generate random UUIDs

README.md

UUID

Returns a random v4 UUID of the form xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx, where each x is replaced with a random hexadecimal digit from 0 to f, and y is replaced with a random hexadecimal digit from 8 to b.

There's also @LeverOne's approach using iteration, which is one byte shorter.

annotated.js

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      Math.random()  // in which case
      * 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

index.js

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

LICENSE.txt

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2011 Jed Schmidt <http://jed.is>

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. You just DO WHAT THE FUCK YOU WANT TO.

package.json

{
  "name": "UUID",

  "description": "Generates random UUIDs",

  "keywords": [
    "UUID",
    "ID",
    "random" 
  ]
}

We can use coercion and exponential notation to get template string and save 7 bytes:
function(){return(""+1e7+-1e3+-4e3+-8e3+-1e11).replace(/1|0/g,function(){return(0|Math.random()*16).toString(16)})}

subzey, you are a genius. fixing and annotating now.

you also inspired me to cut 10 more bytes out:

function b(a){return a?(0|Math.random()*16).toString(16):(""+1e7+-1e3+-4e3+-8e3+-1e11).replace(/1|0/g,b)}

(0|Math.random()*16).toString(16)

can also be trimmed 4 bytes to

Math.random().toString(16)[2]

if you don't care about IE... thoughts?

@jed, Math.random() may return 0, so Math.random().toString(16)[2] may return undefined.

Also, isn't setting name of function affects the outer scope?

well, with the chance of Math.random returning a zero 1 in 2<<61, seems like the definition of an edge case. more likely that IE barfs on it.

also, we're allowing named functions because we assume that they'll be assigned externally.

@jed, thanks for your clarification about function names, I didn't know that

@subzey, i hope you use this knowledge to bring us some awesome new stuff.

""+1e7+-1e3+-4e3+-8e3+-1e11 --> [1e7]+-1e3+-4e3+-8e3+-1e11
it's а flaw of many of you.

@LeverOne, perfect! Thanks

wow, that's crazy. good work @LeverOne.

What about replacing /1|0/ with /\d/?

the 4 is hardcoded according to the spec, and the 8 is a bit of a hack... technically it should be anything from 8 to b. so replacing those would make it less compliant.

Ah I see, I missed that.

i wonder if we finally have enough bytes to make it compliant, such that the 8 can be 8, 9, a, or b...

It is enough already :)

function c(a,b){return a?(~~b+0|Math.random()*16>>b/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/1|0|(8)/g,c)}

Or this, shorter:

function c(a,b){return a?(b|Math.random()*16>>b/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/1|0|(8)/g,c)}

thanks again, @subzey. updated.

Line 20 of annotated.js should be 'c', not 'b'.

BTW, you're all insane. I love it! :)

good catch! for those not in the know, @broofa is a celebrity in the world of UUIDs: https://github.com/broofa/node-uuid

Maybe save 4 bytes...?

what the... how on earth does this work?

There are three possible values 0,1,8 for a.

For case 0: 0^Math.random()*16>>0/4, >>0/4 is actually >>0, just works as Math.floor.
The 0^ here does nothing.

For case 1: 1^Math.random()*16>>1/4, >>1/4 is still >>0.
Although 1^ here toggles the least significant bit, we can still use it to generate random numbers 0-15.

For case 8: 8^Math.random()*16>>8/4, >>8/4 turns out >>2.
The maximum number of Math.random()*16 in binary form is 1111, that means the range is 0000-1111.
By right shifting 2 bits, the maximum number of Math.random()*16>>2 is 0011, and the range, 0000-0011. What it does here is to generate random numbers 0-3.
Finally, because the most significant bit is always 0, 8^ is actually 8|, it is to ensure the range starts from 8. And now we get 8 + {0, 1, 2, 3}.

incredible work, @tsaniel!

it's amazing how this gist has evolved, from

function(){return"00000000-0000-4000-8000-000000000000".replace(/0/g,function(){return(0|Math.random()*16).toString(16)})}

to

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

while hitting all the greatest hits: recursion, coercion of a number into a string through an array (!), operator repurposing...

I love those tricks, especially the string coercion with array, though i love bitwise tricks.
By the way, i am still thinking if we can shorten /[018]/...

@tsaniel - no way, the other way round would be /[^4-]/, which is just as long.

@atk: That's true. I mean if we can do something to use /\d/ instead.

...which would require that the 4 will be left alone and enlarge the equation probably more than the 3 letters we saved.

Maybe that's the end.

I fear it is.

Once again, excellent work, @tsaniel!

Sorry for my late comment, my mobile browser doesn't work well with github

Recursion & coercion vs. loop & math: https://gist.github.com/1308368

just when you thought it couldn't get any shorter, @LeverOne sheds a byte. good job!

@LeverOne is my hero.

damnit jed, i keep finding you everywhere. thanks for this!

In Firefox you could use the single statement function body to shorten it a few bits still:

function b(a)a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)

Shorter yet (cheats, ES6, and works only in Firefox!!!), and less leaky:

function()([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>(a^Math.random()*16>>a/4).toString(16))

Hah, since I already used ES6 and there are no variable assignments, might as well go all the way and avoid Firefox-only stuff:

()=>([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>(a^Math.random()*16>>a/4).toString(16))

This is awesome!

Here's a benchmark vs node-uuid: http://jsperf.com/node-uuid-performance/11

I was so rooting for Crazy Gist to win that one :(

Is this relatively safe to generate UUIDs simultaneously between many clients?

Make it secure at the cost of just a few bytes by replacing Math.random() * 16:

browser

crypto.getRandomValues(new Uint8Array(1))[0] % 16

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      crypto.getRandomValues(new Uint8Array(1))[0]  // in which case
      % 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

node.js

crypto.randomBytes(1)[0] % 16

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      crypto.randomBytes(1)[0]  // in which case
      % 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

@coolaj89 I don't have crypto.randomBytes in Chrome 46.0.2490.80 but there is crypto.getRandomValues

And even smaller now:

b = a=>a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b);

I am having issue in 3rd file and i am not able to correct it .

Great This works well thanks

in the annotated version:

-8e3 +         // -80000000 +

should be

-8e3 +         // -8000 +

I try this code but this is not generating random UUIDs

@coolaj89's you can golf that down a little:
([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b=>(b^crypto.rng(1)[0]%16>>b/4).toString(16))
crypto.rng is the same as crypto.randomBytes on a stock node.js build.

You guys are freaking insane...I love it...

this was a wonderful thread to read

@coolaj89 for the browser version you can shave off another char by replacing:

new Uint8Array(1)

with (not supported in all browsers, of course):

Uint8Array.of(0)

@jussi-kalliokoski
For Nodejs, below change has to be done:
()=>([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>((a^crypto.randomBytes(1)[0]*16>>a/4).toString(16))[0])

This is fantastic.

Awesome. Is there a readable non-golfed version of this code?

you can use this `${1e7}-${1e3}-${4e3}-${8e3}-${1e11}` to make it clear that it's a string

Awesome. Is there a readable non-golfed version of this code?

Here's a more readable (verbose, RFC-compliant) version using crypto API:

var hex = [];

for (var i = 0; i < 256; i++) {
    hex[i] = (i < 16 ? '0' : '') + (i).toString(16);
}

function makeUUID() {
    var r = crypto.getRandomValues(new Uint8Array(16));

    r[6] = r[6] & 0x0f | 0x40;
    r[8] = r[8] & 0x3f | 0x80;

    return (
        hex[r[0]] +
        hex[r[1]] +
        hex[r[2]] +
        hex[r[3]] +
        "-" +
        hex[r[4]] +
        hex[r[5]] +
        "-" +
        hex[r[6]] +
        hex[r[7]] +
        "-" +
        hex[r[8]] +
        hex[r[9]] +
        "-" +
        hex[r[10]] +
        hex[r[11]] +
        hex[r[12]] +
        hex[r[13]] +
        hex[r[14]] +
        hex[r[15]]
    );
}

I have nothing excellent to offer other than I have REALLY enjoyed reading this :)

This is amazing. Small piece of code to do something simple.

What's this [1e7] part for that Typescript refuse to compile saying "Operator '+' cannot be applied to types 'number[]' and '-1000'." ?

@PaulCordo it's because these insane(ly amazing) authors want to convert 1e7 into a string and because [1e7]+-1e3 is 1 byte shorter than ""+1e7+-1e3! :) A bit more info and an example: https://stackoverflow.com/q/9300941/539490

wow! amazing!

NICE!

After reading comments, I figure out I don't nothing about JS, really great job, thank you !!

I came here from the link in the README of kelektiv/node-uuid. I've tested v4 of that implementation, including forcing it to use the non cryptographically safe Math.random() for random number generation, and found it to be pretty reliably unique over many millions of iterations. However, this mini UUID function pretty reliably runs into collisions after 20-30 million iterations. Not entirely sure what the design flaw is, but for UUIDs that need to be guaranteed unique, it's probably best not to use this function in its present form in mission-critical code. Other than that, nice work on creating such a compact ID generator.

I like this LICENSE! That is awosome and so easy to understand!

Lol

Such collaboration. This is what the internet was made for.

Who's reading this at 2018-11-02T09:07:56Z ?

I. F*KING. LOVE. THIS.

I would have NEVER EVER thought of doing this like this!

Amazing work!

Just to save a few more characters. ;)

let b=a=>a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)

Crazy guys! Awesome job! Lovely License! Thx

First thing's first: I am not a lawyer, and I couldn't care less about the legal details anyway, but others might, SOOOO...

The copyright line in the license applies to the wording of the license. Unless you authored the license, it shouldn't be your copyright. Leaving it as-is constitutes (presumably accidental) plagiarism. Am I wrong?

See http://www.wtfpl.net/faq/ for details.

I doubt anybody cares much, but other people are forking this and updating the copyright line with their own names, thereby perpetuating the error.

(With that said, this is an awesome way to generate a UUID. Thank you for sharing!)

What is the purpose of the placeholder function param a in function b(a)?

I can confirm what @faazshift has said, which is a bit worrisome. In four consecutive runs of attempting to generate 50 million unique IDs, I ran into collisions after:

1. 22342746 IDs generated
2. 24863680 IDs generated
3. 32720420 IDs generated
4. 24487480 IDs generated

In every run, all IDs generated after the first collision occurred were also collisions. This is the script I used for testing:

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

const sets = [];

let currentSet;
let breakAtIndex;

for (let i = 0; i < 50000000; i++) {
  if (i % 1000000 === 0) {
    console.log(`${i} IDs generated`);
    // Generate a new set so that we don't run into max size limits
    currentSet = new Set();
    sets.push(currentSet);
  }

  const id = b();
  if (sets.find(set => set.has(id))) {
    console.log(`Conflict: ${id} at index ${i}`);

    if (!breakAtIndex) {
      breakAtIndex = i + 10;
    }
  }

  if (breakAtIndex === i) {
    break;
  }

  currentSet.add(id);
}

console.log("Done");

I can confirm what @faazshift has said, which is a bit worrisome. In four consecutive runs of attempting to generate 50 million unique IDs, I ran into collisions after:

1. 22342746 IDs generated
2. 24863680 IDs generated
3. 32720420 IDs generated
4. 24487480 IDs generated

In every run, all IDs generated after the first collision occurred were also collisions. This is the script I used for testing:

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

const sets = [];

let currentSet;
let breakAtIndex;

for (let i = 0; i < 50000000; i++) {
  if (i % 1000000 === 0) {
    console.log(`${i} IDs generated`);
    // Generate a new set so that we don't run into max size limits
    currentSet = new Set();
    sets.push(currentSet);
  }

  const id = b();
  if (sets.find(set => set.has(id))) {
    console.log(`Conflict: ${id} at index ${i}`);

    if (!breakAtIndex) {
      breakAtIndex = i + 10;
    }
  }

  if (breakAtIndex === i) {
    break;
  }

  currentSet.add(id);
}

console.log("Done");

@faazshift and @Aaronius, which browser did you run the script in?
Using Firefox Version 68.0 (64 Bit) on Windows 10 Version 1903 (64 Bit), I created more than 65 Million UUIDs without any collision.
The function b() seem fine for me, so Math.random() must have been the culprit.

Chrome on Mac Mojave. I don't remember which version of Chrome, but it would have been a recent one.

I just tried again on the following:

Chrome 75.0.3770.100 (64 bit)
Safari 12.0 (14606.1.36.1.9)
Firefox 67.0.4 (64 bit)

all on Mac Mojave OS. I was able to successfully generate 50 million unique IDs on all of them. I'm not sure what changed, but that's good news!

@standardizer Node.js, but I validated the collision in Chrome on linux. I just reproduced the collision in the latest version of Node.js.

@standardizer Node.js, but I validated the collision in Chrome on linux. I just reproduced the collision in the latest version of Node.js.

@faazshift You wrote, you found it [the Math.random() return value] to be pretty reliably unique over many millions of iterations. Could you provide your test script, please?

@standardizer In my original comment, I was referring to v4 of the uuid package available via npm. That package contains a link to this gist.

In my test case back when I made that determination, I used a copied and pared down version of this:

https://github.com/kelektiv/node-uuid/blob/master/v4.js

By using Math.random() for random number generation, I was referring to using this in my pared down test code:

https://github.com/kelektiv/node-uuid/blob/master/lib/rng-browser.js#L26-L33

I just tried again on the following:

Chrome 75.0.3770.100 (64 bit)
Safari 12.0 (14606.1.36.1.9)
Firefox 67.0.4 (64 bit)

all on Mac Mojave OS. I was able to successfully generate 50 million unique IDs on all of them. I'm not sure what changed, but that's good news!

Can you please post your test code, thanks

I used the same test code that I posted previously in https://gist.github.com/jed/982883#gistcomment-2886092

This gist is beautiful, enlightening, entertaining and brilliant!

👍 for best license ever.

This piece of nice code made my day better. I spent some nice minutes going through comments. Thank you!

Someone should make a v5 deterministic UUID version!

@mindplay-dk Can I use that?

Who's reading this at 2018-11-02T09:07:56Z ?

[2019 CReW RePoRTiNG iN] ~~ like if you're still watching this epic gist in 2019 ~~ [2019 CReW RePoRTiNG iN]

Also, any resolution to the latest collision issues? Are people using this in production?

Beautiful snippet, btw.

@AdamRGrey of course 😊

Who's reading this at 2018-11-02T09:07:56Z ?

[2019 CReW RePoRTiNG iN] ~~ like if you're still watching this epic gist in 2019 ~~ [2019 CReW RePoRTiNG iN]

Also, any resolution to the latest collision issues? Are people using this in production?

Beautiful snippet, btw.

Using this in production, several projects, no collisions yet. I've considered changing that Math.random to something Date.now() based if it does happen, but if it ain't broke...

This gist is a good example of the "Look at me, I'm a genius programmer who is so smart I can write unmaintainable code" disease.

@AndrWeisR code golfing is harmless fun and a useful exercise that teaches you the details of the language. Would I put this in a project when I'm trying to collaborate with others? of course not, but golfing isn't just "genius programmers showing off", it's also just programmers challenging each other to practice, improve and have 𝒇𝒖𝒏™. 🙃

A UUID generator is frequently treated as a black box by those who use one anyway. For such people, they'd rather have a black box with less code rather than a black box with more code, even if the code was the product of a nerdy online challenge. 🤷‍♂️

This gist is a good example of the "Look at me, I'm a genius programmer who is so smart I can write unmaintainable code" disease.

Look at me "I'm jealous" disease. Take it as a challenge. It's just a gist, chill.

Thank you for this. This is what I had to do for: TypeScript + ESLint

const getUuid = (a: string = ''): string => (
  a
    /* eslint-disable no-bitwise */
    ? ((Number(a) ^ Math.random() * 16) >> Number(a) / 4).toString(16)
    : (`${1e7}-${1e3}-${4e3}-${8e3}-${1e11}`).replace(/[018]/g, getUuid)
);
getUuid();

finally I found a place to learn some code 👍

Here's UUID v1. Doesn't fit in tweet 😒

// http://www.rfcreader.com/#rfc4122_line385 allows random instead of MAC address
// https://www.famkruithof.net/uuid/uuidgen
// https://realityripple.com/Tools/UnUUID/

// TODO: Refactor into generator function, so random clock ID stays uniform for the lifetime of application instance?
function uuid(c = 9999) {
  const t = ((Date.now() + 12219292800000) * 1E4).toString(16)
  const n = crypto.getRandomValues(new Uint8Array(6)).reduce((sum, x, i) => {
    return sum + ((i === 0) ? x|1 : x).toString(16).padStart(2, '0')
  }, '')

  return `${t.slice(-8)}-${t.slice(-12, -8)}-1${t.slice(0, 3)}-${c}-${n}`
}

// Give me some examples
for (let i = 100; i--; console.log(uuid())) {}

Here's an ES-updated take on @mindplay-dk's non-golf version:

const uuidv4 = () => {
  const hex = [...Array(256).keys()]
    .map(index => (index).toString(16).padStart(2, '0'));

  const r = crypto.getRandomValues(new Uint8Array(16));

  r[6] = (r[6] & 0x0f) | 0x40;
  r[8] = (r[8] & 0x3f) | 0x80;
  
  return [...r.entries()]
    .map(([index, int]) => [4, 6, 8, 10].includes(index) ? `-${hex[int]}` : hex[int])
    .join('');
};

Has anyone written a version which doesn't use bitwise operators?

@jsejcksn you probably should hoist your hex table to the parent scope, to avoid recalculating every time. Also note (though you might not care, depending on your use-case) that I was deliberately avoiding loops in my version for performance reasons - using map makes for fewer lines, but much slower execution. 🙂

@mindplay-dk Thanks, it’s primarily for readability.

For max optimization, one of the other golfed versions could be used, or you could compile your code using an optimizing transpiler.

We can use coercion and exponential notation to get template string and save 7 bytes:
function(){return(""+1e7+-1e3+-4e3+-8e3+-1e11).replace(/1|0/g,function(){return(0|Math.random()*16).toString(16)})}

@ ### #

We have been using this in production on the web, and are seeing a lot of collisions with the versions using Math.random in certain browsers. If you are using any of these snippets on the web, definitely use one that uses crypto.getRandomValues! Even if you tested it on your system and did not see any collisions, some other system/browser combination may implement Math.random in a way that causes easy collisions.

It has been a huge treat to read this thread, so much positivity, creativity, knowledge and collaboration!

Hi, what is the latest version of this function?

The latest version I've got is this:

var uuid = () => ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,c =>(c^(window.crypto||window.msCrypto).getRandomValues(new Uint8Array(1))[0]&15>>c/4).toString(16));

Is the OP not updating the code anymore? @phyreman how does your function differ?

@RobertoMachorro Just ensuring the random numbers come from a crypto source instead of Math.random(). It's definitely slower than molasses though, lol. I think the OP stopped once it hit the point of basically not being able to golf it much more and a spec-compliant version was posted.