To create a GUID/UUID (Globally Unique Identifier/Universally Unique Identifier) in JavaScript, you can use modern browser APIs, Node.js built-in modules, or manual implementations. Below are detailed methods and examples:
1. Using crypto.randomUUID() (Modern Browsers & Node.js)
The simplest and most reliable method in modern environments is the crypto.randomUUID() API, which generates a RFC 4122-compliant UUID v4.
Example:
// Browser or Node.js (v14.18+)
const uuid = crypto.randomUUID();
console.log(uuid); // e.g., "3d4b1f6a-5c8d-4f3e-8a2b-9c0d7e8f1a2b"Pros:
- Built-in, secure, and RFC-compliant.
- Supported in:
- Modern browsers (Chrome 92+, Firefox 95+, Edge 92+).
- Node.js v14.18+.
2. Manual UUID Generation (Cross-Platform)
If crypto.randomUUID() is unavailable, use this function to generate a UUID v4-like string:
function generateUUID() {
return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
const r = (Math.random() * 16) | 0; // Random 0-15
const v = c === "x" ? r : (r & 0x3) | 0x8; // For "y", set bits to 8,9,a,b
return v.toString(16);
});
}
// Example usage:
console.log(generateUUID()); // e.g., "1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed"Explanation:
4in the third segment indicates UUID v4.yin the fourth segment ensures the variant is RFC-compliant (8,9,a, orb).
Limitations:
- Not cryptographically secure (uses
Math.random()). - Not strictly RFC-compliant for all edge cases.
3. Using crypto.getRandomValues() (Secure Alternative)
For better randomness, use crypto.getRandomValues() (available in browsers and Node.js):
function generateSecureUUID() {
const buffer = new Uint8Array(16);
crypto.getRandomValues(buffer);
buffer[6] = (buffer[6] & 0x0f) | 0x40; // Set version to 4
buffer[8] = (buffer[8] & 0x3f) | 0x80; // Set variant to RFC 4122
return Array.from(buffer)
.map((b, i) => {
const hex = b.toString(16).padStart(2, "0");
return hex + ([4, 6, 8, 10].includes(i) ? "-" : "");
})
.join("")
.slice(0, 36);
}
// Example usage:
console.log(generateSecureUUID()); // e.g., "d1a3e5f7-8c2b-4d9e-a6f0-3b7c9d8e1f2a"Pros:
- Cryptographically secure.
- Closer to RFC compliance.
4. Using the uuid Library (Recommended for Production)
For strict RFC compliance and simplicity, use the popular uuid library:
- Install the library:
npm install uuid- Generate UUIDs:
// ES Modules
import { v4 as uuidv4 } from 'uuid';
const uuid = uuidv4();
console.log(uuid); // e.g., "1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed"
// CommonJS (Node.js)
const { v4: uuidv4 } = require('uuid');Pros:
- RFC 4122-compliant.
- Supports UUID v1, v3, v4, v5.
- Works in browsers, Node.js, and React Native.
Key Differences
| Method | Security | RFC Compliance | Environment |
|---|---|---|---|
crypto.randomUUID() | High (CSPRNG) | Full | Modern Browsers/Node.js |
uuid Library | High | Full | All |
Manual (Math.random) | Low | Partial | Legacy Browsers |
crypto.getRandomValues | High | Partial | Browsers/Node.js |
When to Use Which?
- Modern Apps: Use
crypto.randomUUID()or theuuidlibrary. - Legacy Systems: Use the manual method or
crypto.getRandomValues(). - Production Apps: Always prefer the
uuidlibrary for reliability.
By choosing the right method, you can generate UUIDs efficiently and securely!