Generate UUIDs in JavaScript: crypto.randomUUID and the legacy npm packages
If your runtime is from the last three years, you do not need the `uuid` package any more. `crypto.randomUUID()` is built in, RFC compliant, and faster.
crypto.randomUUID is enough now
crypto.randomUUID() is part of the Web Crypto API and the Node.js crypto module. It returns a UUIDv4 string compliant with RFC 9562, generated using the platform CSPRNG.
In the browser:
``js
const id = crypto.randomUUID();
// → "1a2b3c4d-5e6f-4a8b-9c0d-1e2f3a4b5c6d"
``
In Node 14.17+ either as the global crypto (since Node 19) or via import { randomUUID } from "node:crypto". Both are functionally identical and both are 5 to 10 times faster than the historic uuid package because there is no JS-level RNG seeding.
When you still need the uuid package
Two valid reasons to keep uuid as a dependency:
You need a UUID version other than v4. The uuid package supports v1, v3, v5, v6, v7. crypto.randomUUID() only does v4.
You support truly old runtimes. Internet Explorer is dead, but if your bundler is targeting %5% or older browsers, crypto.randomUUID may not be defined. uuid ships a polyfill that works there.
For everything else, the dependency is dead weight.
UUIDv7 in plain JavaScript
UUIDv7 is the modern format with embedded millisecond timestamp. The official uuid package supports it from version 9.0:
import { v7 } from "uuid";
const id = v7();
// → "0192d80f-c0a3-7f3a-8e0b-1234567890ab"If you do not want a dependency you can implement v7 by hand in 15 lines: take the current epoch ms as 48 bits, set the version nibble to 7, set the variant nibbles to "10", fill the rest with crypto.getRandomValues. The official RFC 9562 has the bit layout.
What about nanoid?
nanoid is a different beast. It generates a 21-char URL-safe ID with similar collision resistance to a UUID v4 but in a more compact form. If your IDs are user-facing in URLs and you want them shorter, nanoid wins. If your IDs are database keys and the consumer expects UUID format, stay with UUID.
Working example
javascript// Browser or Node 19+
const id = crypto.randomUUID();
console.log(id);
// → "1a2b3c4d-5e6f-4a8b-9c0d-1e2f3a4b5c6d"
// Node 14.17 to 18: import explicitly
import { randomUUID } from "node:crypto";
console.log(randomUUID());
// Bulk
const ids = Array.from({ length: 100 }, () => crypto.randomUUID());
// UUIDv7 via the official npm package
import { v7 } from "uuid";
console.log(v7());Just need the result?
When you need a UUID outside a JS runtime, like seeding a config file by hand or grabbing one for a quick test, the browser-based UUID generator gives you the same RFC-compliant value with one click and zero install.
Open UUID v4 Generator →Frequently asked questions
Is crypto.randomUUID safe to use in the browser?
Yes. It calls into the platform CSPRNG and is available in every browser since 2023 (Safari 15.4, Chrome 92, Firefox 95). For older browsers use the uuid package as a polyfill.
Can I generate a UUID without crypto, using Math.random?
You can but you should not. Math.random is not cryptographically secure and a determined attacker can predict outputs. Always use crypto.randomUUID, crypto.getRandomValues, or a properly seeded library.
Are crypto.randomUUID and uuid.v4() output-compatible?
Yes. Both produce a UUIDv4 string in the canonical 8-4-4-4-12 hex form with the version 4 nibble set. Anything reading them cannot tell the difference.