generate random UUIDs

README.md

UUID

Returns a random v4 UUID of the form xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx, where each x is replaced with a random hexadecimal digit from 0 to f, and y is replaced with a random hexadecimal digit from 8 to b.

There's also @LeverOne's approach using iteration, which is one byte shorter.

annotated.js

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      Math.random()  // in which case
      * 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

index.js

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

LICENSE.txt

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2011 Jed Schmidt <http://jed.is>

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. You just DO WHAT THE FUCK YOU WANT TO.

package.json

{
  "name": "UUID",

  "description": "Generates random UUIDs",

  "keywords": [
    "UUID",
    "ID",
    "random" 
  ]
}

We can use coercion and exponential notation to get template string and save 7 bytes:
function(){return(""+1e7+-1e3+-4e3+-8e3+-1e11).replace(/1|0/g,function(){return(0|Math.random()*16).toString(16)})}

subzey, you are a genius. fixing and annotating now.

you also inspired me to cut 10 more bytes out:

function b(a){return a?(0|Math.random()*16).toString(16):(""+1e7+-1e3+-4e3+-8e3+-1e11).replace(/1|0/g,b)}

(0|Math.random()*16).toString(16)

can also be trimmed 4 bytes to

Math.random().toString(16)[2]

if you don't care about IE... thoughts?

@jed, Math.random() may return 0, so Math.random().toString(16)[2] may return undefined.

Also, isn't setting name of function affects the outer scope?

well, with the chance of Math.random returning a zero 1 in 2<<61, seems like the definition of an edge case. more likely that IE barfs on it.

also, we're allowing named functions because we assume that they'll be assigned externally.

@jed, thanks for your clarification about function names, I didn't know that

@subzey, i hope you use this knowledge to bring us some awesome new stuff.

""+1e7+-1e3+-4e3+-8e3+-1e11 --> [1e7]+-1e3+-4e3+-8e3+-1e11
it's а flaw of many of you.

@LeverOne, perfect! Thanks

wow, that's crazy. good work @LeverOne.

What about replacing /1|0/ with /\d/?

the 4 is hardcoded according to the spec, and the 8 is a bit of a hack... technically it should be anything from 8 to b. so replacing those would make it less compliant.

Ah I see, I missed that.

i wonder if we finally have enough bytes to make it compliant, such that the 8 can be 8, 9, a, or b...

It is enough already :)

function c(a,b){return a?(~~b+0|Math.random()*16>>b/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/1|0|(8)/g,c)}

Or this, shorter:

function c(a,b){return a?(b|Math.random()*16>>b/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/1|0|(8)/g,c)}

thanks again, @subzey. updated.

Line 20 of annotated.js should be 'c', not 'b'.

BTW, you're all insane. I love it! :)

good catch! for those not in the know, @broofa is a celebrity in the world of UUIDs: https://github.com/broofa/node-uuid

Maybe save 4 bytes...?

what the... how on earth does this work?

There are three possible values 0,1,8 for a.

For case 0: 0^Math.random()*16>>0/4, >>0/4 is actually >>0, just works as Math.floor.
The 0^ here does nothing.

For case 1: 1^Math.random()*16>>1/4, >>1/4 is still >>0.
Although 1^ here toggles the least significant bit, we can still use it to generate random numbers 0-15.

For case 8: 8^Math.random()*16>>8/4, >>8/4 turns out >>2.
The maximum number of Math.random()*16 in binary form is 1111, that means the range is 0000-1111.
By right shifting 2 bits, the maximum number of Math.random()*16>>2 is 0011, and the range, 0000-0011. What it does here is to generate random numbers 0-3.
Finally, because the most significant bit is always 0, 8^ is actually 8|, it is to ensure the range starts from 8. And now we get 8 + {0, 1, 2, 3}.

incredible work, @tsaniel!

it's amazing how this gist has evolved, from

function(){return"00000000-0000-4000-8000-000000000000".replace(/0/g,function(){return(0|Math.random()*16).toString(16)})}

to

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

while hitting all the greatest hits: recursion, coercion of a number into a string through an array (!), operator repurposing...

I love those tricks, especially the string coercion with array, though i love bitwise tricks.
By the way, i am still thinking if we can shorten /[018]/...

@tsaniel - no way, the other way round would be /[^4-]/, which is just as long.

@atk: That's true. I mean if we can do something to use /\d/ instead.

...which would require that the 4 will be left alone and enlarge the equation probably more than the 3 letters we saved.

Maybe that's the end.

I fear it is.

Once again, excellent work, @tsaniel!

Sorry for my late comment, my mobile browser doesn't work well with github

Recursion & coercion vs. loop & math: https://gist.github.com/1308368

just when you thought it couldn't get any shorter, @LeverOne sheds a byte. good job!

@LeverOne is my hero.

damnit jed, i keep finding you everywhere. thanks for this!

In Firefox you could use the single statement function body to shorten it a few bits still:

function b(a)a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)

Shorter yet (cheats, ES6, and works only in Firefox!!!), and less leaky:

function()([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>(a^Math.random()*16>>a/4).toString(16))

Hah, since I already used ES6 and there are no variable assignments, might as well go all the way and avoid Firefox-only stuff:

()=>([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>(a^Math.random()*16>>a/4).toString(16))

This is awesome!

Here's a benchmark vs node-uuid: http://jsperf.com/node-uuid-performance/11

I was so rooting for Crazy Gist to win that one :(

Is this relatively safe to generate UUIDs simultaneously between many clients?

Make it secure at the cost of just a few bytes by replacing Math.random() * 16:

browser

crypto.getRandomValues(new Uint8Array(1))[0] % 16

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      crypto.getRandomValues(new Uint8Array(1))[0]  // in which case
      % 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

node.js

crypto.randomBytes(1)[0] % 16

function b(
  a                  // placeholder
){
  return a           // if the placeholder was passed, return
    ? (              // a random number from 0 to 15
      a ^            // unless b is 8,
      crypto.randomBytes(1)[0]  // in which case
      % 16           // a random number from
      >> a/4         // 8 to 11
      ).toString(16) // in hexadecimal
    : (              // or otherwise a concatenated string:
      [1e7] +        // 10000000 +
      -1e3 +         // -1000 +
      -4e3 +         // -4000 +
      -8e3 +         // -80000000 +
      -1e11          // -100000000000,
      ).replace(     // replacing
        /[018]/g,    // zeroes, ones, and eights with
        b            // random hex digits
      )
}

@coolaj89 I don't have crypto.randomBytes in Chrome 46.0.2490.80 but there is crypto.getRandomValues

And even smaller now:

b = a=>a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b);

I am having issue in 3rd file and i am not able to correct it .

Great This works well thanks

in the annotated version:

-8e3 +         // -80000000 +

should be

-8e3 +         // -8000 +

I try this code but this is not generating random UUIDs

@coolaj89's you can golf that down a little:
([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b=>(b^crypto.rng(1)[0]%16>>b/4).toString(16))
crypto.rng is the same as crypto.randomBytes on a stock node.js build.

You guys are freaking insane...I love it...

this was a wonderful thread to read

@coolaj89 for the browser version you can shave off another char by replacing:

new Uint8Array(1)

with (not supported in all browsers, of course):

Uint8Array.of(0)

@jussi-kalliokoski
For Nodejs, below change has to be done:
()=>([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,a=>((a^crypto.randomBytes(1)[0]*16>>a/4).toString(16))[0])

This is fantastic.

Awesome. Is there a readable non-golfed version of this code?

you can use this `${1e7}-${1e3}-${4e3}-${8e3}-${1e11}` to make it clear that it's a string

Awesome. Is there a readable non-golfed version of this code?

Here's a more readable (verbose, RFC-compliant) version using crypto API:

var hex = [];

for (var i = 0; i < 256; i++) {
    hex[i] = (i < 16 ? '0' : '') + (i).toString(16);
}

function makeUUID() {
    var r = crypto.getRandomValues(new Uint8Array(16));

    r[6] = r[6] & 0x0f | 0x40;
    r[8] = r[8] & 0x3f | 0x80;

    return (
        hex[r[0]] +
        hex[r[1]] +
        hex[r[2]] +
        hex[r[3]] +
        "-" +
        hex[r[4]] +
        hex[r[5]] +
        "-" +
        hex[r[6]] +
        hex[r[7]] +
        "-" +
        hex[r[8]] +
        hex[r[9]] +
        "-" +
        hex[r[10]] +
        hex[r[11]] +
        hex[r[12]] +
        hex[r[13]] +
        hex[r[14]] +
        hex[r[15]]
    );
}

I have nothing excellent to offer other than I have REALLY enjoyed reading this :)

This is amazing. Small piece of code to do something simple.

What's this [1e7] part for that Typescript refuse to compile saying "Operator '+' cannot be applied to types 'number[]' and '-1000'." ?

@PaulCordo it's because these insane(ly amazing) authors want to convert 1e7 into a string and because [1e7]+-1e3 is 1 byte shorter than ""+1e7+-1e3! :) A bit more info and an example: https://stackoverflow.com/q/9300941/539490

wow! amazing!

NICE!

After reading comments, I figure out I don't nothing about JS, really great job, thank you !!

I came here from the link in the README of kelektiv/node-uuid. I've tested v4 of that implementation, including forcing it to use the non cryptographically safe Math.random() for random number generation, and found it to be pretty reliably unique over many millions of iterations. However, this mini UUID function pretty reliably runs into collisions after 20-30 million iterations. Not entirely sure what the design flaw is, but for UUIDs that need to be guaranteed unique, it's probably best not to use this function in its present form in mission-critical code. Other than that, nice work on creating such a compact ID generator.

I like this LICENSE! That is awosome and so easy to understand!

Lol

Such collaboration. This is what the internet was made for.

Who's reading this at 2018-11-02T09:07:56Z ?

I. F*KING. LOVE. THIS.

I would have NEVER EVER thought of doing this like this!

Amazing work!

Just to save a few more characters. ;)

let b=a=>a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)

Crazy guys! Awesome job! Lovely License! Thx

First thing's first: I am not a lawyer, and I couldn't care less about the legal details anyway, but others might, SOOOO...

The copyright line in the license applies to the wording of the license. Unless you authored the license, it shouldn't be your copyright. Leaving it as-is constitutes (presumably accidental) plagiarism. Am I wrong?

See http://www.wtfpl.net/faq/ for details.

I doubt anybody cares much, but other people are forking this and updating the copyright line with their own names, thereby perpetuating the error.

(With that said, this is an awesome way to generate a UUID. Thank you for sharing!)

What is the purpose of the placeholder function param a in function b(a)?

I can confirm what @faazshift has said, which is a bit worrisome. In four consecutive runs of attempting to generate 50 million unique IDs, I ran into collisions after:

1. 22342746 IDs generated
2. 24863680 IDs generated
3. 32720420 IDs generated
4. 24487480 IDs generated

In every run, all IDs generated after the first collision occurred were also collisions. This is the script I used for testing:

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

const sets = [];

let currentSet;
let breakAtIndex;

for (let i = 0; i < 50000000; i++) {
  if (i % 1000000 === 0) {
    console.log(`${i} IDs generated`);
    // Generate a new set so that we don't run into max size limits
    currentSet = new Set();
    sets.push(currentSet);
  }

  const id = b();
  if (sets.find(set => set.has(id))) {
    console.log(`Conflict: ${id} at index ${i}`);

    if (!breakAtIndex) {
      breakAtIndex = i + 10;
    }
  }

  if (breakAtIndex === i) {
    break;
  }

  currentSet.add(id);
}

console.log("Done");

I can confirm what @faazshift has said, which is a bit worrisome. In four consecutive runs of attempting to generate 50 million unique IDs, I ran into collisions after:

1. 22342746 IDs generated
2. 24863680 IDs generated
3. 32720420 IDs generated
4. 24487480 IDs generated

In every run, all IDs generated after the first collision occurred were also collisions. This is the script I used for testing:

function b(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b)}

const sets = [];

let currentSet;
let breakAtIndex;

for (let i = 0; i < 50000000; i++) {
  if (i % 1000000 === 0) {
    console.log(`${i} IDs generated`);
    // Generate a new set so that we don't run into max size limits
    currentSet = new Set();
    sets.push(currentSet);
  }

  const id = b();
  if (sets.find(set => set.has(id))) {
    console.log(`Conflict: ${id} at index ${i}`);

    if (!breakAtIndex) {
      breakAtIndex = i + 10;
    }
  }

  if (breakAtIndex === i) {
    break;
  }

  currentSet.add(id);
}

console.log("Done");

@faazshift and @Aaronius, which browser did you run the script in?
Using Firefox Version 68.0 (64 Bit) on Windows 10 Version 1903 (64 Bit), I created more than 65 Million UUIDs without any collision.
The function b() seem fine for me, so Math.random() must have been the culprit.

Chrome on Mac Mojave. I don't remember which version of Chrome, but it would have been a recent one.

I just tried again on the following:

Chrome 75.0.3770.100 (64 bit)
Safari 12.0 (14606.1.36.1.9)
Firefox 67.0.4 (64 bit)

all on Mac Mojave OS. I was able to successfully generate 50 million unique IDs on all of them. I'm not sure what changed, but that's good news!

@standardizer Node.js, but I validated the collision in Chrome on linux. I just reproduced the collision in the latest version of Node.js.

Would this work?

b=(a)=>(a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b))

optionally starting with var or const

var b=(a)=>(a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,b))

PS: Didn't get time to read all the comments, sorry if this was already discussed.

@standardizer Node.js, but I validated the collision in Chrome on linux. I just reproduced the collision in the latest version of Node.js.

@faazshift You wrote, you found it [the Math.random() return value] to be pretty reliably unique over many millions of iterations. Could you provide your test script, please?

@standardizer In my original comment, I was referring to v4 of the uuid package available via npm. That package contains a link to this gist.

In my test case back when I made that determination, I used a copied and pared down version of this:

https://github.com/kelektiv/node-uuid/blob/master/v4.js

By using Math.random() for random number generation, I was referring to using this in my pared down test code:

https://github.com/kelektiv/node-uuid/blob/master/lib/rng-browser.js#L26-L33