Generate a Random String in Node.js or JavaScript

Generating random strings in Node.js or JavaScript is useful in various situations. For example, when generating an application or encryption key you want to create random strings with a minimal chance of duplication or collision.

This tutorial shows you two ways to create a random string with JavaScript.

Node.js Series Overview

1. Use the @supercharge/strings Package

The @supercharge/strings package is a helpful hand when working with strings. It also comes with a method to generate a random string. At first, you must install the package as a dependency in your project:

npm i @supercharge/strings  

Generating a random string using @supercharge/strings is pretty straightforward: import the package and call the static .random() method creating a random, URL-friendly string value:

const Str = require('@supercharge/strings')

const random = Str.random()  
// 'zONHF73w_4M3cmv7GZpXG'

const random_WithFiftySymbols = Str.random(50)  
// 'iO3quoYg265hlzq30E8RelQc0LOKle4R0yk6CMbgeHgGNcm_mR'

The generated string is URL-friendly because the package uses an alphabet that contains a well-defined symbol set to avoid side-effects, like the backslash as an escaping character.

The random string contains 21 symbols by default. You can customize the size by passing a number as an argument to Str.random(size).

Pro - generates URL-friendly, random strings - customizable the string length - expressive interface

Contra - extra dependency for your project

2. Use Node.js Crypto

Another option is the usage of Node.js’ crypto module. The Crypto.randomBytes() method generates cryptographically strong pseudo-random data for a given number of bytes. You may then transform the random data to a string value and slice it to comply with the given size:

const Crypto = require('crypto')

function randomString(size = 21) {  
  return Crypto
    .slice(0, size)

// '/VuPgyBlk/aZjPADhMqQk'

Be careful when converting the random data to a base64 string because this string may contain characters like the forward-slash which could have side-effects in your app.

Pro - native Node.js functionality - customizable the string length - generates a URL-friendly string when using .toString('hex')

Contra - no URL-friendly when using .toString('base64‘) because it may contain chars like a forward slash (/) - using .toString('hex') reduces the alphabet to numbers and the lowercase characters a-e

Which Way Should You Go?

We prefer the @supercharge/strings package to avoid any issues with symbols that may cause issues in our applications.

If you want to avoid an external dependency, use the Node.js crypto module.

Mentioned Resources

Explore the Library

Find interesting tutorials and solutions for your problems.