @example\n * import { createAlphabet } from \"sigilid/alphabet\";\n * const hex = createAlphabet(\"0123456789abcdef\");\n * hex.generate(32); // \"3f2a8c1d...\" (32 hex characters)\n */\nexport function createAlphabet(alphabet: string): { generate(length?: number): string } {\n  validateAlphabetString(alphabet);\n  return {\n    generate(length: number = DEFAULT_LENGTH): string {\n      assertLength(length);\n      return generateFromAlphabet(alphabet, length, randomBytes);\n    },\n  };\n}\n"]}

package/dist/index.cjs

@@ -0,0 +1,51 @@
+'use strict';
+
+// src/internal/alphabet.ts
+function generateFromAlphabet(alphabet, length, getBytes) {
+  const alphabetSize = alphabet.length;
+  let mask = 1;
+  while (mask < alphabetSize) mask = mask << 1 | 1;
+  const bufferMultiplier = Math.ceil(1.6 * mask * length / alphabetSize);
+  let result = "";
+  while (result.length < length) {
+    const bytes = getBytes(bufferMultiplier);
+    for (let i = 0; i < bytes.length && result.length < length; i++) {
+      const byte = bytes[i] & mask;
+      if (byte < alphabetSize) {
+        result += alphabet[byte];
+      }
+    }
+  }
+  return result;
+}
+
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/internal/random.ts
+function randomBytes(count) {
+  const bytes = new Uint8Array(count);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+
+// src/index.ts
+var DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+var DEFAULT_LENGTH = 21;
+function generateId(length = DEFAULT_LENGTH) {
+  assertLength(length);
+  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);
+}
+
+exports.DEFAULT_ALPHABET = DEFAULT_ALPHABET;
+exports.generateId = generateId;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/alphabet.ts","../src/internal/assert.ts","../src/internal/random.ts","../src/index.ts"],"names":[],"mappings":";;;AAiCO,SAAS,oBAAA,CACd,QAAA,EACA,MAAA,EACA,QAAA,EACQ;AACR,EAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAG9B,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,OAAO,IAAA,GAAO,YAAA,EAAc,IAAA,GAAQ,IAAA,IAAQ,CAAA,GAAK,CAAA;AAGjD,EAAA,MAAM,mBAAmB,IAAA,CAAK,IAAA,CAAM,GAAA,GAAM,IAAA,GAAO,SAAU,YAAY,CAAA;AACvE,EAAA,IAAI,MAAA,GAAS,EAAA;AAEb,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,SAAS,gBAAgB,CAAA;AACvC,IAAA,KAAA,IAAS,CAAA,GAAI,GAAG,CAAA,GAAI,KAAA,CAAM,UAAU,MAAA,CAAO,MAAA,GAAS,QAAQ,CAAA,EAAA,EAAK;AAC/D,MAAA,MAAM,IAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAe,IAAA;AACpC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAA,IAAU,SAAS,IAAI,CAAA;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC3DA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACPO,SAAS,YAAY,KAAA,EAA2B;AACrD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,KAAK,CAAA;AAClC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA;AACT;;;ACEO,IAAM,gBAAA,GAAmB;AAEhC,IAAM,cAAA,GAAiB,EAAA;AAYhB,SAAS,UAAA,CAAW,SAAiB,cAAA,EAAwB;AAClE,EAAA,YAAA,CAAa,MAAM,CAAA;AACnB,EAAA,OAAO,oBAAA,CAAqB,gBAAA,EAAkB,MAAA,EAAQ,WAAW,CAAA;AACnE","file":"index.cjs","sourcesContent":["const MIN_ALPHABET_SIZE = 2;\nconst MAX_ALPHABET_SIZE = 256;\n\nexport function validateAlphabetString(alphabet: string): void {\n  if (typeof alphabet !== \"string\") {\n    throw new TypeError(\"Alphabet must be a string\");\n  }\n  if (alphabet.length < MIN_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  if (alphabet.length > MAX_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  const seen = new Set<string>();\n  for (const char of alphabet) {\n    if (seen.has(char)) {\n      throw new TypeError(`Alphabet contains duplicate character: \"${char}\"`);\n    }\n    seen.add(char);\n  }\n}\n\n/**\n * Generates an ID of `length` characters drawn from `alphabet` using\n * rejection sampling to avoid modulo bias.\n *\n * The caller is responsible for providing valid `alphabet` and `length` values.\n * Use `validateAlphabetString` and `assertLength` before calling this.\n */\nexport function generateFromAlphabet(\n  alphabet: string,\n  length: number,\n  getBytes: (count: number) => Uint8Array,\n): string {\n  const alphabetSize = alphabet.length;\n\n  // Find the smallest bitmask >= alphabetSize to reduce rejection rate.\n  let mask = 1;\n  while (mask < alphabetSize) mask = (mask << 1) | 1;\n\n  // Overshoot buffer size to reduce round-trips. Most cases complete in one pass.\n  const bufferMultiplier = Math.ceil((1.6 * mask * length) / alphabetSize);\n  let result = \"\";\n\n  while (result.length < length) {\n    const bytes = getBytes(bufferMultiplier);\n    for (let i = 0; i < bytes.length && result.length < length; i++) {\n      const byte = (bytes[i] as number) & mask;\n      if (byte < alphabetSize) {\n        result += alphabet[byte];\n      }\n    }\n  }\n\n  return result;\n}\n","const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","// Returns a Uint8Array of `count` cryptographically secure random bytes.\n// Works in Node 18+, all modern browsers, and edge runtimes that expose `crypto`.\nexport function randomBytes(count: number): Uint8Array {\n  const bytes = new Uint8Array(count);\n  crypto.getRandomValues(bytes);\n  return bytes;\n}\n","import { generateFromAlphabet } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\n/**\n * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.\n * Chosen to be safe in URLs, filenames, and most log formats without encoding.\n */\nexport const DEFAULT_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a cryptographically secure random ID.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateId } from \"sigilid\";\n * const id = generateId(); // \"K7gkJ_q3vR2nL8xH5eM0w\"\n */\nexport function generateId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);\n}\n"]}

package/dist/index.d.cts

@@ -0,0 +1,18 @@
+/**
+ * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.
+ * Chosen to be safe in URLs, filenames, and most log formats without encoding.
+ */
+declare const DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+/**
+ * Generates a cryptographically secure random ID.
+ *
+ * @param length - Number of characters (1–255). Defaults to 21.
+ * @returns A random URL-safe string of the requested length.
+ *
+ * @example
+ * import { generateId } from "sigilid";
+ * const id = generateId(); // "K7gkJ_q3vR2nL8xH5eM0w"
+ */
+declare function generateId(length?: number): string;
+
+export { DEFAULT_ALPHABET, generateId };

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.
+ * Chosen to be safe in URLs, filenames, and most log formats without encoding.
+ */
+declare const DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+/**
+ * Generates a cryptographically secure random ID.
+ *
+ * @param length - Number of characters (1–255). Defaults to 21.
+ * @returns A random URL-safe string of the requested length.
+ *
+ * @example
+ * import { generateId } from "sigilid";
+ * const id = generateId(); // "K7gkJ_q3vR2nL8xH5eM0w"
+ */
+declare function generateId(length?: number): string;
+
+export { DEFAULT_ALPHABET, generateId };

package/dist/index.js

@@ -0,0 +1,48 @@
+// src/internal/alphabet.ts
+function generateFromAlphabet(alphabet, length, getBytes) {
+  const alphabetSize = alphabet.length;
+  let mask = 1;
+  while (mask < alphabetSize) mask = mask << 1 | 1;
+  const bufferMultiplier = Math.ceil(1.6 * mask * length / alphabetSize);
+  let result = "";
+  while (result.length < length) {
+    const bytes = getBytes(bufferMultiplier);
+    for (let i = 0; i < bytes.length && result.length < length; i++) {
+      const byte = bytes[i] & mask;
+      if (byte < alphabetSize) {
+        result += alphabet[byte];
+      }
+    }
+  }
+  return result;
+}
+
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/internal/random.ts
+function randomBytes(count) {
+  const bytes = new Uint8Array(count);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+
+// src/index.ts
+var DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+var DEFAULT_LENGTH = 21;
+function generateId(length = DEFAULT_LENGTH) {
+  assertLength(length);
+  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);
+}
+
+export { DEFAULT_ALPHABET, generateId };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/alphabet.ts","../src/internal/assert.ts","../src/internal/random.ts","../src/index.ts"],"names":[],"mappings":";AAiCO,SAAS,oBAAA,CACd,QAAA,EACA,MAAA,EACA,QAAA,EACQ;AACR,EAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAG9B,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,OAAO,IAAA,GAAO,YAAA,EAAc,IAAA,GAAQ,IAAA,IAAQ,CAAA,GAAK,CAAA;AAGjD,EAAA,MAAM,mBAAmB,IAAA,CAAK,IAAA,CAAM,GAAA,GAAM,IAAA,GAAO,SAAU,YAAY,CAAA;AACvE,EAAA,IAAI,MAAA,GAAS,EAAA;AAEb,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,SAAS,gBAAgB,CAAA;AACvC,IAAA,KAAA,IAAS,CAAA,GAAI,GAAG,CAAA,GAAI,KAAA,CAAM,UAAU,MAAA,CAAO,MAAA,GAAS,QAAQ,CAAA,EAAA,EAAK;AAC/D,MAAA,MAAM,IAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAe,IAAA;AACpC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAA,IAAU,SAAS,IAAI,CAAA;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC3DA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACPO,SAAS,YAAY,KAAA,EAA2B;AACrD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,KAAK,CAAA;AAClC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA;AACT;;;ACEO,IAAM,gBAAA,GAAmB;AAEhC,IAAM,cAAA,GAAiB,EAAA;AAYhB,SAAS,UAAA,CAAW,SAAiB,cAAA,EAAwB;AAClE,EAAA,YAAA,CAAa,MAAM,CAAA;AACnB,EAAA,OAAO,oBAAA,CAAqB,gBAAA,EAAkB,MAAA,EAAQ,WAAW,CAAA;AACnE","file":"index.js","sourcesContent":["const MIN_ALPHABET_SIZE = 2;\nconst MAX_ALPHABET_SIZE = 256;\n\nexport function validateAlphabetString(alphabet: string): void {\n  if (typeof alphabet !== \"string\") {\n    throw new TypeError(\"Alphabet must be a string\");\n  }\n  if (alphabet.length < MIN_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at least ${MIN_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  if (alphabet.length > MAX_ALPHABET_SIZE) {\n    throw new RangeError(\n      `Alphabet must have at most ${MAX_ALPHABET_SIZE} characters, got ${alphabet.length}`,\n    );\n  }\n  const seen = new Set<string>();\n  for (const char of alphabet) {\n    if (seen.has(char)) {\n      throw new TypeError(`Alphabet contains duplicate character: \"${char}\"`);\n    }\n    seen.add(char);\n  }\n}\n\n/**\n * Generates an ID of `length` characters drawn from `alphabet` using\n * rejection sampling to avoid modulo bias.\n *\n * The caller is responsible for providing valid `alphabet` and `length` values.\n * Use `validateAlphabetString` and `assertLength` before calling this.\n */\nexport function generateFromAlphabet(\n  alphabet: string,\n  length: number,\n  getBytes: (count: number) => Uint8Array,\n): string {\n  const alphabetSize = alphabet.length;\n\n  // Find the smallest bitmask >= alphabetSize to reduce rejection rate.\n  let mask = 1;\n  while (mask < alphabetSize) mask = (mask << 1) | 1;\n\n  // Overshoot buffer size to reduce round-trips. Most cases complete in one pass.\n  const bufferMultiplier = Math.ceil((1.6 * mask * length) / alphabetSize);\n  let result = \"\";\n\n  while (result.length < length) {\n    const bytes = getBytes(bufferMultiplier);\n    for (let i = 0; i < bytes.length && result.length < length; i++) {\n      const byte = (bytes[i] as number) & mask;\n      if (byte < alphabetSize) {\n        result += alphabet[byte];\n      }\n    }\n  }\n\n  return result;\n}\n","const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","// Returns a Uint8Array of `count` cryptographically secure random bytes.\n// Works in Node 18+, all modern browsers, and edge runtimes that expose `crypto`.\nexport function randomBytes(count: number): Uint8Array {\n  const bytes = new Uint8Array(count);\n  crypto.getRandomValues(bytes);\n  return bytes;\n}\n","import { generateFromAlphabet } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\n/**\n * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.\n * Chosen to be safe in URLs, filenames, and most log formats without encoding.\n */\nexport const DEFAULT_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a cryptographically secure random ID.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateId } from \"sigilid\";\n * const id = generateId(); // \"K7gkJ_q3vR2nL8xH5eM0w\"\n */\nexport function generateId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);\n}\n"]}

package/dist/non-secure.cjs

@@ -0,0 +1,31 @@
+'use strict';
+
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/index.ts
+var DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+
+// src/non-secure.ts
+var DEFAULT_LENGTH = 21;
+function generateNonSecureId(length = DEFAULT_LENGTH) {
+  assertLength(length);
+  let result = "";
+  const size = DEFAULT_ALPHABET.length;
+  for (let i = 0; i < length; i++) {
+    result += DEFAULT_ALPHABET[Math.floor(Math.random() * size)];
+  }
+  return result;
+}
+
+exports.generateNonSecureId = generateNonSecureId;
+//# sourceMappingURL=non-secure.cjs.map
+//# sourceMappingURL=non-secure.cjs.map

package/dist/non-secure.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/assert.ts","../src/index.ts","../src/non-secure.ts"],"names":[],"mappings":";;;AAAA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACDO,IAAM,gBAAA,GAAmB,kEAAA;;;ACLhC,IAAM,cAAA,GAAiB,EAAA;AAkBhB,SAAS,mBAAA,CAAoB,SAAiB,cAAA,EAAwB;AAC3E,EAAA,YAAA,CAAa,MAAM,CAAA;AACnB,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,MAAM,OAAO,gBAAA,CAAiB,MAAA;AAC9B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,EAAQ,CAAA,EAAA,EAAK;AAC/B,IAAA,MAAA,IAAU,iBAAiB,IAAA,CAAK,KAAA,CAAM,KAAK,MAAA,EAAO,GAAI,IAAI,CAAC,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,MAAA;AACT","file":"non-secure.cjs","sourcesContent":["const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","import { generateFromAlphabet } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\n/**\n * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.\n * Chosen to be safe in URLs, filenames, and most log formats without encoding.\n */\nexport const DEFAULT_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a cryptographically secure random ID.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateId } from \"sigilid\";\n * const id = generateId(); // \"K7gkJ_q3vR2nL8xH5eM0w\"\n */\nexport function generateId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);\n}\n","import { DEFAULT_ALPHABET } from \"./index.js\";\nimport { assertLength } from \"./internal/assert.js\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a non-cryptographic random ID using `Math.random`.\n *\n * **Not suitable for security-sensitive contexts** such as tokens, session\n * identifiers, or secrets. Use `generateId` from `\"sigilid\"` when in doubt.\n *\n * Useful for cases where performance matters more than entropy quality, such\n * as temporary keys in test fixtures or non-sensitive local identifiers.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateNonSecureId } from \"sigilid/non-secure\";\n * const id = generateNonSecureId(); // \"a5Fq2J8mXkR9vL3nP0eHw\"\n */\nexport function generateNonSecureId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  let result = \"\";\n  const size = DEFAULT_ALPHABET.length;\n  for (let i = 0; i < length; i++) {\n    result += DEFAULT_ALPHABET[Math.floor(Math.random() * size)];\n  }\n  return result;\n}\n"]}

package/dist/non-secure.d.cts

@@ -0,0 +1,19 @@
+/**
+ * Generates a non-cryptographic random ID using `Math.random`.
+ *
+ * **Not suitable for security-sensitive contexts** such as tokens, session
+ * identifiers, or secrets. Use `generateId` from `"sigilid"` when in doubt.
+ *
+ * Useful for cases where performance matters more than entropy quality, such
+ * as temporary keys in test fixtures or non-sensitive local identifiers.
+ *
+ * @param length - Number of characters (1–255). Defaults to 21.
+ * @returns A random URL-safe string of the requested length.
+ *
+ * @example
+ * import { generateNonSecureId } from "sigilid/non-secure";
+ * const id = generateNonSecureId(); // "a5Fq2J8mXkR9vL3nP0eHw"
+ */
+declare function generateNonSecureId(length?: number): string;
+
+export { generateNonSecureId };

package/dist/non-secure.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Generates a non-cryptographic random ID using `Math.random`.
+ *
+ * **Not suitable for security-sensitive contexts** such as tokens, session
+ * identifiers, or secrets. Use `generateId` from `"sigilid"` when in doubt.
+ *
+ * Useful for cases where performance matters more than entropy quality, such
+ * as temporary keys in test fixtures or non-sensitive local identifiers.
+ *
+ * @param length - Number of characters (1–255). Defaults to 21.
+ * @returns A random URL-safe string of the requested length.
+ *
+ * @example
+ * import { generateNonSecureId } from "sigilid/non-secure";
+ * const id = generateNonSecureId(); // "a5Fq2J8mXkR9vL3nP0eHw"
+ */
+declare function generateNonSecureId(length?: number): string;
+
+export { generateNonSecureId };

package/dist/non-secure.js

@@ -0,0 +1,29 @@
+// src/internal/assert.ts
+var MIN_LENGTH = 1;
+var MAX_LENGTH = 255;
+function assertLength(length) {
+  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {
+    throw new RangeError(
+      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`
+    );
+  }
+}
+
+// src/index.ts
+var DEFAULT_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+
+// src/non-secure.ts
+var DEFAULT_LENGTH = 21;
+function generateNonSecureId(length = DEFAULT_LENGTH) {
+  assertLength(length);
+  let result = "";
+  const size = DEFAULT_ALPHABET.length;
+  for (let i = 0; i < length; i++) {
+    result += DEFAULT_ALPHABET[Math.floor(Math.random() * size)];
+  }
+  return result;
+}
+
+export { generateNonSecureId };
+//# sourceMappingURL=non-secure.js.map
+//# sourceMappingURL=non-secure.js.map

package/dist/non-secure.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/internal/assert.ts","../src/index.ts","../src/non-secure.ts"],"names":[],"mappings":";AAAA,IAAM,UAAA,GAAa,CAAA;AACnB,IAAM,UAAA,GAAa,GAAA;AAEZ,SAAS,aAAa,MAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,MAAM,KAAK,MAAA,GAAS,UAAA,IAAc,SAAS,UAAA,EAAY;AAC3E,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,CAAA,qCAAA,EAAwC,UAAU,CAAA,KAAA,EAAQ,UAAU,SAAS,MAAM,CAAA;AAAA,KACrF;AAAA,EACF;AACF;;;ACDO,IAAM,gBAAA,GAAmB,kEAAA;;;ACLhC,IAAM,cAAA,GAAiB,EAAA;AAkBhB,SAAS,mBAAA,CAAoB,SAAiB,cAAA,EAAwB;AAC3E,EAAA,YAAA,CAAa,MAAM,CAAA;AACnB,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,MAAM,OAAO,gBAAA,CAAiB,MAAA;AAC9B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,EAAQ,CAAA,EAAA,EAAK;AAC/B,IAAA,MAAA,IAAU,iBAAiB,IAAA,CAAK,KAAA,CAAM,KAAK,MAAA,EAAO,GAAI,IAAI,CAAC,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,MAAA;AACT","file":"non-secure.js","sourcesContent":["const MIN_LENGTH = 1;\nconst MAX_LENGTH = 255;\n\nexport function assertLength(length: number): void {\n  if (!Number.isInteger(length) || length < MIN_LENGTH || length > MAX_LENGTH) {\n    throw new RangeError(\n      `ID length must be an integer between ${MIN_LENGTH} and ${MAX_LENGTH}, got ${length}`,\n    );\n  }\n}\n\nexport function assertPrefix(prefix: string): void {\n  if (typeof prefix !== \"string\" || prefix.length === 0) {\n    throw new TypeError(\"Prefix must be a non-empty string\");\n  }\n  if (!/^[a-zA-Z][a-zA-Z0-9]*$/.test(prefix)) {\n    throw new TypeError(\"Prefix must start with a letter and contain only letters and digits\");\n  }\n}\n","import { generateFromAlphabet } from \"./internal/alphabet.js\";\nimport { assertLength } from \"./internal/assert.js\";\nimport { randomBytes } from \"./internal/random.js\";\n\n/**\n * URL-safe alphabet used by default. 64 characters: A-Z, a-z, 0-9, _, -.\n * Chosen to be safe in URLs, filenames, and most log formats without encoding.\n */\nexport const DEFAULT_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a cryptographically secure random ID.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateId } from \"sigilid\";\n * const id = generateId(); // \"K7gkJ_q3vR2nL8xH5eM0w\"\n */\nexport function generateId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  return generateFromAlphabet(DEFAULT_ALPHABET, length, randomBytes);\n}\n","import { DEFAULT_ALPHABET } from \"./index.js\";\nimport { assertLength } from \"./internal/assert.js\";\n\nconst DEFAULT_LENGTH = 21;\n\n/**\n * Generates a non-cryptographic random ID using `Math.random`.\n *\n * **Not suitable for security-sensitive contexts** such as tokens, session\n * identifiers, or secrets. Use `generateId` from `\"sigilid\"` when in doubt.\n *\n * Useful for cases where performance matters more than entropy quality, such\n * as temporary keys in test fixtures or non-sensitive local identifiers.\n *\n * @param length - Number of characters (1–255). Defaults to 21.\n * @returns A random URL-safe string of the requested length.\n *\n * @example\n * import { generateNonSecureId } from \"sigilid/non-secure\";\n * const id = generateNonSecureId(); // \"a5Fq2J8mXkR9vL3nP0eHw\"\n */\nexport function generateNonSecureId(length: number = DEFAULT_LENGTH): string {\n  assertLength(length);\n  let result = \"\";\n  const size = DEFAULT_ALPHABET.length;\n  for (let i = 0; i < length; i++) {\n    result += DEFAULT_ALPHABET[Math.floor(Math.random() * size)];\n  }\n  return result;\n}\n"]}