Nanoid is a popular, tiny, and secure JavaScript library for generating unique string IDs ideal for various web development needs. Comparing versions 3.1.23 and 3.1.22 reveals subtle but potentially noteworthy changes for developers. Both versions share the same core functionality: creating URL-friendly, unique identifiers while maintaining a remarkably small footprint (around 108 bytes). They are both released under the MIT license and both created by Andrey Sitnik.
The key difference lies in the release dates. Version 3.1.23 was published on May 10, 2021, while version 3.1.22 arrived on March 15, 2021. This two-month gap suggests that version 3.1.23 likely incorporates bug fixes, performance enhancements, or minor feature adjustments not present in the earlier release. Other hint to upgrades are the differences in unpacked size, version 3.1.23 have 52693 while 3.1.22 have 52783. This is a suggestive that 3.1.23 have better code writing.
For developers, choosing between these versions depends on their tolerance for risk and need for the absolute latest improvements. If stability is paramount and a two-month-old version is acceptable, 3.1.22 remains a solid choice. However, developers seeking the most up-to-date bug fixes, performance tweaks, and potential refinements should opt for version 3.1.23. Reviewing the changelog or release notes (typically available on the Nanoid GitHub repository) would provide a detailed breakdown of the specific changes introduced in version 3.1.23, allowing developers to make an informed decision.
All the vulnerabilities related to the version 3.1.23 of the package
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:
Version 3.3.8 and 5.0.9 are fixed.
