Dead note

[ai]

I like to accept this PR, but seems like there is a problem with branch (GitHub shows This branch cannot be rebased safely).

Can remove your fork, fork it again, create a branch and then send PR? I think it could fix the problem.

[markstos]

@CarlinJacob, @ai,

How can nanoid be considered more secure when it doesn't track enforce uniqueness?

This module, shortid, appears to use the time component to insure unique IDs, which while nanoid makes no attempt to make unique IDs that I see. If the same ID is given to two different people, one person might end up accessing the other person's private stuff, which is LESS secure.

If you are going to recommend that people use nanoid instead, at least be clear that they would be switching to a module that makes no attempt to provide unique strings, only random strings.

I think a module like shortid is a good idea-- one that generates short random strings that are both crypto-random AND unique.

[ai]

How can nanoid be considered more secure when it doesn't track enforce uniqueness?

shortid doesn’t track uniqueness as well. If you restart your Node.js application, you will lose all data. It has even more edge cases.

Tracking uniqueness is so extremely complicated, that it will not work in most of the cases.

This is why it will be much safer just use hardware randomness and long enough ID (for your task).

[markstos]

@ai Thanks for the feedback.

I worked on a module like Nano ID in 2015, secure-random-string.