Collision with v4 uuid
See original GitHub issueDescribe the bug
I’m guessing I’m setting up something incorrectly. I’m using browser-side generated uuids and logging them to the server. I have a collision and I have only have logged about 100k uuids. I shouldn’t have a collision with 100k uuids so I’m guessing I have a bug in my code. I’m assuming that I need to polyfill or something.
How to reproduce
I don’t have a small repo. This is integrated into a larger app. I noticed a collision pretty quickly.
import { v4 as uuidv4 } from 'uuid';
...
log(uuidv4())
Expected behavior
I would not expect a collision with 100k uuids.
Runtime
- OS: Unknown.
- Runtime: I don’t know for sure. Almost all of the users use either Chrome or Safari (50-50).
- Runtime Version: 14.x
Additional information
[Any other information or comments that you think will help]
Issue Analytics
- State:
- Created 3 years ago
- Comments:13 (7 by maintainers)
Top Results From Across the Web
Has there ever been a UUID collision? - Quora
If every person on the planet generates a new UUID4 every second, we'd expect a collision to occur after about 10 years. UUID4...
Read more >UUID GUID Oversimplified – Are They Really Unique?
Well, kind of yes for practical purposes & no if you are thinking there won't be a UUID collision ever. A collision is...
Read more >UUID collisions [closed] - Software Engineering Stack Exchange
"The probability (of collision) is NOT 0" Any finite-length sequence has this property. Even with a perfectly random v4 UUID, once you've ...
Read more >How big is the chance to get a Java UUID.randomUUID ...
The principle doesn't change, UUID generation is really random—meaning you can consider the generation of UUIDs to to be independent events from one...
Read more >UUID v4 Are you concerned about the 0.0000001% chance of ...
I'm not worried about collisions and I agree that being able to put metadata in the UUID is a big meh of a...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
FWIW, I just tested
crypto.getRandomValues()
behavior on googlebot and it is also deterministic(!) (<-- @ctavan @bcoe, take note!), so upgrading touuid@latest
probably won’t fix this issue for Snowplow.I suppose one workaround would be to detect when we’re running in a googelbot client and “be smart”, but the options there are limited. Google clearly wants googlebots to be deterministic. Working around that won’t be easy.
We could throw an error when run in googlebot clients, similar to when we don’t find getRandomValues(). But I’m not convinced that’s the right thing to do. A lot of our users will find it surprising and obnoxious.
Both of the above solutions start us down the slippery slope of detecting clients with known RNG issues. I’m not thrilled about that idea.
Googlebot and it’s ilk are a special case, where ID collisions are arguably by design. I’m not sure it’s our responsibility to deal with that. I’d be okay with just adding a cautionary note to the README about this, and telling project owners it’s up to them to figure it out.
I think this is working as intended and updating the docs is the best thing we can do!
(and thanks for verifying crypto behavior, @broofa!)