NanoID Generator
Shorter than a UUID, URL-safe, and configurable. A 21-character NanoID from the default alphabet has the same collision probability as a UUID v4, in 36% less space.
Click Generate to produce NanoIDs.
About NanoID
NanoID is a unique identifier generator created in 2017 by Andrey Sitnik, the same developer who created PostCSS and Autoprefixer. It was designed in response to a specific frustration: UUIDs are 36 characters long, contain hyphens, and are awkward in URLs. NanoID provides a more compact, URL-safe alternative with comparable uniqueness guarantees.
A default NanoID is 21 characters drawn from a 64-character alphabet
(A-Za-z0-9_-), giving roughly 126 bits of entropy. The alphabet
is URL-safe by design — no characters need escaping when included in a path
or query string. The default size offers collision resistance comparable to
UUID v4 (a 1% chance of
collision requires generating roughly 4 × 1018 IDs).
The library has gained significant adoption in JavaScript and TypeScript
ecosystems, particularly through ORMs like Prisma, which uses NanoID as a
built-in option for primary key generation. It's also available as a library
in Python, Go, Rust, .NET, Java, and most other major languages — this site
uses the canonical Nanoid .NET port.
When to use NanoID
NanoID is a good fit when:
- You need URL-friendly identifiers. No hyphens, no need for escaping, shorter than UUIDs while still highly collision-resistant.
- You want configurable length or alphabet. NanoID accepts custom alphabets and lengths, letting you trade collision resistance against compactness for your specific use case.
- Your ecosystem already uses NanoID. If you're working in a JavaScript/TypeScript project, NanoID is often the path of least resistance and fits naturally with the surrounding tooling.
A UUID may be the better choice when:
- You need ecosystem interoperability. UUIDs have universal support across databases, frameworks, and protocols. NanoID requires explicit library use.
- You want a time-ordered identifier. NanoID is fully random with no embedded timestamp. For time-sortable IDs, use UUID v7 or ULID.
- You're storing IDs as a native database type. Most databases have a native UUID type with optimised storage. NanoIDs are stored as strings, which costs marginally more space and is slower to compare.
Read the full comparison: NanoID vs UUID — which should you use? It works through size, encoding, ecosystem support, and the cases where each is the right choice. NanoID is also the go-to when a distributed system needs a short, URL-facing identifier rather than a sortable one; generating IDs in distributed systems places it alongside UUID v7, ULID, and Snowflake.
Choosing length and alphabet
The default 21 characters with the URL-safe alphabet is appropriate for most uses. Reasons you might deviate:
- Shorter (10–16 characters) for short-lived tokens, URL shorteners, or contexts where size is critical and collision risk over your expected volume is acceptable. The official NanoID collision calculator helps you pick a length to match your scale.
- Longer (32+ characters) for very high-volume systems or for stronger guessability resistance. With a longer ID, an attacker brute-forcing the namespace must search a correspondingly larger space.
- Alphanumeric only (no
_or-) for contexts where URL-safety isn't the priority but readability is — for example, IDs that might be transcribed by hand. - Numeric only for human-friendly IDs in contexts like phone PINs or short codes (though for such uses, the additional collision risk and lack of typo-resistance often make a different approach better).
Implementation considerations
Use a cryptographic random source. Reference NanoID
implementations use Web Crypto in browsers, crypto in Node.js,
and RandomNumberGenerator in .NET — all cryptographically secure.
If you implement NanoID yourself, do not use Math.random() or
equivalent non-CSPRNG sources. For security-sensitive identifiers (tokens,
keys), the random source matters as much as the alphabet and length.
Storage as strings. NanoIDs don't have a compact binary representation in the way UUIDs do. Stored as a database string they take the full length plus any length-prefix overhead. For databases with significant ID storage volume, this can be a measurable cost worth considering.
Generating in code
JavaScript
import { nanoid } from 'nanoid'
const id = nanoid() // 21-char URL-safe
C# (Nanoid package)
using NanoidDotNet;
var id = Nanoid.Generate();
// Custom alphabet + length:
var pin = Nanoid.Generate("0123456789", 6);
Python
from nanoid import generate
id = generate()
FAQ
NanoID vs UUID v4 — which should I pick?
How long should my NanoID be?
Is NanoID cryptographically secure?
Nanoid
package this site uses, which reads bytes from
RandomNumberGenerator. The risk is in custom implementations:
if you swap in Math.random or another non-cryptographic
source, the output is no longer CSPRNG-grade. Always verify the random
source before using NanoID for security-sensitive identifiers.