So I read this article which is a response to this article recently. The reaction article is what triggered me to write this post.

This will be a quick post about why you should not make your own identifiers if you can and also if you need to have an identifier that is easy to communicate with/about for clients base it on something that is still very much unique.

I recently ran into the unsolvable issue that if you ran an npm audit on a React or Angular framework project, it would give back an error because of this CVE. Now the solution was to go to a lower dependency for one of the scripts, but that lower dependency had other high vulnerabilities and so you were in an endless cycle and could not fix it.

There was a problem on a server we did not control. It was managed by a third party and we only got a service account. Since things were down and I did not have full root access I got a bit annoyed waiting for them to respond back.

I decided to take matters into my own hands.