Sequential IDs and UUIDs and...

[sustained]

From your README -

let uuid = 1; // Use seq instead of proper unique identifiers for demo only

1. Don't you think that perpetuating presumably insecure practices in your README is bad news:tm:? Why not just do it "properly" for the demo (whatever properly would be - I have no idea). Which leads to...
2. So would using a proper UUID (v4, presumably) in place of this sequential identifier be secure enough for a proper account system? What do the developers/maintainers themselves use?

[sholladay]

The example is clearly intended to be simple. It's not meant to be a production-ready system all on its own. If JavaScript had a secure UUID generator built into the language, I imagine they would use it in the example code. But since that's not the case, they're just leaving a comment to remind people that UUIDs are generally preferred to sequential IDs, rather than importing some 3rd party library to do it, with all of the additional complexity that brings. I think it's pretty reasonable. Maybe it would be nice to have a more full-fledged example, though.

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.