You changed the spec to include:

To ensure sortability for IDs generated within the same millisecond, implementations should remember the most recently generated randomness string and increment the most significant character that is not the last character in the encoding.

I don't think you understand the impact of this change; it brings a whole lot of hurt into your world. For instance, you can't rely on wall-clock-time (which you fell for). Unless you can get a reliable, monotonic, strictly increasing timesource (which is (near?) impossible AFAIK in JS) you'll run into trouble later. Why? Because: wall-clock-time goes back (DST) / stands still (leap seconds are sometimes implemented as such) / does other weird stuff (and there's even more). Trust me, I know :wink: Sidenote: some systems may not even have 'ms-resolution' timers, something to consider too.

There's 80 bits of random data; I think it's safe to assume (even with the birthday paradox in mind) that the chance on a collision (within any, random, millisecond) is similar to the chance of a GUID collision. However, that would be if the ULID's would be spread evenly across time (which would, in effect, make a ULID similar or even equal to a GUID). So, given that ULID's are typically 'clustered' in a certain timespan the chance on a collision goes up. Worst-case would be a DST change + some other 'random event' that would cause the same 'millisecond'-point-in-time to exist (say) 3 or 4 times. The chance on a collision would increase a lot but (I haven't done the math yet) would still suffice for most purposes unless you're Google maybe and generating many millions or even billions of ULID's p/ms.

So I guess my advice is to leave that part out of the spec (and, let's be honest, this method is no beauty either (it could be improved but wouldn't be worth the trouble IMHO)) and keep implementations much simpler that way. You could compare a ULID it with a v4 UUID with the only difference that the first 6 bytes (48 bits) are reserved for a timestamp for better ordering. However, it does mean that, within the millisecond, the ordering is 'random' so that the spec may need to be more clear about it / reflect that fact.

Besides time, by the way, this tiny change in the spec also requires you to keep state between generating ULID's (so you'll need to keep the generator-object around for example), introduces chances for race conditions (multithreading; N threads generating ULID's will, without proper locking etc. inevitably generate exactly the same ULID's) and all other sorts of things that either need to be taken for granted (which will bite you in the *ss sooner than later) or need to be worked out / specified.

For inspiration about some more of the problems you might run into you might want to look at Twitter's Snowflake (retired but still available) or have a look at my "Snowflake-alike" IdGen. Both are 64 bit (actually 63*) equivalents of ulid.

* Come to think of it: You might also want to steer clear of the sign-bit; when systems would order on the (internal) 128 bit representation / byte-array (for 'speed') the order may 'break' as soon as the sign bit is set to 1. Twitter thought of it way before it happened but I think it's a good idea. Sacrificing 1 bit out of 128 should't be that much of a problem (though it does halve your "ulid-space" from 2^128 to 2^127).

I was/am doing a ulid .Net port (waaay more extensive than fvilvers', with all due respect!) and also implemented the binary form, created methods to convert to/from UUID's (since ULID's and UUID's are both 128 bit you can easily convert one to the other and vice versa). I also implemented a Parse(...) method and some others and ~~will publish on GitHub very soon~~ have put it on GitHub. There are some things I thought of / came across which might need 'agreement' and be put in the spec:

• ~~ulid's are, IMHO, case-insensitive (e.g. NOT case-sensitive)~~ We seem to agree on that; missed it in your README :stuck_out_tongue:
• We may want to allow / think about / specify a(n optional?) separator for readability. No { and } mess like (G/U)UID's but something like ttttt-ttttt-rrrrrr-rrrrr-rrrrr (lengths 5-5-6-5-5) might make ulid's more readable. Other formats/separators are ofcourse a possibility (as well as none of this ofcourse; I'm just bringing my ideas to the table)
• You/we may want to decide on pronunciation and document it: "you-lid"? "you-el-i-dee"? "uhl-id"? Something else? You/we want to avoid the GIF's "Jif" v.s. "Gif" wars
• Besides the pronunciation, same goes for a "standardized" writing. I catch myself writing ulid, ULID, UlId, ... so that may have to be standardized too
• I had more... but can't think of it now. Will add here / open new issue when I think of it.

So far, for now, another $0.02 of mine :stuck_out_tongue_closed_eyes:

Edit: FYI; I just released V1.0 of NUlid. :tada: Maybe you can add it to your list of community contributed ports?

Hey everyone,

I've added a column in the readme for binary implementations in your libraries. If you have implemented it, please let me know here or submit a PR so I can add the ✓!

@SuperPaintman @savonarola @merongivian @imdario @Lewiscowles1986 @ararslan @RobThree @fvilers @mdipierro @rafaelsales

Installing the entire Node.js as a dependency is ... inefficient to say the least.

None of the Python libraries seem to provide CLI interface.

Is there a recommended program?

I need ulid ID as part of a build process.

I'm just wondering, did you find a monotonic strict increasing clock source for the timestamp generation? Otherwise there's a small change at high resolution scenarios where the time will be the same, we could get an equal time and then the ids are not strictly ordered. Compare with: https://github.com/boundary/flake And with reference to: http://learnyousomeerlang.com/time

On a single machine it should be possible with just a counter though, but then you need to keep state of the old counter somewhere. If the OS could provide this counter, it would be much easier.

Since you are switching to Typescript, you can remove the manual code for the "UMD" wrapper and instead use ES2015 exports and let Typescript build your module wrappers for you with compile options in the tsconfig.json.

Also, you can remove index.d.ts if you already have an index.ts as Typescript will refer to that for its own definitions instead. (In fact the error I'm seeing with recent npm version is that the current index.ts is not a module and cannot be imported (because of the manual module wrapper confusing Typescript's type senses.)

I'd be happy to help with a PR if you would like, but this is the sort of thing might be better to do as learning experience, so I'll leave that up to you.

This is related to #54.

When building projects using webpack it is common to exclude the node_modules folder from transpiration because this causes the build times to sky rocket (especially in projects with big dependency trees).

It should be safe to assume that a package was transpiled so it runs on ES5, to cut down on transpilation times.

The ulid package does seem to have a transpiled UMD bundle in lib/index.umd.js, which webpack supports. The error we saw in #54 (and which I'm seeing in my projects) is due to webpack not picking up on this transpiled bundle, because by default it tries the module alias fields in this order:

1. browser
2. module
3. main

The package.json of ulid contains the following relevant fields:

  "main": "./lib/index.umd.js",
  "module": "./lib/index.js",

So, module is being picked up before main by webpack, causing builds to break. As you've said, adding transpilation (and enabling it for node_modules) should fix the problem. I propose however, that you add a browser field, so by default webpack builds will work as well:

  "main": "./lib/index.umd.js",
+ "browser": "./lib/index.umd.js",
  "module": "./lib/index.js",

I've tested it locally and my webpack build works when these changes are applied.

I would like to create a ULID using a negative timestamp so when sorted in lexicographical order we get a descending sort. However it seems, at least in the nodejs implementation, that an error is thrown if I specify a negative timestamp.

Ulid is defined as 128 bit binary and base32 is a 5 bit space.

So if you divide 128/5 = 25.6 so if 80 bits / 16 chars is random them time is 10 chars / 50 bits 80 bits + 50 bits = 130 bits !!

So when decoding a 26 chars to 16 octets you will have data-loss When encoding back from octets to chars you will have missing data

Specs is not clear what to do. Time atm is zero padded so from octets to chars you can assume the 2 extra bits are zero to the left of the 128 and on decoding you have to trim the 2 bits from the left before anything.

Use case:

If I store the ULID in the DB and I can retrieve timestamp information from the ULID, I won't need to store a separate timestamp column anymore.

We discovered by accident in my team that the string version (26 characters of Crockford's base32) encodes 130 bits (26 * 5) rather than 128 bits. These extra two bits are correctly stripped by the implementations we've played with (Python, Julia, Golang).

See for example: https://github.com/oklog/ulid/issues/9

This means that there are four string encodings mapping to the same binary ULID, for every ULID.

This is not something you encounter generating them normally, since you will always generate them with a timestamp of right now. But in our random fuzz testing of an internal API, we encountered them.

As an implementation side note, I would recommend rejecting string ULIDs with a prefix above 7 (a ULID beginning with 8 has the same binary as one beginning with 0) with an error rather than parsing them.

I need a way to be able to migrate my old database to use ulid. In order for me to do that, I need to be able to seed the time component so that I can still sort the migrated data and new data using the id.

The name of the global namespace varies in different execution environments. The self keyword allows accessing crypto in both the browser and WorkerGlobalScope (web workers/service workers), whereas window only works for the browser. This change allows the library to work in more environments than previously.

References

Window.self WorkerGlobalScope.self Web APIs available in Workers

Bumps marked from 0.3.6 to 0.3.19.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

in order to detect the browser, you need to take into account that the code can be executed in the worker and there is no window, but there is self

root = typeof window !== "undefined" ? window : null;

should be rewritten as

root = self instanceof Window || self instanceof ServiceWorkerGlobalScope || self instanceof Worker ? self : null;

Bumps path-parse from 1.0.5 to 1.0.7.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps lodash from 4.17.4 to 4.17.21.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.