@Michael: You should check out the “version 4″ format of GUID allowed by RFC4122. That’s what the randomUUID.js script produces, and it is trivial to generate. It’s also a *much* more appropriate form for javascript where timestamps and unique values (based on IP address or whatever) are not available. It’s also has a much larger UUID “space” since 122 of the 128 bits are randomly generated.

Regarding your API, I think you can significantly simplify it by using the module pattern. This will let you make all the constants truely private. More importantly, you can make your log() method private as well, and thereby avoid clobbering any log method that users of your script may have defined.

With a 128-bit GUID, though, the probability of a collision is extremely low. There’s 32 bits for the timestamp (until 2038) and 96 left over. There’s also a counter sequence of several bits to ensure an individual client doesn’t collide with itself, leaving around 80-90 bits for randomness. So if you and someone else generate a timestamp in the same MILLISECOND, already very unlikely, you have a 1 in 2^86 chance of a collision. For most systems, such as the comments plugin I’m working on, this is something I can live with, and in many cases worth the trade-off over using an IP address. (Needs further back-of-the-napkin probability analysis!).

This all assumes a good random number algorithm. Since Javascript doesn’t actually let you seed randomness, that’s a serious concern, and it may be wise to use an API like this http://json-random.appjet.net/ where accessible.