RFC9562 UUIDs
The uuid package is the de facto standard for generating RFC9562-compliant Universally Unique Identifiers in JavaScript applications. With over 196 million weekly downloads, it's one of the most depended-upon packages in the npm ecosystem, used by tens of thousands of packages for creating guaranteed-unique identifiers across distributed systems.
UUIDs solve a fundamental problem in distributed computing: generating unique identifiers without coordination between systems. Unlike auto-incrementing database IDs, UUIDs can be generated client-side, merged across databases, and used in caching layers without collision risk. The uuid package implements multiple UUID versions, each optimized for different use cases—from timestamp-based v1 for temporal ordering to cryptographically random v4 for unpredictable identifiers.
The package has zero dependencies and uses native Web Crypto API for secure random number generation. As of version 12, it ships as ES modules only, reflecting modern JavaScript practices. It provides both generation and validation utilities, making it a complete solution for UUID workflows in Node.js and browser environments.
Developers choose uuid when building REST APIs with resource identifiers, implementing distributed tracing systems, creating session tokens, managing database records across microservices, or any scenario requiring collision-resistant unique identifiers without centralized coordination.
import { v4 as uuidv4, v5 as uuidv5, validate, version } from 'uuid';
// Generate a random UUID (most common use case)
const userId = uuidv4();
console.log(userId); // '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
// Generate namespace-based UUID for deterministic IDs
const NAMESPACE = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';
const userEmail = 'user@example.com';
const deterministicId = uuidv5(userEmail, NAMESPACE);
console.log(deterministicId); // Always same UUID for this email
// Validate UUIDs from external sources
const incomingId = 'invalid-uuid-string';
if (validate(incomingId)) {
console.log(`Valid UUID version ${version(incomingId)}`);
} else {
throw new Error('Invalid UUID format');
}
// Practical example: API endpoint with UUID validation
function getUserById(id) {
if (!validate(id)) {
throw new Error('Invalid user ID format');
}
// Safe to use in database query
return database.users.findOne({ id });
}
// Generate correlation ID for distributed tracing
function handleRequest(req, res) {
const correlationId = uuidv4();
req.correlationId = correlationId;
res.setHeader('X-Correlation-ID', correlationId);
logger.info({ correlationId, path: req.path }, 'Request started');
}User session tracking: Generate unique session IDs for web applications that are cryptographically random and impossible to guess, preventing session hijacking attacks while allowing sessions to be created across multiple backend servers without coordination.
Database primary keys: Use UUIDs as primary keys in distributed databases or microservices architectures where multiple services insert records independently. UUIDs eliminate the need for centralized ID generation and simplify database sharding and replication.
Request tracing and logging: Create correlation IDs for distributed request tracing across microservices. Each incoming request gets a UUID that follows it through the entire call chain, making it trivial to aggregate logs and debug complex distributed transactions.
File upload identifiers: Generate unique filenames for user-uploaded content to prevent collisions and make filenames unpredictable. This prevents directory traversal attacks and ensures files from different users never conflict even when uploaded simultaneously.
Idempotency keys: Implement idempotent API operations by having clients generate UUIDs for requests. The server can detect and ignore duplicate submissions of payment transactions, order submissions, or other critical operations by tracking previously processed UUIDs.
npm install uuidpnpm add uuidbun add uuid