npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@not-govuk/consent-cookies

v0.15.0

Published

Connect middleware to parse and set cookies only with user consent.

Downloads

301

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

daniel-ac-martindaniel-ac-martin

Keywords

Readme

NotGovUK - Consent-Cookies

Connect middleware to parse and set cookies only with user consent. This aids compliance with European regulations.

Also provides a session via a cookie. (Accessible by reading and writing to req.session.)

Tested on Restify but should work on other Connect-like systems such as Express.

Features

  • Essential cookies
  • Optional cookies with opt-in system
  • Sessions
  • Encryption (except when httpOnly is set to false)
  • Secure by default

Using this package

First install the package into your project:

npm install -S @not-govuk/consent-cookies

Then use it in your code as follows:

const restify = require('restify');
const consentCookies = require('@not-govuk/consent-cookies');

const myCookies = [
  {
    name: 'ga',
    description: 'Enables us to track you use of the site and helps us to optimise your experience.',
    group: 'Analytics',
    httpOnly: false
  },
  {
    name: 'seen,
    description: 'Allows us to know whether you have visited the site before.',
    group: 'Analytics'
  }
];

const httpd = restify.createServer();

httpd.use(consentCookies({ cookies: myCookies, secret: 'my-encryption-secret' }));

httpd.get('/', (req, res, next) => {
  const seen = req.cookies['seen'] || false;
  const message = (
    seen
      ? 'Hello!'
      : 'Welcome back.'
  );

  res.setCookie('seen', true);
  res.send(`<html><body>${seen}</body></html>`);
  next();
});

httpd.listen(8080, '0.0.0.0', () => {
  httpd.log.info('%s listening at %s', httpd.name, httpd.url);
});

Subsequent middlewares will be able to discover the cookies available for use via req.cookiesMeta as well as the current cookies of enabled cookies via req.cookies. New cookies can be set with res.setCookie().

consentCookies(options: object)

Provides a middleware that can be given to httpd.use().

Options object:

  • cookies: object A description of all the cookies your application uses. Only cookies described here will be available for reading and writing.
    • name: string The name of the cookie.
    • description: string A description of the cookies purpose. (To be shown to the user.)
    • group?: string The category that an optional cookie belongs to. e.g. 'Analytics'. If the cookie is mandatory, do not define this and the cookie will always be available.
    • httpOnly?: boolean = true Whether the cookie can be accessed on the client. Unlike other cookie options, this must be defined here and cannot be provided later, when setting the cookie. This is because consent-cookies will encrypt all httpOnly cookies as a security precaution and so needs to know whether to decrypt them when reading them.
    • Other cookie.serialize() options besides encode See: https://www.npmjs.com/package/cookie
  • secret: string A secret that is used to encrypt your cookies. You should ensure that you set this in production to ensure that they cannot be decrypted by an attacker. If you horizontally scale your application, you must ensure that the secret is shared between each instance, so that they can decrypt cookies that were set by other instances.
  • provideSession?: boolean = true Whether to provide a session at req.session. Set this to false if you do not require a session or if you wish to provide a session using a different middleware.
  • cookie.serialize() options besides encode and httpOnly These will become the defaults within your application. Note that we set some sensible defaults for your with a 'secure by default' mindset, so you should only need to provide these options in order to loosen up the security. See: https://www.npmjs.com/package/cookie

res.setCookie(name: string, value: any[, options: object])

Sets a cookie.

  • name: string The name of the cookie you wish to set. Note: If this cookie has not been consented to and is not mandatory, an exception will be thrown.
  • value: any The value you wish to set for the cookie. This can be anything that JSON.stringify can serialise but must fit within the size limits of cookies.
  • options: object Any cookie.serialize() option besides encode and httpOnly. (To set httpOnly you must declare it when initially describing the cookie.) See: https://www.npmjs.com/package/cookie

req.cookies

An object containing the data from all active cookies.

req.cookiesMeta

An object that contains a description of all supported cookies and whether the user has consented to them.

Working on this package

Before working on this package you must install its dependencies using the following command:

pnpm install

Building

Build the package by compiling the source code.

npm run build

Clean-up

Remove any previously built files.

npm run clean