Copyright © 2021 the Contributors to the uuid Specification, published by the Web Platform Incubator Community Group under the W3C Community Contributor License Agreement (CLA). A human-readable summary is available.
This specification describes an API for generating character encoded
Universally Unique Identifiers (UUID) based on [RFC4122], available
as a method on the
Crypto
interface.
This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.
The uuid library on npm currently receives 131,000,000 monthly downloads and is relied on by over 2,600,000 repositories (as of June 2019).
The ubiquitous nature of the uuid module demonstrates that UUID generation is a common
requirement for JavaScript software applications, making the functionality a good candidate for the
standard library.
Developers who have not been exposed to [RFC4122] might naturally opt to invent their own approaches
to UUID generation, potentially using Math.random() (in TIFU by using Math.random()
there's an in-depth discussion of why a Cryptographically-Secure-Pseudo-Random-Number-Generator
(CSPRNG) should be used when generating UUIDs. Of primary concern is that, without a high-quality source
of randomness, collisions can frequently occur.
Introducing a UUID standard library, which dictates that a CSPRNG must be used, helps protect developers from security pitfalls.
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
Crypto interfaceThe Crypto interface is defined in [WebCryptoAPI].
WebIDL[Exposed=(Window,Worker)] partial interfaceCrypto{ DOMStringrandomUUID(); };