Why Timestamp+Random Fails and How crypto.randomUUID() Guarantees True Uniqueness

We often need to generate a "unique ID". While the requirement sounds simple, creating an ID that is absolutely non‑repeating is more complex than it appears.

Misconception 1: Using Date.now() + Math.random()

Many beginners (and even some experienced developers) instinctively combine a timestamp with a random number.

function generateNaiveId() {
  return Date.now().toString(36) + Math.random().toString(36).substr(2);
}
// Example output: "l6n7f4v2am50k9m7o4"

This approach seems reasonable because it mixes time uniqueness with randomness. However, in high‑concurrency or rapid‑operation scenarios, its promise of "absolute uniqueness" quickly breaks down:

Timestamp precision : Date.now() has millisecond precision. Calls made within the same millisecond produce identical timestamp portions, making the first part of the ID identical.

Pseudo‑randomness : Math.random() is not cryptographically secure; there is a tiny chance it can generate the same sequence in a short time frame.

Conclusion: This method may appear usable in low‑frequency situations, but it is far from "absolutely unique" and can become a ticking time bomb in production.

Misconception 2: Simple Incremental Counter

Another idea is to maintain a global counter.

This solution has even clearer drawbacks:

Statelessness : In a browser environment, refreshing the page resets the counter to 0.

Multiple tabs conflict : Opening two identical pages creates two independent counter instances, each starting from 0 and generating identical ID sequences, causing immediate collisions.

Conclusion: A pure incremental counter offers virtually no practical value in browser contexts.

Embrace Cryptography and Standards

Since simple methods fail, we need a more reliable, scientific approach. Fortunately, modern browsers (and Node.js 14+) provide a built‑in solution.

Champion solution: crypto.randomUUID()

This is the official solution defined by the W3C standard. The global crypto object offers cryptographic capabilities, and its randomUUID() method generates a UUID that complies with RFC 4122 version 4.

const uniqueId = crypto.randomUUID();
// Example output: "3a6c4b2a-4c26-4d0f-a4b7-3b1a2b3c4d5e"

Why crypto.randomUUID() is the champion?

Extremely low collision probability : A v4 UUID is generated from 122 bits of randomness, yielding an astronomically large number of possible values, making collisions practically impossible.

Cryptographic‑level security : It uses a cryptographically secure pseudo‑random number generator (CSPRNG), far superior to Math.random() and unpredictable.

Standardization : The UUID format is globally recognized, so front‑end, back‑end, and databases can all understand and process it.

Native, simple, efficient : No third‑party libraries are required; a single line of code provides high performance. crypto.randomUUID() is supported by all modern browsers (Chrome 92+, Firefox 90+, Safari 15.4+) and Node.js 14+, making it a safe choice for new projects.