Gathering detailed insights and metrics for uuid
Gathering detailed insights and metrics for uuid
Installations
npm install uuidDeveloper
uuidjs
Developer Guide
BETA
Module System
ESM, UMD
Min. Node Version
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
14,651 Stars
578 Commits
904 Forks
138 Watching
6 Branches
73 Contributors
Updated on 28 Nov 2024
Bundle Size
9.84 kB
Minified
3.69 kB
Minified + Gzipped
Languages
TypeScript (85.26%)
JavaScript (11.62%)
Shell (3.13%)
Total Downloads
Cumulative downloads
Total Downloads
19,302,585,570
Last day
-7.1%
23,637,271
Compared to previous day
Last week
2.4%
138,771,061
Compared to previous week
Last month
12%
567,542,658
Compared to previous month
Last year
22.4%
5,544,768,760
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
22
Versions
uuid 
For the creation of RFC9562 (formally RFC4122) UUIDs
- Complete - Support for all RFC9562 UUID versions
- Cross-platform - Support for...
- ESM & Common JS
- Chrome, Safari, Firefox, Edge browsers
- NodeJS
- React Native / Expo
- Secure - Cryptographically-strong random values
- Compact - No dependencies, tree-shakable
- CLI - Includes the
uuidcommand line utility - Typescript - Types now included
[!NOTE] w>
uuid@11is now available: See the CHANGELOG for details. TL;DR:
- TypeScript support is now included (remove
@types/uuidfrom your dependencies)- Subtle changes to how the
optionsarg is interpreted forv1(),v6(), andv7(). See details- Binary UUIDs are now
Uint8Arrays. (May impact callers ofparse(),stringify(), or that pass anoption#bufargument tov1()-v7().)
Quickstart
1. Install
1npm install uuid
2. Create a UUID
ESM-syntax (must use named exports):
1import { v4 as uuidv4 } from 'uuid'; 2uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
... CommonJS:
1const { v4: uuidv4 } = require('uuid'); 2uuidv4(); // ⇨ '1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed'
For timestamp UUIDs, namespace UUIDs, and other options read on ...
API Summary
uuid.NIL | The nil UUID string (all zeros) | New in uuid@8.3 |
uuid.MAX | The max UUID string (all ones) | New in uuid@9.1 |
uuid.parse() | Convert UUID string to array of bytes | New in uuid@8.3 |
uuid.stringify() | Convert array of bytes to UUID string | New in uuid@8.3 |
uuid.v1() | Create a version 1 (timestamp) UUID | |
uuid.v1ToV6() | Create a version 6 UUID from a version 1 UUID | New in uuid@10 |
uuid.v3() | Create a version 3 (namespace w/ MD5) UUID | |
uuid.v4() | Create a version 4 (random) UUID | |
uuid.v5() | Create a version 5 (namespace w/ SHA-1) UUID | |
uuid.v6() | Create a version 6 (timestamp, reordered) UUID | New in uuid@10 |
uuid.v6ToV1() | Create a version 1 UUID from a version 6 UUID | New in uuid@10 |
uuid.v7() | Create a version 7 (Unix Epoch time-based) UUID | New in uuid@10 |
uuid.v8() | "Intentionally left blank" | |
uuid.validate() | Test a string to see if it is a valid UUID | New in uuid@8.3 |
uuid.version() | Detect RFC version of a UUID | New in uuid@8.3 |
API
uuid.NIL
The nil UUID string (all zeros).
Example:
1import { NIL as NIL_UUID } from 'uuid'; 2 3NIL_UUID; // ⇨ '00000000-0000-0000-0000-000000000000'
uuid.MAX
The max UUID string (all ones).
Example:
1import { MAX as MAX_UUID } from 'uuid'; 2 3MAX_UUID; // ⇨ 'ffffffff-ffff-ffff-ffff-ffffffffffff'
uuid.parse(str)
Convert UUID string to array of bytes
str | A valid UUID String |
| returns | Uint8Array[16] |
| throws | TypeError if str is not a valid UUID |
[!NOTE] Ordering of values in the byte arrays used by
parse()andstringify()follows the left ↠right order of hex-pairs in UUID strings. As shown in the example below.
Example:
1import { parse as uuidParse } from 'uuid'; 2 3// Parse a UUID 4uuidParse('6ec0bd7f-11c0-43da-975e-2a8ad9ebae0b'); // ⇨ 5 // Uint8Array(16) [ 6 // 110, 192, 189, 127, 17, 7 // 192, 67, 218, 151, 94, 8 // 42, 138, 217, 235, 174, 9 // 11 10 // ]
uuid.stringify(arr[, offset])
Convert array of bytes to UUID string
arr | Array-like collection of 16 values (starting from offset) between 0-255. |
[offset = 0] | Number Starting index in the Array |
| returns | String |
| throws | TypeError if a valid UUID string cannot be generated |
[!NOTE] Ordering of values in the byte arrays used by
parse()andstringify()follows the left ↠right order of hex-pairs in UUID strings. As shown in the example below.
Example:
1import { stringify as uuidStringify } from 'uuid'; 2 3const uuidBytes = Uint8Array.of( 4 0x6e, 5 0xc0, 6 0xbd, 7 0x7f, 8 0x11, 9 0xc0, 10 0x43, 11 0xda, 12 0x97, 13 0x5e, 14 0x2a, 15 0x8a, 16 0xd9, 17 0xeb, 18 0xae, 19 0x0b 20); 21 22uuidStringify(uuidBytes); // ⇨ '6ec0bd7f-11c0-43da-975e-2a8ad9ebae0b'
uuid.v1([options[, buffer[, offset]]])
Create an RFC version 1 (timestamp) UUID
[options] | Object with one or more of the following properties: |
[options.node = (random) ] | RFC "node" field as an Array[6] of byte values (per 4.1.6) |
[options.clockseq = (random)] | RFC "clock sequence" as a Number between 0 - 0x3fff |
[options.msecs = (current time)] | RFC "timestamp" field (Number of milliseconds, unix epoch) |
[options.nsecs = 0] | RFC "timestamp" field (Number of nanoseconds to add to msecs, should be 0-10,000) |
[options.random = (random)] | Array of 16 random bytes (0-255) used to generate other fields, above |
[options.rng] | Alternative to options.random, a Function that returns an Array of 16 random bytes (0-255) |
[buffer] | Array | Buffer If specified, uuid will be written here in byte-form, starting at offset |
[offset = 0] | Number Index to start writing UUID bytes in buffer |
| returns | UUID String if no buffer is specified, otherwise returns buffer |
| throws | Error if more than 10M UUIDs/sec are requested |
[!NOTE] The default node id (the last 12 digits in the UUID) is generated once, randomly, on process startup, and then remains unchanged for the duration of the process.
[!NOTE]
options.randomandoptions.rngare only meaningful on the very first call tov1(), where they may be passed to initialize the internalnodeandclockseqfields.
Example:
1import { v1 as uuidv1 } from 'uuid'; 2 3uuidv1(); // ⇨ '2c5ea4c0-4067-11e9-9bdd-2b0d7b3dcb6d'
Example using options:
1import { v1 as uuidv1 } from 'uuid'; 2 3const options = { 4 node: Uint8Array.of(0x01, 0x23, 0x45, 0x67, 0x89, 0xab), 5 clockseq: 0x1234, 6 msecs: new Date('2011-11-01').getTime(), 7 nsecs: 5678, 8}; 9uuidv1(options); // ⇨ '710b962e-041c-11e1-9234-0123456789ab'
uuid.v1ToV6(uuid)
Convert a UUID from version 1 to version 6
1import { v1ToV6 } from 'uuid'; 2 3v1ToV6('92f62d9e-22c4-11ef-97e9-325096b39f47'); // ⇨ '1ef22c49-2f62-6d9e-97e9-325096b39f47'
uuid.v3(name, namespace[, buffer[, offset]])
Create an RFC version 3 (namespace w/ MD5) UUID
API is identical to v5(), but uses "v3" instead.
[!IMPORTANT] Per the RFC, "If backward compatibility is not an issue, SHA-1 [Version 5] is preferred."
uuid.v4([options[, buffer[, offset]]])
Create an RFC version 4 (random) UUID
[options] | Object with one or more of the following properties: |
[options.random] | Array of 16 random bytes (0-255) |
[options.rng] | Alternative to options.random, a Function that returns an Array of 16 random bytes (0-255) |
[buffer] | Array | Buffer If specified, uuid will be written here in byte-form, starting at offset |
[offset = 0] | Number Index to start writing UUID bytes in buffer |
| returns | UUID String if no buffer is specified, otherwise returns buffer |
Example:
1import { v4 as uuidv4 } from 'uuid'; 2 3uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
Example using predefined random values:
1import { v4 as uuidv4 } from 'uuid'; 2 3const v4options = { 4 random: Uint8Array.of( 5 0x10, 6 0x91, 7 0x56, 8 0xbe, 9 0xc4, 10 0xfb, 11 0xc1, 12 0xea, 13 0x71, 14 0xb4, 15 0xef, 16 0xe1, 17 0x67, 18 0x1c, 19 0x58, 20 0x36 21 ), 22}; 23uuidv4(v4options); // ⇨ '109156be-c4fb-41ea-b1b4-efe1671c5836'
uuid.v5(name, namespace[, buffer[, offset]])
Create an RFC version 5 (namespace w/ SHA-1) UUID
name | String | Array |
namespace | String | Array[16] Namespace UUID |
[buffer] | Array | Buffer If specified, uuid will be written here in byte-form, starting at offset |
[offset = 0] | Number Index to start writing UUID bytes in buffer |
| returns | UUID String if no buffer is specified, otherwise returns buffer |
[!NOTE] The RFC
DNSandURLnamespaces are available asv5.DNSandv5.URL.
Example with custom namespace:
1import { v5 as uuidv5 } from 'uuid'; 2 3// Define a custom namespace. Readers, create your own using something like 4// https://www.uuidgenerator.net/ 5const MY_NAMESPACE = '1b671a64-40d5-491e-99b0-da01ff1f3341'; 6 7uuidv5('Hello, World!', MY_NAMESPACE); // ⇨ '630eb68f-e0fa-5ecc-887a-7c7a62614681'
Example with RFC URL namespace:
1import { v5 as uuidv5 } from 'uuid'; 2 3uuidv5('https://www.w3.org/', uuidv5.URL); // ⇨ 'c106a26a-21bb-5538-8bf2-57095d1976c1'
uuid.v6([options[, buffer[, offset]]])
Create an RFC version 6 (timestamp, reordered) UUID
This method takes the same arguments as uuid.v1().
1import { v6 as uuidv6 } from 'uuid'; 2 3uuidv6(); // ⇨ '1e940672-c5ea-64c0-9b5d-ab8dfbbd4bed'
Example using options:
1import { v6 as uuidv6 } from 'uuid'; 2 3const options = { 4 node: [0x01, 0x23, 0x45, 0x67, 0x89, 0xab], 5 clockseq: 0x1234, 6 msecs: new Date('2011-11-01').getTime(), 7 nsecs: 5678, 8}; 9uuidv6(options); // ⇨ '1e1041c7-10b9-662e-9234-0123456789ab'
uuid.v6ToV1(uuid)
Convert a UUID from version 6 to version 1
1import { v6ToV1 } from 'uuid'; 2 3v6ToV1('1ef22c49-2f62-6d9e-97e9-325096b39f47'); // ⇨ '92f62d9e-22c4-11ef-97e9-325096b39f47'
uuid.v7([options[, buffer[, offset]]])
Create an RFC version 7 (random) UUID
[options] | Object with one or more of the following properties: |
[options.msecs = (current time)] | RFC "timestamp" field (Number of milliseconds, unix epoch) |
[options.random = (random)] | Array of 16 random bytes (0-255) used to generate other fields, above |
[options.rng] | Alternative to options.random, a Function that returns an Array of 16 random bytes (0-255) |
[options.seq = (random)] | 32-bit sequence Number between 0 - 0xffffffff. This may be provided to help insure uniqueness for UUIDs generated within the same millisecond time interval. Default = random value. |
[buffer] | Array | Buffer If specified, uuid will be written here in byte-form, starting at offset |
[offset = 0] | Number Index to start writing UUID bytes in buffer |
| returns | UUID String if no buffer is specified, otherwise returns buffer |
Example:
1import { v7 as uuidv7 } from 'uuid'; 2 3uuidv7(); // ⇨ '01695553-c90c-705a-b56d-778dfbbd4bed'
uuid.v8()
"Intentionally left blank"
[!NOTE] Version 8 (experimental) UUIDs are "for experimental or vendor-specific use cases". The RFC does not define a creation algorithm for them, which is why this package does not offer a
v8()method. Thevalidate()andversion()methods do work with such UUIDs, however.
uuid.validate(str)
Test a string to see if it is a valid UUID
str | String to validate |
| returns | true if string is a valid UUID, false otherwise |
Example:
1import { validate as uuidValidate } from 'uuid'; 2 3uuidValidate('not a UUID'); // ⇨ false 4uuidValidate('6ec0bd7f-11c0-43da-975e-2a8ad9ebae0b'); // ⇨ true
Using validate and version together it is possible to do per-version validation, e.g. validate for only v4 UUIds.
1import { version as uuidVersion } from 'uuid'; 2import { validate as uuidValidate } from 'uuid'; 3 4function uuidValidateV4(uuid) { 5 return uuidValidate(uuid) && uuidVersion(uuid) === 4; 6} 7 8const v1Uuid = 'd9428888-122b-11e1-b85c-61cd3cbb3210'; 9const v4Uuid = '109156be-c4fb-41ea-b1b4-efe1671c5836'; 10 11uuidValidateV4(v4Uuid); // ⇨ true 12uuidValidateV4(v1Uuid); // ⇨ false
uuid.version(str)
Detect RFC version of a UUID
str | A valid UUID String |
| returns | Number The RFC version of the UUID |
| throws | TypeError if str is not a valid UUID |
Example:
1import { version as uuidVersion } from 'uuid'; 2 3uuidVersion('45637ec4-c85f-11ea-87d0-0242ac130003'); // ⇨ 1 4uuidVersion('6ec0bd7f-11c0-43da-975e-2a8ad9ebae0b'); // ⇨ 4
[!NOTE] This method returns
0for theNILUUID, and15for theMAXUUID.
Command Line
UUIDs can be generated from the command line using uuid.
1$ npx uuid 2ddeb27fb-d9a0-4624-be4d-4615062daed4
The default is to generate version 4 UUIDS, however the other versions are supported. Type uuid --help for details:
1$ npx uuid --help 2 3Usage: 4 uuid 5 uuid v1 6 uuid v3 <name> <namespace uuid> 7 uuid v4 8 uuid v5 <name> <namespace uuid> 9 uuid v7 10 uuid --help 11 12Note: <namespace uuid> may be "URL" or "DNS" to use the corresponding UUIDs 13defined by RFC9562
options Handling for Timestamp UUIDs
Prior to uuid@11, it was possible for options state to interfere with the internal state used to insure uniqueness of timestamp-based UUIDs (the v1(), v6(), and v7() methods). Starting with uuid@11, this issue has been addressed by using the presence of the options argument as a flag to select between two possible behaviors:
- Without
options: Internal state is utilized to improve UUID uniqueness. - With
options: Internal state is NOT used and, instead, appropriate defaults are applied as needed.
Support
Browsers: uuid builds are tested against the latest version of desktop Chrome, Safari, Firefox, and Edge. Mobile versions of these same browsers are expected to work but aren't currently tested.
Node: uuid builds are tested against node (LTS releases), plus one prior. E.g. node@18 is in maintainence mode, and node@22 is the current LTS release. So uuid supports node@16-node@22.
Typescript: TS versions released within the past two years are supported. source
Known issues
React Native / Expo
- Install
react-native-get-random-values - Import it before
uuid. Sinceuuidmight also appear as a transitive dependency of some other imports it's safest to just importreact-native-get-random-valuesas the very first thing in your entry point:
1import 'react-native-get-random-values'; 2import { v4 as uuidv4 } from 'uuid';
Markdown generated from README_js.md by
No vulnerabilities found.
Reason
30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-please.yml:19
Reason
SAST tool is not run on all commits -- score normalized to 8
Details
- Warn: 19 commits out of 22 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/browser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/browser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale-issues.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/uuidjs/uuid/stale-issues.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: scripts/testpack.sh:24
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 4 out of 5 npmCommand dependencies pinned
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Warn: no linked content found
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/browser.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-please.yml:13
- Warn: no topLevel permission defined: .github/workflows/stale-issues.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More