25. ids are non-secure nanoids

Date: 2025-04-24

Status

Accepted

Context

For generating unique identifiers within our application, we considered multiple libraries including the widely used uuid and the lighter nanoid.

The typical use case for these IDs in our application is internal tracking, such as generating identifiers for temporary client-side objects, managing component keys, or local state management — not for external APIs or security-critical operations.

Decision

We will use nanoid/non-secure as our default ID generation library instead of uuid.

Reasons: Smaller bundle size: nanoid is significantly smaller than uuid, reducing overall application weight, which is important in environments like browser extensions.

Performance: The non-secure variant of nanoid is faster and sufficient for our internal ID use cases.

Simplicity: nanoid has a minimal API and does exactly what we need with less overhead.

Security not required: Our IDs are used only internally and do not require cryptographic randomness or collision resistance for large-scale distributed systems.

Example Usage:

import { nanoid } from 'nanoid/non-secure';

const id = nanoid(); // Internal-use unique ID

Consequences

Pros:

Reduced dependency size.

Improved runtime performance for ID generation.

Simpler code.

Cons:

The non-secure variant of nanoid should not be used in contexts requiring cryptographic security or high collision resistance.