Generators
NanoID Explained: Compact, URL-Safe IDs With a Custom Alphabet and Size
Understand how NanoID works, why it beats UUID for URLs, and how to pick a safe size and alphabet to keep collisions vanishingly unlikely.
Try the toolNanoID Generator →The problem with long, ugly identifiers
You need a unique identifier for a URL, a database row, or a short link. The default reflex is a UUID, but 550e8400-e29b-41d4-a716-446655440000 is 36 characters of hyphens and hex that look clumsy in a URL and take up real space in an index. NanoID was designed to fix exactly this: it gives you an ID that is just as collision-resistant as a UUID but shorter, URL-safe, and configurable. Its default is 21 characters like V1StGXR8_Z5jdHi6B-myT.
How NanoID works
A NanoID is simply a string of random characters pulled from an alphabet, using a cryptographically secure random source. Two things define it:
- The alphabet — the set of allowed characters. The default is 64 URL-safe characters:
A–Z,a–z,0–9, plus_and-. Every one of those is safe in a URL without percent-encoding. - The size — how many characters long the ID is. The default is 21.
Because it uses a secure random generator rather than a predictable counter, IDs are unguessable, which is a nice property for public-facing links. And because you control both the alphabet and the length, you can tune the trade-off between compactness and collision safety for your specific system.
Collision math: how long is long enough?
The chance of two random IDs colliding follows the birthday problem, driven by the alphabet size raised to the length. More characters or a bigger alphabet means an astronomically larger keyspace. The practical takeaway:
- The default 21-character ID over the 64-character alphabet needs roughly a billion IDs per second for hundreds of years before a collision becomes likely — equivalent safety to a UUIDv4.
- Shorter IDs are fine for smaller datasets. A 10-character ID is plenty for, say, a URL shortener with millions of links, though not billions.
- Shrinking the alphabet (for example digits only) sharply reduces the keyspace, so you must lengthen the ID to compensate.
Open the NanoID Generator, set your size, optionally supply a custom alphabet, and generate. Everything runs locally in your browser — no request is ever made to a server.
A practical walkthrough
Say you want a readable, non-ambiguous short code for coupon links. You might drop confusing characters like 0/O and 1/l/I and use a size of 8:
// Conceptually, NanoID = pick `size` random chars from `alphabet`
const alphabet = '23456789ABCDEFGHJKLMNPQRSTUVWXYZ'; // no 0,1,O,I,L
const size = 8;
// Example output from the generator:
// 'K7P4RM2Q' -- easy to read aloud, URL-safe, ~40 bits
// Compare with the default:
// nanoid() -> 'V1StGXR8_Z5jdHi6B-myT' (21 chars, ~126 bits)The custom version is short and human-friendly; the default is bulletproof for high-volume, machine-generated keys. Choose based on how many IDs you will ever create and whether a person has to read them.
Common pitfalls
- Going too short for your volume. A cute 5-character ID collides fast at scale. Estimate your total ID count and add margin before shrinking the size.
- Shrinking the alphabet without lengthening the ID. Digits-only with the same length slashes the keyspace. Compensate with more characters.
- Using it where order or time matters. NanoID is random, not sortable or timestamped. If you need chronological ordering, a UUIDv7 or a timestamp prefix is a better fit.
- Assuming it is secret. Unguessable is not the same as authenticated. An unguessable URL is obscurity, not access control — still gate sensitive resources behind real auth.
Related tools
If you specifically need the standard 128-bit format, use the UUID Generator. And when your IDs land in a URL, the URL Parser helps you confirm they survive the trip without needing encoding.
Conclusion
NanoID gives you UUID-grade uniqueness in a shorter, URL-safe, tunable package. Keep the defaults when you want maximum safety, or trim the size and curate the alphabet when a human has to read the ID — just do the collision math before you shorten it. Set your size, pick your alphabet, and generate as many as you need, all without anything leaving your browser.