What is a Nano ID?
Nano ID is a unique-ID generator built to be small, secure and URL-friendly. By default it produces 21-character strings drawn from a 64-symbol alphabet: the 26 uppercase letters, the 26 lowercase letters, the 10 digits, plus underscore _ and hyphen -. Every one of those characters is safe to use in a URL without escaping, which is why Nano ID is so handy for links, slugs and public tokens. The original library is by Andrey Sitnik and is today one of the most widely used UUID alternatives in the JavaScript ecosystem.
Why it is shorter than a UUID
The key is alphabet size. A UUID uses only hexadecimal characters (16 symbols), so each character carries 4 bits of information. Nano ID, with 64 symbols, carries 6 bits per character. That means the same amount of entropy fits into fewer characters. A UUID v4 takes 36 characters (32 hex + 4 dashes) and carries 122 bits of randomness; a 21-character Nano ID carries about 126 bits in 21 characters. More security, less space.
How it avoids modulo bias (rejection sampling)
A naive generator would take a random byte (0 to 255) and take it modulo the alphabet size. The problem: if the alphabet doesn’t divide 256 evenly, some characters show up more often than others. That is modulo bias, and it ruins uniformity. The nanoid algorithm solves it with rejection sampling: it computes a bitmask (the smallest power-of-two-minus-one that covers the alphabet), applies that mask to each byte and discards values that fall out of range. As a result, every character in the alphabet has exactly the same probability. This tool implements that same method using crypto.getRandomValues, never Math.random.
Collision probability
With the default alphabet and 21 characters, the space of possible IDs is huge: 6421, on the order of 1037. Applying the birthday paradox, reaching a 1% chance of a single collision would take generating around a billion IDs per hour for more than a hundred years. If you shorten the length or use a smaller alphabet (numbers only, for instance), the space shrinks and the collision chance rises. The rule is simple: more length and more alphabet means safer.
Common uses and when to pick UUID
- Slugs and short URLs: IDs that look clean in a link with no odd characters.
- Public tokens: session identifiers, invites or shareable links.
- Resource keys: file names, cache keys or object IDs in APIs.
- Databases: as a primary key when you don’t need the standard format and prefer to save space.
If you need compatibility with the RFC 4122 format (say a native uuid column in PostgreSQL, or a system that already expects UUIDs), use Genfy’s UUID generator. For everything else, Nano ID is usually the more compact choice.
Table: Nano ID vs UUID
| Feature | Nano ID (default) | UUID v4 |
|---|---|---|
| Length | 21 characters | 36 characters |
| Alphabet | 64 symbols (A-Za-z0-9_-) | 16 symbols (0-9a-f) + dashes |
| Bits of entropy | ≈ 126 | 122 |
| URL-friendly | Yes, no escaping | Yes, but longer |
| Standard format | No (convention) | Yes (RFC 4122) |
| Collision (50%) | ≈ 1018 IDs | ≈ 2.7 × 1018 IDs |