npmpackage.info

Gathering detailed insights and metrics for nanoid

Other packages similar to nanoid

@types/nanoid

3.0.0

Stub TypeScript definitions entry for nanoid, which provides its own types definitions

nanoid-dictionary

4.3.0

Predefined character sets to use with nanoid

@types/nanoid-dictionary

4.2.3

TypeScript definitions for nanoid-dictionary

nanoid-generate

1.1.0

Nanoid generate with custom dictionaries

Gathering detailed insights and metrics for nanoid

nanoid

A tiny (124 bytes), secure, URL-friendly, unique string ID generator for JavaScript

5.0.9

25,025

MIT

JavaScript

463.00 B

5,620,265,268 4.6

Installations

npm install nanoid

Developer Guide

BETA

Typescript

Yes

Module System

ESM, UMD

Min. Node Version

^18 || >=20

Node Version

22.11.0

NPM Version

10.9.0 Score

99.9

Supply Chain

77.9

Quality

80.3

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

241

Closed

42

Merged

198

Issues

Open

7

Total

244

Closed

237

Releases

5.0.9

Published on 26 Nov 2024

5.0.8

Published on 28 Oct 2024

5.0.7

Published on 07 Apr 2024

5.0.6

Published on 20 Feb 2024

3.0 Migration Guide

3.0.0

Published on 26 Mar 2020

View all 5 releases

Contributors

137

View all 137 contributors

Languages

JavaScript

HTML

JavaScript (96.32%)

HTML (3.68%)

Developer

Download Statistics

Total Downloads

5,620,265,268

Last Day

8,137,586

Last Week

37,483,466

Last Month

165,622,566

Last Year

1,969,585,026

GitHub Statistics

25,025 Stars

1,104 Commits

811 Forks

157 Watching

3 Branches

137 Contributors

Bundle Size

799.00 B

Minified

463.00 B

Minified + Gzipped

Bundlephobia

Sponsor this package

https://github.com/sponsors/ai

Maintainers

Package Meta Information

Latest Version

5.0.9

Package Id

nanoid@5.0.9

Unpacked Size

10.69 kB

Size

4.27 kB

File Count

NPM Version

10.9.0

Node Version

22.11.0

Publised On

26 Nov 2024

Total Downloads

Cumulative downloads

Total Downloads

5,620,265,268

Last day

-3.7%

8,137,586

Compared to previous day

Last week

-14.2%

37,483,466

Compared to previous week

Last month

3.9%

165,622,566

Compared to previous month

Last year

23.7%

1,969,585,026

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

Versions

Nano ID

English | Русский | 简体中文 | Bahasa Indonesia

A tiny, secure, URL-friendly, unique string ID generator for JavaScript.

“An amazing level of senseless perfectionism, which is simply impossible not to respect.”

Small. 118 bytes (minified and brotlied). No dependencies. Size Limit controls the size.
Safe. It uses hardware random generator. Can be used in clusters.
Short IDs. It uses a larger alphabet than UUID (A-Za-z0-9_-). So ID size was reduced from 36 to 21 symbols.
Portable. Nano ID was ported to over 20 programming languages.

1import { nanoid } from 'nanoid'
2model.id = nanoid() //=> "V1StGXR8_Z5jdHi6B-myT"

Made at Evil Martians, product consulting for developer tools.

Docs

Read full docs here.

Stable Version

5.0.9

MODERATE

4.3/10

Summary

Predictable results in nanoid generation when given non-integer values

Affected Versions

< 3.3.8

Patched Versions

3.3.8

MODERATE

4.3/10

Summary

Predictable results in nanoid generation when given non-integer values

Affected Versions

>= 4.0.0, < 5.0.9

Patched Versions

5.0.9

MODERATE

5.5/10

Summary

Exposure of Sensitive Information to an Unauthorized Actor in nanoid

Affected Versions

>= 3.0.0, < 3.1.31

Patched Versions

3.1.31

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

9

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/ai/nanoid/test.yml/main?enable=pin
Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 4 third-party GitHubAction dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

4.6

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More