In Node.js UUIDs should be used wisely.
UUIDs have been designed to provide an effective way to globally identify resources on the web. Since their introduction in 2005 (RFC 4122), they have been implemented natively by several programming languages, including Java and Python.
Node.js does not provide native support to UUIDs so far. Currently there are several NPM modules that provide this feature by implementing the algorithms proposed in the aforementioned RFC.
Though these packages work correctly and correctly generate valid UUIDs, they often make use of the crypto.randomBytes()method.
This method, according to the Node.js guides, negatively affects the Event Loop. In short, it simply blocks the Event Loop.
If you're using UUIDs on a private endpoint of your app, namely an internal route or path that cannot be accessed remotely and if you generate them only once on a regular time schedule, then you can manage this performance glitch quite easily.
But if you want to create them dynamically on a public endpoint, then you're exposing your site to a potential DOS attack. This kind of attack follows the same pattern of a ReDOS attack because both attacks exploit a blocking state in the Event Loop.
UUIDs have been designed to work globally on the whole web. If you're using them to identify your users or any other kind of internal resources of your site or app, you're using them in the wrong way.
