[tatersolid]

JavaScript Math.random() should never be used for UUID generation. You will get collisions even at small scale.

window.crypto.getRandomValues() should be used instead.

The quality and seeding of Math.random() is implementation-dependent and not generally good enough everywhere to prevent collisions. Many seed with the just the system time.

Source: I have personally seen such collisions in a production web app with 700k users. A Web search for “Javacsript GUID collision” shows that many others have as well. We switched to the cryptographic generator and the collisions disappeared.