NanoID is a tiny, secure, URL-friendly unique string ID generator. At 21 characters with the default alphabet, it has ~126 bits of entropy — comparable to UUID v4.

Is NanoID safe to use as a primary key?

Yes for most applications. NanoID is not time-ordered, so it has the same index fragmentation issue as UUID v4 at very large scale. For databases, consider ULID or UUID v7.

Can I customize the NanoID alphabet?

Yes. Our generator supports default, numbers-only, lowercase, uppercase, and hexadecimal alphabets. You can also adjust the length from 1 to 128 characters.

NanoID Generator Online — Tiny Secure URL-Safe Unique ID Generator

What Is NanoID?

NanoID is a tiny, secure, URL-friendly unique string ID generator created by Andrey Sitnik (the creator of PostCSS and Autoprefixer). It was designed as a modern, compact alternative to UUID v4 for use cases where a shorter, URL-safe identifier is preferred.

A default NanoID looks like: V1StGXR8_Z5jdHi6B-myT. At 21 characters with the default alphabet of 64 characters (A-Za-z0-9_-), it provides approximately 126 bits of entropy — comparable to UUID v4's 122 bits, but in a significantly shorter string.

How NanoID Works: The Algorithm

NanoID uses a carefully designed algorithm to ensure uniform distribution across the alphabet without bias:

1.Calculate a bitmask based on the alphabet size: the smallest power of 2 that is greater than or equal to the alphabet length.
2.Generate random bytes using crypto.getRandomValues() (browser) or crypto.randomBytes() (Node.js).
3.Apply the bitmask to each byte to get a value within the alphabet range. Discard values outside the range (rejection sampling) to avoid modulo bias.
4.Map each accepted value to a character in the alphabet until the desired length is reached.

This rejection sampling approach ensures that every character in the alphabet has an exactly equal probability of appearing at any position — a property called uniform distribution. Many naive ID generators use modulo arithmetic, which introduces a subtle bias toward characters at the beginning of the alphabet.

NanoID vs. UUID v4: A Direct Comparison

NanoID and UUID v4 are both cryptographically random identifiers. The key differences:

→Length: NanoID default is 21 characters; UUID v4 is 36 characters. NanoID is 42% shorter.
→Entropy: NanoID (21 chars, 64-char alphabet) ≈ 126 bits; UUID v4 = 122 bits. Essentially equivalent.
→URL safety: NanoID default alphabet is URL-safe (no percent-encoding needed). UUID requires hyphens (safe but slightly longer).
→Customizability: NanoID allows custom alphabets and lengths. UUID format is fixed by the RFC.
→Standard: UUID v4 is an IETF RFC standard with native database support. NanoID is a library specification.
→Sortability: Neither NanoID nor UUID v4 is time-ordered. Use UUID v7 or ULID if sortability is needed.

Customizing NanoID: Alphabet and Length

One of NanoID's most powerful features is its customizability. You can adjust both the alphabet and the length to match your specific requirements:

Choosing the Right Length

The required length depends on your expected number of IDs and acceptable collision probability. Using the default 64-character alphabet:

→10 characters: ~60 bits of entropy. Safe for up to ~1 billion IDs before 1% collision risk.
→16 characters: ~96 bits of entropy. Safe for virtually any application.
→21 characters (default): ~126 bits of entropy. Equivalent to UUID v4.
→32 characters: ~192 bits of entropy. Overkill for most applications, but useful for high-security tokens.

Custom Alphabets

Custom alphabets let you tailor NanoID to specific constraints:

→Numbers only: For numeric codes (OTP-style), use 0123456789.
→Lowercase only: For case-insensitive systems or human-readable codes.
→Hexadecimal: For systems that need hex-compatible IDs without the UUID format.
→No ambiguous characters: Remove 0OIl1 for human-readable codes that need to be typed or spoken.

Common Use Cases for NanoID

→Short URL slugs: NanoID's compact format is ideal for URL shorteners. A 10-character NanoID gives you 1 quadrillion possible URLs.
→Temporary tokens: Password reset tokens, email verification links, and one-time codes benefit from NanoID's compact, URL-safe format.
→Frontend component keys: React, Vue, and Angular all need unique keys for list items. NanoID is lighter than UUID for client-side generation.
→File names: Generating unique filenames for uploads without the verbosity of a full UUID.
→Invite codes: Shorter NanoIDs (8–12 characters) make readable invite codes that are still collision-resistant.

NanoID in JavaScript and Node.js

NanoID is most popular in the JavaScript ecosystem. The official nanoid npm package is one of the most downloaded packages on npm:

// Node.js / Browser ESM
import { nanoid, customAlphabet } from 'nanoid';

nanoid(); // → 'V1StGXR8_Z5jdHi6B-myT' (21 chars)
nanoid(10); // → 'IRFa-VaY2b' (10 chars)

const numericId = customAlphabet('0123456789', 6);
numericId(); // → '483920' (6-digit numeric)

NanoID Security Considerations

NanoID is cryptographically secure when used correctly. Key points:

→Always use the official library or our generator. Naive implementations using Math.random() are not cryptographically secure.
→Minimum 16 characters for security-sensitive tokens (session IDs, API keys). Shorter IDs are fine for non-security use cases.
→Avoid tiny alphabets for security tokens. A 6-character numeric code has only 1 million possible values — easily brute-forced.
→NanoID is not time-ordered — do not use it as a database primary key if you need sequential inserts. Use UUID v7 or ULID instead.

NanoID Generator