Shorter name

[annevk]

Any reason "random" needs to be part of this? crypto.uuid() seems fine to me.

[bcoe]

Any reason "random" needs to be part of this?

A major reason we landed on the randomUUID() naming, was that we explicitly did not want to claim to be a full implementation of the UUID RFC:

• this would push us towards a larger API surface (supporting v1, v3, v4, and v5 UUIDs).
• some UUID versions aren't practical for the web (or are a bad idea for the web), e.g., v1 expects a machine identifier as part of its inputs.

In practice, we looked at the millions of existing users of node-uuid on GitHub, and folks mostly just wanted a random string identifier:

Algorithm Version	Repo Count	%	Weighted by Watch Count	%
v4	4315	77.0%	149802	89.5%
v1	1228	21.9%	16219	9.7%
v5	51	0.9%	1290	0.8%
v3	11	0.2%	116	0.1%

There's some good discussions on this topic in our original explainer.

[annevk]

I read that, but that doesn't really justify the longer name to me. It seems to me that the more esoteric variants should get a longer name, if we ever had a reason for adding them to the web. And even version 4 exists in two versions per the RFC, so you'd have to use trulyRandomUUID if you wanted to be unambiguous.

[bakkot]

even version 4 exists in two versions per the RFC

Assuming you mean "variants", rather than "versions", in the language of the RFC: I'm not aware of any modern use of variant-110x version 4 UUIDs. I don't think there's much risk of confusion there. (For illustration: Java's randomUUID method creates variant-10x version 4 UUIDs, and has for well over a decade, and I don't think that's ever confused anyone.)

[annevk]

You get a choice in how random it is: https://tools.ietf.org/html/rfc4122#section-4.4.

[bakkot]

Do you mean the bit about "truly-random or pseudo-random numbers"? That's not two different versions. It's just making it clear that you aren't required to use a hardware RNG to make v4 UUIDs: a CSPRNG will do.

[domenic]

FWIW I do think random is a helpful signifier here. As someone who once upon a time did COM programming, all the books I read about UUIDs at the time discussed how they were guaranteed unique because they would use your MAC address (i.e. v1). Helping people understand that this UUID function is not that, right in the name, seems good to me.

Also I like how it ties the method closely to its sibling, crypto.getRandomValues(), in that both are about using CSPRNGs.

[annevk]

Aside: reportedly iOS randomizes MAC addresses.

I think crypto signifies randomness already and handing out stable unique identifiers doesn't seem like something that would pass any privacy policy.

But mainly I prefer short names for utility functions like this. I also don't care strongly so feel free to close.