Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Collision with v4 uuid

See original GitHub issue

Describe the bug

I’m guessing I’m setting up something incorrectly. I’m using browser-side generated uuids and logging them to the server. I have a collision and I have only have logged about 100k uuids. I shouldn’t have a collision with 100k uuids so I’m guessing I have a bug in my code. I’m assuming that I need to polyfill or something.

How to reproduce

I don’t have a small repo. This is integrated into a larger app. I noticed a collision pretty quickly.

import { v4 as uuidv4 } from 'uuid';
...
log(uuidv4())

Expected behavior

I would not expect a collision with 100k uuids.

Runtime

OS: Unknown.
Runtime: I don’t know for sure. Almost all of the users use either Chrome or Safari (50-50).
Runtime Version: 14.x

Additional information

[Any other information or comments that you think will help]

Issue Analytics

State:
Created 3 years ago
Comments:13 (7 by maintainers)

Top GitHub Comments

5reactions

broofacommented, Feb 24, 2021

Ah, someone at Snowplow said they haven’t updated partially because of uuid dropping support for IE 9 and 10.

FWIW, I just tested crypto.getRandomValues() behavior on googlebot and it is also deterministic(!) (<-- @ctavan @bcoe, take note!), so upgrading to uuid@latest probably won’t fix this issue for Snowplow.

I suppose one workaround would be to detect when we’re running in a googelbot client and “be smart”, but the options there are limited. Google clearly wants googlebots to be deterministic. Working around that won’t be easy.

We could throw an error when run in googlebot clients, similar to when we don’t find getRandomValues(). But I’m not convinced that’s the right thing to do. A lot of our users will find it surprising and obnoxious.

Both of the above solutions start us down the slippery slope of detecting clients with known RNG issues. I’m not thrilled about that idea.

Googlebot and it’s ilk are a special case, where ID collisions are arguably by design. I’m not sure it’s our responsibility to deal with that. I’d be okay with just adding a cautionary note to the README about this, and telling project owners it’s up to them to figure it out.

0reactions

ctavancommented, Feb 26, 2021

I think this is working as intended and updating the docs is the best thing we can do!

(and thanks for verifying crypto behavior, @broofa!)

Top Results From Across the Web

Has there ever been a UUID collision? - Quora

If every person on the planet generates a new UUID4 every second, we'd expect a collision to occur after about 10 years. UUID4...

UUID GUID Oversimplified – Are They Really Unique?

Well, kind of yes for practical purposes & no if you are thinking there won't be a UUID collision ever. A collision is...

UUID collisions [closed] - Software Engineering Stack Exchange

"The probability (of collision) is NOT 0" Any finite-length sequence has this property. Even with a perfectly random v4 UUID, once you've ...

How big is the chance to get a Java UUID.randomUUID ...

The principle doesn't change, UUID generation is really random—meaning you can consider the generation of UUIDs to to be independent events from one...

UUID v4 Are you concerned about the 0.0000001% chance of ...

I'm not worried about collisions and I agree that being able to put metadata in the UUID is a big meh of a...