A UUID (Universally Unique Identifier) is a 128-bit identifier designed to be unique without needing a central server to coordinate them. They're the standard solution when you need IDs that won't collide across distributed systems, databases or different devices.
Since Node.js 19 and modern browsers, you don't need any library to generate them.
The modern way: crypto.randomUUID()
crypto.randomUUID();
// → "f47ac10b-58cc-4372-a567-0e02b2c3d479"
That's all. A cryptographically secure UUID v4 in one line. Available in:
- Modern browsers (Chrome 92+, Firefox 95+, Safari 15.4+)
- Node.js 19+
- Deno and Bun natively
The format is always the same: 8-4-4-4-12 hexadecimal characters separated by hyphens, 36 characters total.
What is UUID v4?
There are 8 UUID versions. v4 is the most used in web development because its bits are completely random (except 6 bits that identify the version and RFC variant).
With 122 bits of randomness, the probability of collision when generating two UUIDs is 1 in 2¹²² — approximately 1 in 5.3 × 10³⁶. In practice, it's mathematically impossible for two devices to generate the same UUID spontaneously.
UUID vs GUID: are they the same?
Yes, with nuances. GUID (Globally Unique Identifier) is the name Microsoft uses for their UUID standard implementation. Both follow the same RFC 4122, so they're interchangeable in practice.
The difference is that Microsoft historically used version 1 (based on the MAC address and timestamp) while the web ecosystem prefers v4 (random). Today both terms are used interchangeably.
When to use UUID
Ideal use cases:
- Database record IDs when data is generated on the client before syncing to the server
- References in distributed systems where multiple services independently create entities
- Temporary session tokens or transaction IDs
- Unique file names to avoid accidental overwrites
- Event IDs in analytics systems where creation order doesn't matter
When NOT to use UUID:
If you need IDs sortable by creation time, consider ULID (Universally Unique Lexicographically Sortable Identifier) or UUID v7 (available in some languages). UUID v4s are completely random and carry no temporal information.
If database index performance is critical, a BIGINT AUTO_INCREMENT can be more efficient for tables with millions of records, though it sacrifices the distributed generation capability.
Bulk generation
To generate multiple UUIDs at once:
function generateBulk(n) {
return Array.from({ length: n }, () => crypto.randomUUID());
}
generateBulk(5);
// → ["a1b2c3d4-...", "e5f6a7b8-...", ...]
UUID in all Node.js versions
For compatibility with Node.js before v19, the native crypto module also provides it:
const { randomUUID } = require("crypto"); // CommonJS
// or
import { randomUUID } from "crypto"; // ESM
randomUUID(); // → "f47ac10b-58cc-4372-a567-0e02b2c3d479"
This works from Node.js 14.17.0.
Validate that a string is a valid UUID
function isValidUUID(str) {
return /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(str);
}
isValidUUID("f47ac10b-58cc-4372-a567-0e02b2c3d479"); // true
isValidUUID("not-a-uuid"); // false
The pattern specifically verifies version 4 (third group starts with 4) and the RFC 4122 variant (fourth group starts with 8, 9, a or b).
Comparing UUIDs correctly
UUIDs are case-insensitive by specification, though most implementations generate them in lowercase:
function uuidsEqual(a, b) {
return a.toLowerCase() === b.toLowerCase();
}
The collision myth
Many people distrust UUIDs due to collision fears. To put it in perspective: if you generate 1 billion UUIDs per second for 100 years, the probability of any collision is approximately 50%. For a system generating thousands of UUIDs per day, collisions are statistically impossible at any practical scale.
Try it now
Our UUID generator online uses exactly crypto.randomUUID() with bulk generation, history of recently generated IDs, and one-click copy. No servers, no sign-up, every UUID is generated locally in your browser.