UUID v4 vs UUID v7 vs ULID vs NanoID: Which Should You Use?

By Codcompass Team·2026-06-01·8 min read

Engineering Unique Identifiers: A Performance-Driven Guide to Modern ID Schemes

Current Situation Analysis

Unique identifiers are rarely treated as architectural components during early development. Teams default to UUID v4 out of habit, treating the identifier as an opaque string that simply needs to be "different." This mindset creates silent technical debt that surfaces only when write throughput scales, storage costs climb, or public-facing URLs become unwieldy.

The core problem is that identifier generation directly impacts three critical system layers: storage engine efficiency, network payload size, and cross-service interoperability. Random identifiers like UUID v4 cause severe B-tree index fragmentation in relational databases. Every insert lands in a random leaf page, triggering page splits, increasing write amplification, and bloating the write-ahead log (WAL). In high-write OLTP workloads, this can degrade insert performance by 30–40% compared to sequential or time-ordered keys.

This issue is frequently overlooked because ORMs abstract away the physical storage format, and developers rarely benchmark ID generation strategies under load. The industry only recently standardized time-ordered identifiers with RFC 9562 (2024), which explicitly addresses B-tree fragmentation by embedding a millisecond-precision Unix timestamp in the first 48 bits. Meanwhile, alternative schemes like ULID and NanoID emerged from community needs for brevity and URL safety, trading formal standardization for practical ergonomics.

Choosing an identifier scheme is no longer a stylistic preference. It is a capacity planning decision that dictates index health, storage costs, and API design constraints.

WOW Moment: Key Findings

The following comparison isolates the operational characteristics that actually matter in production systems. Most documentation lists features; this table maps those features to measurable system behavior.

Identifier Scheme	Lexicographic Sortability	Wire/Storage Length	Standardization Status	B-Tree Insert Efficiency	Collision Probability (1B IDs)
UUID v4	No	36 chars (16 bytes)	RFC 4122	Low (random page splits)	~1 in 2^122
UUID v7	Yes	36 chars (16 bytes)	RFC 9562	High (sequential leaves)	~1 in 2^80 per millisecond
ULID	Yes	26 chars (16 bytes)	Community spec	High (sequential leaves)	~1 in 2^80 per millisecond
NanoID	No	21 chars (config)	Community spec	N/A (not for PKs)	~1 in 2^126 (default 21 chars)

Why this matters: Sortability is the primary driver of index health. Time-ordered schemes (v7, ULID) guarantee that newer records append to the rightmost leaf of a B-tree, eliminating random page splits and reducing WAL volume. Length directly impacts storage overhead and network latency; a 26-character ULID saves 28% of the wire payload compared to a v4 UUID. Standardization dictates ecosystem maturity: RFC-backed schemes integrate natively into database drivers and language standard libraries, while community schemes require explicit dependency management. Understanding these trade-offs allows teams to align identifier selection with actual workload characteristics rather than defaulting to historical conventions.

Core Solution

Implementing a robust identifier

strategy requires more than calling a generation function. It demands alignment between application logic, database storage types, and indexing strategies. The following implementation demonstrates a production-ready TypeScript approach that abstracts generation while optimizing for storage and query performance.

Step 1: Define a Type-Safe Generation Interface

Avoid scattering generation calls across services. Centralize the logic behind a unified interface that enforces consistent return types and allows runtime strategy switching.

export type IdentifierFormat = 'v4' | 'v7' | 'ulid' | 'nanoid';

export interface IdentifierGenerator {
  generate(): string;
  generateBuffer(): Buffer;
  getFormat(): IdentifierFormat;
}

Step 2: Implement Strategy-Specific Generators

Each scheme requires different underlying libraries. Wrap them to ensure consistent output and provide binary variants for database storage optimization.

import { v4 as uuidv4, v7 as uuidv7 } from 'uuid';
import { ulid } from 'ulid';
import { customAlphabet } from 'nanoid';
import { randomBytes } from 'crypto';

const NANO_ALPHABET = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_-';
const generateNano = customAlphabet(NANO_ALPHABET, 21);

export class V4Generator implements IdentifierGenerator {
  generate(): string { return uuidv4(); }
  generateBuffer(): Buffer { 
    const hex = this.generate().replace(/-/g, '');
    return Buffer.from(hex, 'hex');
  }
  getFormat(): IdentifierFormat { return 'v4'; }
}

export class V7Generator implements IdentifierGenerator {
  generate(): string { return uuidv7(); }
  generateBuffer(): Buffer {
    const hex = this.generate().replace(/-/g, '');
    return Buffer.from(hex, 'hex');
  }
  getFormat(): IdentifierFormat { return 'v7'; }
}

export class UlidGenerator implements IdentifierGenerator {
  generate(): string { return ulid(); }
  generateBuffer(): Buffer {
    const str = this.generate();
    // ULID uses Crockford Base32; decode to 16-byte binary
    const decoded = Buffer.alloc(16);
    let val = 0n;
    for (let i = 0; i < str.length; i++) {
      const charCode = str.charCodeAt(i);
      const digit = charCode >= 48 && charCode <= 57 ? charCode - 48 :
                    charCode >= 65 && charCode <= 86 ? charCode - 55 :
                    charCode >= 97 && charCode <= 122 ? charCode - 87 : 0;
      val = (val << 5n) | BigInt(digit);
    }
    for (let i = 15; i >= 0; i--) {
      decoded[i] = Number(val & 0xFFn);
      val >>= 8n;
    }
    return decoded;
  }
  getFormat(): IdentifierFormat { return 'ulid'; }
}

export class NanoIdGenerator implements IdentifierGenerator {
  generate(): string { return generateNano(); }
  generateBuffer(): Buffer { return Buffer.from(this.generate(), 'utf8'); }
  getFormat(): IdentifierFormat { return 'nanoid'; }
}

Step 3: Architectural Rationale for Storage & Indexing

String representation is convenient for debugging but inefficient for storage. PostgreSQL, MySQL, and SQLite all support native 16-byte binary UUID types. Storing identifiers as UUID or BYTEA(16) reduces storage footprint by 50% compared to VARCHAR(36) and accelerates index scans due to smaller page sizes.

When using time-ordered identifiers (v7 or ULID), configure primary keys as CLUSTERED or PRIMARY KEY without additional sorting indexes. The natural insertion order matches the B-tree leaf progression, eliminating the need for secondary sort columns. For NanoID or v4, avoid using them as primary keys in high-write tables. Instead, use them for public-facing references while maintaining an internal sequential surrogate key for joins and foreign constraints.

Step 4: Factory Pattern for Runtime Selection

Environment-driven configuration prevents hardcoding generation strategies.

export class IdentifierFactory {
  private static instance: IdentifierGenerator;

  static initialize(strategy: IdentifierFormat): void {
    switch (strategy) {
      case 'v4': this.instance = new V4Generator(); break;
      case 'v7': this.instance = new V7Generator(); break;
      case 'ulid': this.instance = new UlidGenerator(); break;
      case 'nanoid': this.instance = new NanoIdGenerator(); break;
      default: throw new Error(`Unsupported identifier format: ${strategy}`);
    }
  }

  static generate(): string { return this.instance.generate(); }
  static generateBinary(): Buffer { return this.instance.generateBuffer(); }
  static getStrategy(): IdentifierFormat { return this.instance.getFormat(); }
}

This architecture isolates generation logic, enables binary storage optimization, and allows strategy swaps without touching business logic. It also provides a single interception point for monitoring generation latency and collision rates.

Pitfall Guide

1. String Storage Overhead

Explanation: Storing UUIDs as VARCHAR(36) or TEXT consumes 36 bytes per row plus overhead. Indexes built on string columns require more memory and suffer slower comparison operations. Fix: Always use native binary types (UUID, BINARY(16), or BYTEA). Convert to string only at the API boundary.

2. Ignoring B-Tree Fragmentation

Explanation: Random v4 inserts force the database to split pages frequently, increasing WAL volume and causing index bloat. This manifests as rising pg_stat_user_indexes idx_scan vs idx_tup_read ratios and slower vacuum cycles. Fix: Reserve v4 for low-write reference tables. Use v7 or ULID for transactional primary keys. Monitor pgstattuple or SHOW INDEX fragmentation metrics quarterly.

3. NanoID Length Misconfiguration

Explanation: Shortening NanoID to 10–12 characters for "cleaner" URLs drastically increases collision probability. The birthday paradox dictates that collision risk scales quadratically with ID count. Fix: Maintain ≥21 characters for public-facing resources. If shorter IDs are mandatory, implement a retry loop with exponential backoff and log collision attempts for capacity planning.

4. Timestamp Leakage Assumptions

Explanation: v7 and ULID embed creation timestamps. While useful for debugging, this exposes system activity patterns and can violate privacy requirements if identifiers are exposed externally. Fix: Use v4 or hash the identifier (e.g., SHA-256 truncated) when anonymity is required. Document timestamp exposure in API contracts.

5. ORM Mapping Mismatches

Explanation: Many ORMs default to string UUID mapping. When the database stores binary, type coercion failures occur during inserts or joins, causing silent data corruption or query planner degradation. Fix: Explicitly configure dialect adapters. In Prisma, use @db.Uuid. In TypeORM, set type: 'uuid'. Verify generated SQL uses binary literals, not hex strings.

6. Distributed Clock Drift

Explanation: Time-ordered identifiers rely on system clocks. In distributed deployments, unsynchronized clocks cause out-of-order IDs, breaking lexicographic guarantees and causing index fragmentation. Fix: Enforce NTP/chrony synchronization across all nodes. Add a node identifier or process ID to the random bits if millisecond collisions are a concern. Validate clock skew during deployment health checks.

7. Over-Engineering Custom RNG

Explanation: Building custom identifier generators using Math.random() or weak PRNGs introduces predictable patterns and collision vulnerabilities. Fix: Always use cryptographically secure random number generators (CSPRNG). Rely on audited libraries (uuid, nanoid, ulid) rather than rolling custom implementations.

Production Bundle

Action Checklist

Audit existing tables: Identify high-write tables using v4 UUIDs as primary keys and plan migration to v7/ULID.
Standardize storage types: Replace VARCHAR(36) columns with native UUID or BINARY(16) across all schemas.
Configure index strategies: Remove redundant sort indexes on time-ordered primary keys; verify B-tree leaf progression.
Implement generation factory: Centralize ID creation behind a strategy pattern to enable runtime switching and monitoring.
Validate clock synchronization: Ensure all application nodes run NTP/chrony with <10ms drift tolerance.
Test collision thresholds: Simulate 100M ID generations per service to verify collision rates under expected load.
Document exposure policies: Define which identifier schemes are safe for public URLs versus internal references.

Decision Matrix

Scenario	Recommended Approach	Why	Cost Impact
High-write OLTP primary key	UUID v7	Sequential inserts minimize page splits and WAL volume	Reduces storage I/O by ~30%
Public-facing resource URLs	NanoID (21 chars)	Compact, URL-safe, no special character encoding	Lowers bandwidth costs
Event-sourced audit logs	ULID	Lexicographic sortability + human-readable Crockford base32	Simplifies log aggregation
Legacy system integration	UUID v4	Maximum ORM/driver compatibility without schema changes	Zero migration overhead
Storage-constrained IoT devices	NanoID (16 chars)	Minimal payload size for constrained networks	Reduces transmission costs
Privacy-sensitive user tokens	UUID v4 + SHA-256 hash	Removes timestamp leakage while maintaining uniqueness	Adds negligible CPU overhead

Configuration Template

// src/config/identifier.config.ts
import { IdentifierFactory } from '../core/identifier.factory';

export function initializeIdentifierStrategy(): void {
  const strategy = (process.env.ID_GENERATION_STRATEGY || 'v7') as 'v4' | 'v7' | 'ulid' | 'nanoid';
  
  if (!['v4', 'v7', 'ulid', 'nanoid'].includes(strategy)) {
    throw new Error(`Invalid ID strategy: ${strategy}. Must be v4, v7, ulid, or nanoid.`);
  }

  IdentifierFactory.initialize(strategy);
  console.log(`[Identifier] Strategy initialized: ${strategy.toUpperCase()}`);
}

// PostgreSQL schema optimization example
/*
CREATE TABLE transactions (
  id UUID PRIMARY KEY,  -- Stores 16 bytes natively
  payload JSONB NOT NULL,
  created_at TIMESTAMPTZ DEFAULT NOW()
);

-- No additional sort index needed for v7/ULID
-- B-tree naturally appends to rightmost leaf
*/

Quick Start Guide

Install dependencies: npm install uuid ulid nanoid
Initialize the factory: Call initializeIdentifierStrategy() during application bootstrap, setting ID_GENERATION_STRATEGY=v7 in your environment.
Replace generation calls: Swap direct crypto.randomUUID() or ORM defaults with IdentifierFactory.generate() and IdentifierFactory.generateBinary().
Update database schema: Alter existing ID columns to native UUID type and verify ORM dialect configuration matches binary storage expectations.
Validate under load: Run a synthetic insert test (10k rows/sec) and monitor pg_stat_user_indexes for page split reduction and WAL volume stabilization.

🎉 Mid-Year Sale — Unlock Full Article

Base plan from just $4.99/mo or $49/yr

7-day free trial · Cancel anytime · 30-day money-back