feat: add parse/stringify/validate/version/NIL APIs

[ctavan]

@broofa should we just merge this into master and release as 8.2.0? As far as I can tell it only adds new features, no breaking changes. Or do I miss something?

Closes #475
Closes #478
Closes #480
Closes #481

[ctavan]

BTW we still need documentation in the README.

[broofa]

@ctavan: Agreed. As you said, there's no breaking changes.

I'll update the README. Also, I'm going to go ahead and add a NIL_UUID constant as well, per discussion in #475. In thinking further, I don't see much down side to that.

[broofa]

@ctavan Updated the README.

• Added docs for new methods
• Added API Summary section to show the API surface in one glance.
• Reduced "quick start" section down to just the bare minimum for v4 generation since that's the 80+% use case...
• ... and users can refer to the examples in the API docs for how to create other versions of UUID.
• Put method args, returns, and errors into tables

Note: I also made one minor functional change. stringify() now validate()s generated uiud strings to ensure they're valid. Previously you could hand it any bytes and it would blindly stringify, even if the result wouldn't pass validate(). I feel this is in keeping with the "this module follows the RFC" philosophy we've had but it wouldn't surprise me if/when someone complains about it.

[broofa]

Okay, I'm happy with this, but maybe get a sanity check review from @TrySound?

[TrySound]

Everything looks great

[ctavan]

@broofa this looks awesome, thanks a lot 👏

I've made some minor consistency adjustments to the README myself.

I still have 3 questions that we should address before merging this. Once merged I'd like to release this as a beta release and ask the people who wanted these features to try them out. Upon positive feedback I'll make the 8.2 release.

[ctavan]

Will these tests run in parallel? Shouldn't we rather ensure that they are run in series?

[broofa]

Will these tests run in parallel? Shouldn't we rather ensure that they are run in series?

I believe Benchmark.js runs synchronously, so these do run in series. (At least, that's what I see when I do cd examples/benchmark; node benchmark.js.)

[ctavan]

Changes look good. What about my comment regarding the benchmark parallelism?

[zaggino]

@broofa @ctavan I upgraded package from 8.2.0 to 8.3.0 and this should be marked as a breaking change (major) update. Before the routine would work:

import { v5 as uuidv5 } from 'uuid';

const UUID_V5_NAMESPACE = '00112233-4455-6677-8899-aabbccddeeff';

function getUuidHash(str: string) {
  return uuidv5(str, UUID_V5_NAMESPACE);
}

Now after update it throws an error:

TypeError: Invalid UUID

[ctavan]

@zaggino the RFC requires the namespace to be a valid UUID. It's true that up to 8.2.0 we did not verify that the passed namespace was a truly valid UUID, and we added this check in 8.3.0. However this should rather be considered a bug fix than a breaking change since the behavior before was counter the RFC.

Can you update your code to pass only valid UUIDs as namespaces? A valid UUID must match this regex:

uuid/src/regex.js

Line 1 in ade3655

export default /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000)$/i;

I.e. it must either be the NIL UUID or it has the UUID version after the second hyphen (in your example there's a 6 which is not a valid UUID version) and one of 89ab after the third hypen (you have an 8 in your example here, so this would be valid).

[zaggino]

I did update the code, but my concern was that a ^8.0.0 dependency which we had caused a break all over the application when a package-lock.json was refreshed.

From the RFC perspective, I agree on fixing this, but from a user-developer perspective - I never noticed any buggy behaviour before this, so was there ever an actual bug when a namespace which was not a 100% proper uuid was used?

[ctavan]

I think this can be a serious interoperability issue: if you have other libraries or programming languages that already do the right thing by validating the passed namespace UUIDs then the UUIDs generated from malformed namespaces with old versions of this library won’t be compatible with those other libraries/languages.

So as long as everything that ever has to deal with the v5 UUIDs generated off of bad namespace ids will always use the same flawed library there’s probably no problem, but as soon as you need to be interoperable this might cause very subtle and hard-to-find bugs.

[ctavan]

All that said I agree that it is maybe not the best developer experience to introduce such a change in a minor version bump. Unfortunately it’s out now and too late. Our assessment that this should be a non-breaking change for most developers was apparently wrong. We‘ll be more careful in the future. I’m sorry for the inconvenience.