Why Timestamp+Random Fails and How to Generate Truly Unique IDs in JavaScript

Misconception 1: Using Date.now() + Math.random()

Many developers think that concatenating a timestamp with a random number yields a unique identifier.

function generateNaiveId() {
  return Date.now().toString(36) + Math.random().toString(36).substr(2);
}
// Example output: "l6n7f4v2am50k9m7o4"

In high‑concurrency scenarios this approach fails because:

Timestamp precision : Date.now() only has millisecond precision, so calls within the same millisecond produce identical prefixes.

Pseudo‑randomness : Math.random() is not cryptographically secure and can, with a tiny probability, repeat values.

Conclusion: This method may work for low‑frequency use but is unsafe for production.

Misconception 2: Simple Increment Counter

Another idea is to keep a global counter.

This approach has clear drawbacks:

Statelessness : In a browser, refreshing the page resets the counter to zero.

Multiple tabs conflict : Each tab maintains its own counter, leading to identical ID sequences.

Conclusion: A pure increment counter is practically useless in browser environments.

Embrace Cryptography and Standards

The reliable solution is the built‑in crypto.randomUUID() method, which follows the W3C standard and generates RFC 4122 v4 UUIDs.

const uniqueId = crypto.randomUUID();
// Example output: "3a6c4b2a-4c26-4d0f-a4b7-3b1a2b3c4d5e"

Why crypto.randomUUID() is superior:

Extremely low collision probability : A v4 UUID contains 122 bits of randomness, making collisions virtually impossible.

Cryptographic security : It uses a CSPRNG, far stronger than Math.random() and unpredictable.

Standardized format : UUIDs are universally recognized across front‑end, back‑end, and databases.

Native, simple, performant : No external libraries are required; a single line of code suffices. crypto.randomUUID() is supported by all modern browsers (Chrome 92+, Firefox 90+, Safari 15.4+) and Node.js 14+, making it a safe default for new projects.