NanoID Generator

Shorter than a UUID, URL-safe, and configurable. A 21-character NanoID from the default alphabet has the same collision probability as a UUID v4, in 36% less space.

Bulk delimiter
Click Generate to produce NanoIDs.

About NanoID

NanoID is a unique identifier generator created in 2017 by Andrey Sitnik, the same developer who created PostCSS and Autoprefixer. It was designed in response to a specific frustration: UUIDs are 36 characters long, contain hyphens, and are awkward in URLs. NanoID provides a more compact, URL-safe alternative with comparable uniqueness guarantees.

A default NanoID is 21 characters drawn from a 64-character alphabet (A-Za-z0-9_-), giving roughly 126 bits of entropy. The alphabet is URL-safe by design — no characters need escaping when included in a path or query string. The default size offers collision resistance comparable to UUID v4 (a 1% chance of collision requires generating roughly 4 × 1018 IDs).

The library has gained significant adoption in JavaScript and TypeScript ecosystems, particularly through ORMs like Prisma, which uses NanoID as a built-in option for primary key generation. It's also available as a library in Python, Go, Rust, .NET, Java, and most other major languages — this site uses the canonical Nanoid .NET port.

When to use NanoID

NanoID is a good fit when:

  • You need URL-friendly identifiers. No hyphens, no need for escaping, shorter than UUIDs while still highly collision-resistant.
  • You want configurable length or alphabet. NanoID accepts custom alphabets and lengths, letting you trade collision resistance against compactness for your specific use case.
  • Your ecosystem already uses NanoID. If you're working in a JavaScript/TypeScript project, NanoID is often the path of least resistance and fits naturally with the surrounding tooling.

A UUID may be the better choice when:

  • You need ecosystem interoperability. UUIDs have universal support across databases, frameworks, and protocols. NanoID requires explicit library use.
  • You want a time-ordered identifier. NanoID is fully random with no embedded timestamp. For time-sortable IDs, use UUID v7 or ULID.
  • You're storing IDs as a native database type. Most databases have a native UUID type with optimised storage. NanoIDs are stored as strings, which costs marginally more space and is slower to compare.

Read the full comparison: NanoID vs UUID — which should you use? It works through size, encoding, ecosystem support, and the cases where each is the right choice. NanoID is also the go-to when a distributed system needs a short, URL-facing identifier rather than a sortable one; generating IDs in distributed systems places it alongside UUID v7, ULID, and Snowflake.

Choosing length and alphabet

The default 21 characters with the URL-safe alphabet is appropriate for most uses. Reasons you might deviate:

  • Shorter (10–16 characters) for short-lived tokens, URL shorteners, or contexts where size is critical and collision risk over your expected volume is acceptable. The official NanoID collision calculator helps you pick a length to match your scale.
  • Longer (32+ characters) for very high-volume systems or for stronger guessability resistance. With a longer ID, an attacker brute-forcing the namespace must search a correspondingly larger space.
  • Alphanumeric only (no _ or -) for contexts where URL-safety isn't the priority but readability is — for example, IDs that might be transcribed by hand.
  • Numeric only for human-friendly IDs in contexts like phone PINs or short codes (though for such uses, the additional collision risk and lack of typo-resistance often make a different approach better).

Implementation considerations

Use a cryptographic random source. Reference NanoID implementations use Web Crypto in browsers, crypto in Node.js, and RandomNumberGenerator in .NET — all cryptographically secure. If you implement NanoID yourself, do not use Math.random() or equivalent non-CSPRNG sources. For security-sensitive identifiers (tokens, keys), the random source matters as much as the alphabet and length.

Storage as strings. NanoIDs don't have a compact binary representation in the way UUIDs do. Stored as a database string they take the full length plus any length-prefix overhead. For databases with significant ID storage volume, this can be a measurable cost worth considering.

Generating in code

JavaScript

import { nanoid } from 'nanoid'
const id = nanoid() // 21-char URL-safe

C# (Nanoid package)

using NanoidDotNet;
var id = Nanoid.Generate();
// Custom alphabet + length:
var pin = Nanoid.Generate("0123456789", 6);

Python

from nanoid import generate
id = generate()

FAQ

NanoID vs UUID v4 — which should I pick?
For a primary key in a database that has a native UUID type, UUID v4 (or better, v7). For an ID that appears in a URL, NanoID — same collision resistance, shorter, no need for a separate display form.
How long should my NanoID be?
The default 21 characters gives 126 bits of randomness — equivalent to UUID v4 and appropriate for most uses. Shorten to 10–12 for low-volume disposable tokens; lengthen to 32+ for IDs that need to resist guessing at very large scale. Zelark's calculator shows the collision threshold for any length and alphabet — check before going below the default.
Is NanoID cryptographically secure?
Reference implementations are — including the .NET Nanoid package this site uses, which reads bytes from RandomNumberGenerator. The risk is in custom implementations: if you swap in Math.random or another non-cryptographic source, the output is no longer CSPRNG-grade. Always verify the random source before using NanoID for security-sensitive identifiers.
Is NanoID standardised?
No formal RFC. NanoID is a convention, not a spec — but the original JavaScript implementation is widely treated as the reference, and the ports across languages produce compatible output for the same alphabet and length.
Can I use a custom alphabet without modulo bias?
Yes — this generator uses rejection sampling. The algorithm draws random bytes, masks them to the smallest power of two that's at least as large as the alphabet, and discards values that fall outside the alphabet. The result is uniformly distributed for any alphabet size, not just powers of two.
Are these IDs sortable?
No. NanoIDs are random — there's no embedded timestamp. If you need sortable identifiers, use UUID v7 or ULID.
An unhandled error has occurred. Reload ×