Nanoid is a popular npm package renowned for generating tiny, secure, and URL-friendly unique string IDs. Comparing versions 3.1.21 and 3.1.20 reveals subtle yet potentially impactful changes beneficial for developers. Version 3.1.21, released on March 11, 2021, maintains the core functionality of its predecessor, offering a compact 108-byte footprint.
However, a notable difference lies in the dist object. Version 3.1.21 comprises 24 files with an unpacked size of 52591 bytes, a slight reduction in file count and unpacked size when compared with version 3.1.20, which packed 25 files totaling 57479 bytes after they were unpacked. This points to potential optimization done, which reduces the overall size.
Developers choosing between the two should note the slightly smaller unpacked size of version 3.1.21, offering a marginal improvement in install times and disk space usage. While the core functionality remains consistent, staying updated with the latest minor versions ensures access to the most recent optimizations and potential bug fixes and the release date is more recent. Both versions share the same MIT license and author, guaranteeing consistent usage rights and developer support. Choosing the last version allows you to have the last fixes and enhancement by default.
All the vulnerabilities related to the version 3.1.21 of the package
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:
Version 3.3.8 and 5.0.9 are fixed.
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
