Shorter IDs, same uniqueness
UUIDs work, but they’re 36 characters long and full of dashes. For URL slugs, session tokens, database keys, and API identifiers, that’s more bulk than you need. A default Nano ID is 21 characters using A-Za-z0-9_- and provides ~126 bits of entropy, actually slightly more than UUID v4’s 122 bits.
The trade-off is simple: same collision resistance, 15 fewer characters, and the alphabet is URL-safe by default. No percent-encoding needed.
Customize everything
Length: default is 21 characters. Shorten it for less critical uses (URL slugs in a small app), lengthen it for extra paranoia.
Alphabet: the default uses 64 characters (A-Za-z0-9_-). Switch to hex-only for consistency with existing systems, numeric-only when you need number-like IDs, lowercase-only for aesthetic reasons, or define your own custom alphabet.
Batch size: generate 1 to 100 IDs at a time. Click any ID to copy it, or use “Copy All.”
All randomness comes from crypto.getRandomValues, the browser’s cryptographically secure RNG. Same source used for encryption keys and security tokens.
Nano ID vs UUID: the practical differences
21 characters vs 36. In a database with millions of records, that’s measurable storage savings. In API responses, it’s less noise. In URLs, it’s cleaner.
URL-safe by default. The default alphabet doesn’t need percent-encoding. UUIDs with dashes are fine in most contexts but aren’t as clean in URLs.
Customizable. You can’t change a UUID’s format. With Nano ID, pick the length and alphabet that fits your use case.
No built-in structure. UUIDs embed version info and (in v1) timestamps. Nano IDs are pure random. If you need time-ordered IDs, look at the ULID Generator instead.
Picking the right length
21 characters, default alphabet: standard. ~126 bits of entropy. Vanishingly small collision probability for any practical application.
16 characters: ~96 bits. Still extremely unlikely to collide. Good for medium-scale applications.
10 characters: ~60 bits. Fine for short-lived tokens or small collections, but don’t use it for globally unique identifiers.
Going shorter than 10? Make sure you understand the collision math for your expected scale.
FAQ
How secure are they?
crypto.getRandomValues() is cryptographically secure, the same source used for generating encryption keys. Suitable for security-sensitive applications.
21 characters matches UUID v4?
Slightly exceeds it, actually. 21 characters with a 64-character alphabet gives ~126 bits of entropy vs UUID v4’s 122 bits.
Custom alphabets?
Yes, preset options for hex, numeric, and lowercase, plus a field for any custom character set you want.
Client-side?
All generation happens in your browser via the Web Crypto API. Nothing gets sent anywhere.